Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Losing user ID info between Servlets

 
James Adams
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have one servlet which is getting the user ID from request.getRemoteUser(). This works fine. This servlet is secured by virtue of being in the <web-resource-collection> in the web.xml. The authentication happens via a login form and JAAS.

However I have a second servlet which is also getting the user ID with request.getRemoteUser(), but when this servlet is called it gets null for the user ID. This happens when I call the second servlet right after the first servlet which is working, so the session must the same (and hence the same user ID I assume). I can't imagine why this info is being lost, I thought that this remote user info was the same for every request in the session.

Can anyone suggest what might be happening ? Is the user info not available for the second servlet because it is not part of the <web-resource-collection> entry ? Thanks in advance for any ideas.


-James
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've encountered this problem due to a variety of causes, and you'll have to provide more information.

Have you verified that the session id is the same by printing it out?
Which app server are you using? Websphere will only return the remote user in secured directories, not unsecured ones.
Did you call the second servlet via the window.open() javascript? In IE this doesn't pass the session id so a new one is created.

Or any of a number of other causes!

Dave
 
James Adams
Ranch Hand
Posts: 188
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems that the problem was that one servlet was being secured and the other was not, and the remote user information was only available to the servlet which was secured (by virtue of being in the <web-resource-collection> entry in web.xml). I have made the <url-pattern> match all resources (/*) and now the user info is available between all servlets and pages.

-James
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic