wood burning stoves*
The moose likes Servlets and the fly likes Losing user ID info between Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Losing user ID info between Servlets" Watch "Losing user ID info between Servlets" New topic
Author

Losing user ID info between Servlets

James Adams
Ranch Hand

Joined: Sep 12, 2003
Posts: 188
I have one servlet which is getting the user ID from request.getRemoteUser(). This works fine. This servlet is secured by virtue of being in the <web-resource-collection> in the web.xml. The authentication happens via a login form and JAAS.

However I have a second servlet which is also getting the user ID with request.getRemoteUser(), but when this servlet is called it gets null for the user ID. This happens when I call the second servlet right after the first servlet which is working, so the session must the same (and hence the same user ID I assume). I can't imagine why this info is being lost, I thought that this remote user info was the same for every request in the session.

Can anyone suggest what might be happening ? Is the user info not available for the second servlet because it is not part of the <web-resource-collection> entry ? Thanks in advance for any ideas.


-James
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I've encountered this problem due to a variety of causes, and you'll have to provide more information.

Have you verified that the session id is the same by printing it out?
Which app server are you using? Websphere will only return the remote user in secured directories, not unsecured ones.
Did you call the second servlet via the window.open() javascript? In IE this doesn't pass the session id so a new one is created.

Or any of a number of other causes!

Dave
James Adams
Ranch Hand

Joined: Sep 12, 2003
Posts: 188
It seems that the problem was that one servlet was being secured and the other was not, and the remote user information was only available to the servlet which was secured (by virtue of being in the <web-resource-collection> entry in web.xml). I have made the <url-pattern> match all resources (/*) and now the user info is available between all servlets and pages.

-James
 
jQuery in Action, 2nd edition
 
subject: Losing user ID info between Servlets
 
Similar Threads
How do you do basic Tomcat authentication from Swing?
security constraint with jsp forward
Path Not Reaching Servlet
Some brain-storming questions in security
Declarative Secruity