Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

USer credentials NULL

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I am trying to authenticate the user using basic authenticatio with J_security_check and it successful in my local machine.
When i deploy the same application to the Test server authentication is successful and goes to login action class and when i try to get the user id
using request.getUserPrincipal(), it always returns me null. I am sure that i am in the required role.

Any help would be greatly appreciated.
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is your application a secured resource? By which I mean does it have <security-constraints /> defined and is security turned on on the test server? The Servlet specification mandates that the getUserPrincipal() method should return null in an unsecured application.
 
Kadapa Reddy
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, MY Server,application is secured and invoking the secured resource. AS i said it is working fine in my local machine which is connectd to the same LDAP as test server.
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If what you say is correct, then WebSphere is departing from the specification - which would be a considerable surprise. I've never seen WAS return null for a thread running in a secure context after authentication is successful. Are you sure the server is configured correctly? If the application has security constraints defined correctly the only thing left that could go wrong is the server security configuration.
 
Kadapa Reddy
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I should be able to find a work around. If i invoke the application from index.jsp(which is welcome page and redirects to Login.jsp) and the credentials coming well.
If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.


Is Login.jsp your login page? If so, this is no surprise that the principal is null - that page would only ever be called before authentication, so is in effect unsecured.
 
You save more money with a clothesline than dozens of light bulb purchases. Tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic