This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am trying to authenticate the user using basic authenticatio with J_security_check and it successful in my local machine.
When i deploy the same application to the Test server authentication is successful and goes to login action class and when i try to get the user id
using request.getUserPrincipal(), it always returns me null. I am sure that i am in the required role.
Is your application a secured resource? By which I mean does it have <security-constraints /> defined and is security turned on on the test server? The Servlet specification mandates that the getUserPrincipal() method should return null in an unsecured application.
If what you say is correct, then WebSphere is departing from the specification - which would be a considerable surprise. I've never seen WAS return null for a thread running in a secure context after authentication is successful. Are you sure the server is configured correctly? If the application has security constraints defined correctly the only thing left that could go wrong is the server security configuration.
Joined: Jul 13, 2010
I should be able to find a work around. If i invoke the application from index.jsp(which is welcome page and redirects to Login.jsp) and the credentials coming well.
If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.