Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

USer credentials NULL

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am trying to authenticate the user using basic authenticatio with J_security_check and it successful in my local machine.
When i deploy the same application to the Test server authentication is successful and goes to login action class and when i try to get the user id
using request.getUserPrincipal(), it always returns me null. I am sure that i am in the required role.

Any help would be greatly appreciated.
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is your application a secured resource? By which I mean does it have <security-constraints /> defined and is security turned on on the test server? The Servlet specification mandates that the getUserPrincipal() method should return null in an unsecured application.
 
Kadapa Reddy
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, MY Server,application is secured and invoking the secured resource. AS i said it is working fine in my local machine which is connectd to the same LDAP as test server.
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If what you say is correct, then WebSphere is departing from the specification - which would be a considerable surprise. I've never seen WAS return null for a thread running in a secure context after authentication is successful. Are you sure the server is configured correctly? If the application has security constraints defined correctly the only thing left that could go wrong is the server security configuration.
 
Kadapa Reddy
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I should be able to find a work around. If i invoke the application from index.jsp(which is welcome page and redirects to Login.jsp) and the credentials coming well.
If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


If i invoke the application directly with Login.jsp, credentials coming as null even though Login.jsp is part of secured resource.


Is Login.jsp your login page? If so, this is no surprise that the principal is null - that page would only ever be called before authentication, so is in effect unsecured.
 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic