This week's book giveaway is in the NodeJS forum.
We're giving away four copies of Serverless Applications with Node.js and have Slobodan Stojanovic & Aleksandar Simovic on-line!
See this thread for details.
Win a copy of Serverless Applications with Node.js this week in the NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • paul wheaton
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Ron McLeod
  • Tim Moores
  • salvin francis
  • Carey Brown
  • Tim Holloway
  • Frits Walraven
  • Vijitha Kumara

getUserPrincipal() returns null  RSS feed

Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found that I kept getting "null" from request.getUserPrincipal() or request.getRemoteUser().  I added

it started returning values.  The application is an internal web application and users only access it from our internal internet.  Can somebody help explain ?
Saloon Keeper
Posts: 5341
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If there is no such security constraint, then the servlet container assumes that the app is not interested in authenticating in user credentials - it doesn't ask for them, and it doesn't report on them.
Posts: 20576
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A null result from getRemoteUser or getUserPrincipal indicates that the remote user is not logged in.

A login will not occur unless the remote user attempts to access a URL designated as protected in web.xml or if server logic invokes the login() method (which was added somewhere around JEE 5 or 6). You cannot simply steer the user to a page designated as loginPage in web.xml - any direct attempt to access that page will not have had the proper login environment set up by the server before it was displayed, and the login code is part of the server, not the web application.

Finally, be very careful using "/*" as a protected URL pattern. If the login page contains references to protected URLs (for example, images, javascript files and the like), then you end up with a vicious cycle because the login page cannot be fully displayed until you're already logged in, since attempting to access image URLs etc. will itself trigger a login.
You've gotta fight it! Don't give in! Read this tiny ad:
global solutions you can do at home or in your backyard
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!