This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Websphere and the fly likes USer credentials NULL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "USer credentials NULL" Watch "USer credentials NULL" New topic
Author

USer credentials NULL

Kadapa Reddy
Greenhorn

Joined: Jul 13, 2010
Posts: 10
Hi All,

I am trying to authenticate the user using basic authenticatio with J_security_check and it successful in my local machine.
When i deploy the same application to the Test server authentication is successful and goes to login action class and when i try to get the user id
using request.getUserPrincipal(), it always returns me null. I am sure that i am in the required role.

Any help would be greatly appreciated.
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Is your application a secured resource? By which I mean does it have <security-constraints /> defined and is security turned on on the test server? The Servlet specification mandates that the getUserPrincipal() method should return null in an unsecured application.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Kadapa Reddy
Greenhorn

Joined: Jul 13, 2010
Posts: 10
Yes, MY Server,application is secured and invoking the secured resource. AS i said it is working fine in my local machine which is connectd to the same LDAP as test server.
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

If what you say is correct, then WebSphere is departing from the specification - which would be a considerable surprise. I've never seen WAS return null for a thread running in a secure context after authentication is successful. Are you sure the server is configured correctly? If the application has security constraints defined correctly the only thing left that could go wrong is the server security configuration.
Kadapa Reddy
Greenhorn

Joined: Jul 13, 2010
Posts: 10
I should be able to find a work around. If i invoke the application from index.jsp(which is welcome page and redirects to Login.jsp) and the credentials coming well.
If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.

Is Login.jsp your login page? If so, this is no surprise that the principal is null - that page would only ever be called before authentication, so is in effect unsecured.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: USer credentials NULL