Hello,
I use WebSphere Application Server and a form based
authentication for user login to my Web Application.
In order to check authorization of the user i need to
use filter for
JSP pages and
Servlets.
For now I can insert the username into session object
and in my filter i check the authorization with the
username in the session.
I want to do it by using the HttpServletRequest getRemoteUser()
or getUserPrincipal() methods, but Filter interface's doFilter()
method takes ServletRequest object as parameter, and ServletRequest
object doesnot have getRemoteUser() and getUserPrincipal() methods
when i cast ServletRequest to HttpServletRequest, methods return
empty values.
I also tried to take the Caller Subject from current
thread but
user seems unauthenticated in Filter.
Thanks.