File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Losing user ID info between Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Losing user ID info between Servlets" Watch "Losing user ID info between Servlets" New topic

Losing user ID info between Servlets

James Adams
Ranch Hand

Joined: Sep 12, 2003
Posts: 188
I have one servlet which is getting the user ID from request.getRemoteUser(). This works fine. This servlet is secured by virtue of being in the <web-resource-collection> in the web.xml. The authentication happens via a login form and JAAS.

However I have a second servlet which is also getting the user ID with request.getRemoteUser(), but when this servlet is called it gets null for the user ID. This happens when I call the second servlet right after the first servlet which is working, so the session must the same (and hence the same user ID I assume). I can't imagine why this info is being lost, I thought that this remote user info was the same for every request in the session.

Can anyone suggest what might be happening ? Is the user info not available for the second servlet because it is not part of the <web-resource-collection> entry ? Thanks in advance for any ideas.

David O'Meara

Joined: Mar 06, 2001
Posts: 13459

I've encountered this problem due to a variety of causes, and you'll have to provide more information.

Have you verified that the session id is the same by printing it out?
Which app server are you using? Websphere will only return the remote user in secured directories, not unsecured ones.
Did you call the second servlet via the javascript? In IE this doesn't pass the session id so a new one is created.

Or any of a number of other causes!

James Adams
Ranch Hand

Joined: Sep 12, 2003
Posts: 188
It seems that the problem was that one servlet was being secured and the other was not, and the remote user information was only available to the servlet which was secured (by virtue of being in the <web-resource-collection> entry in web.xml). I have made the <url-pattern> match all resources (/*) and now the user info is available between all servlets and pages.

I agree. Here's the link:
subject: Losing user ID info between Servlets
It's not a secret anymore!