• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cannot take userPrincipal in JSP Filter

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I use WebSphere Application Server and a form based
authentication for user login to my Web Application.

In order to check authorization of the user i need to
use filter for JSP pages and Servlets.
For now I can insert the username into session object
and in my filter i check the authorization with the
username in the session.

I want to do it by using the HttpServletRequest getRemoteUser()
or getUserPrincipal() methods, but Filter interface's doFilter()
method takes ServletRequest object as parameter, and ServletRequest
object doesnot have getRemoteUser() and getUserPrincipal() methods
when i cast ServletRequest to HttpServletRequest, methods return
empty values.

I also tried to take the Caller Subject from current thread but
user seems unauthenticated in Filter.

Thanks.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure if it is the same in the current version of WAS, but the last time I used it, you could only get the UserPrinciple if the user was logged in and the resource was secured. I'm not entirelky sure how this would apply to Filters, but I'm guessing if the filter wasn't fired by a protected resource you won't see anything.

Dave
 
Mustafa Var
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is a good point Dave thanks

but there is a problem about trying that, i dont know
how to secure the filter. it seems that it would be
secured in application's policy file.

I m using WSAD to develop applications
when i add a filter (e.g myFilter) it adds also itself
to URL Mappings of that filter as /myFilter, i added the /myFilter
pattern to my secure resources but it is same as before.
user seems unauthenticated again.
 
Mustafa Var
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok It is solved.

Problem is that Dave said.
Thank you Dave.

the filtered JSP pages have to be defined in secure
resources. it didnt worked first time i added
but it works now when i added them again.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Phew
 
We must storm this mad man's lab and destroy his villanous bomb! Are you with me tiny ad?
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic