Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cannot take userPrincipal in JSP Filter

 
Mustafa Var
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I use WebSphere Application Server and a form based
authentication for user login to my Web Application.

In order to check authorization of the user i need to
use filter for JSP pages and Servlets.
For now I can insert the username into session object
and in my filter i check the authorization with the
username in the session.

I want to do it by using the HttpServletRequest getRemoteUser()
or getUserPrincipal() methods, but Filter interface's doFilter()
method takes ServletRequest object as parameter, and ServletRequest
object doesnot have getRemoteUser() and getUserPrincipal() methods
when i cast ServletRequest to HttpServletRequest, methods return
empty values.

I also tried to take the Caller Subject from current thread but
user seems unauthenticated in Filter.

Thanks.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure if it is the same in the current version of WAS, but the last time I used it, you could only get the UserPrinciple if the user was logged in and the resource was secured. I'm not entirelky sure how this would apply to Filters, but I'm guessing if the filter wasn't fired by a protected resource you won't see anything.

Dave
 
Mustafa Var
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is a good point Dave thanks

but there is a problem about trying that, i dont know
how to secure the filter. it seems that it would be
secured in application's policy file.

I m using WSAD to develop applications
when i add a filter (e.g myFilter) it adds also itself
to URL Mappings of that filter as /myFilter, i added the /myFilter
pattern to my secure resources but it is same as before.
user seems unauthenticated again.
 
Mustafa Var
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok It is solved.

Problem is that Dave said.
Thank you Dave.

the filtered JSP pages have to be defined in secure
resources. it didnt worked first time i added
but it works now when i added them again.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Phew
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic