Tomcat getuserprincipal null

Returns: an array of all the Cookies included with this request, or null if the request has no cookies getDateHeader long getDateHeader String name Returns the value of the specified request header as a long value that represents a Date object.

Use this method with headers that contain dates, such as If-Modified-Since. The date is returned as the number of milliseconds since January 1, GMT.

The header name is case insensitive. If the request did not have a header of the specified name, this method returns If the header can't be converted to a date, the method throws an IllegalArgumentException.

Parameters: name - a String specifying the name of the header Returns: a long value representing the date specified in the header expressed as the number of milliseconds since January 1, GMT, or -1 if the named header was not included with the request Throws: IllegalArgumentException - If the header value can't be converted to a date getHeader String getHeader String name Returns the value of the specified request header as a String.

If the request did not include a header of the specified name, this method returns null. If there are multiple headers with the same name, this method returns the first head in the request. You can use this method with any request header.

Some headers, such as Accept-Language can be sent by clients as several headers each with a different value rather than sending the header as a comma separated list.

If the request did not include any headers of the specified name, this method returns an empty Enumeration. Parameters: name - a String specifying the header name Returns: an Enumeration containing the values of the requested header.

If the request does not have any headers of that name return an empty enumeration. If the request has no headers, this method returns an empty enumeration. Some servlet containers do not allow servlets to access headers using this method, in which case this method returns null Returns: an enumeration of all the header names sent with this request; if the request has no headers, an empty enumeration; if the servlet container does not allow servlets to use this method, null getIntHeader int getIntHeader String name Returns the value of the specified request header as an int.

If the request does not have a header of the specified name, this method returns If the header cannot be converted to an integer, this method throws a NumberFormatException.

Returns: a String specifying the name of the method with which this request was made getPathInfo String getPathInfo Returns any extra path information associated with the URL the client sent when it made this request.

This method returns null if there was no extra path information. Returns: a String , decoded by the web container, specifying extra path information that comes after the servlet path but before the query string in the request URL; or null if the URL does not have any extra path information getPathTranslated String getPathTranslated Returns any extra path information after the servlet name but before the query string, and translates it to a real path.

If the URL does not have any extra path information, this method returns null or the servlet container cannot translate the virtual path to a real path for any reason such as when the web application is executed from an archive. The web container does not decode this string. The context path always comes first in a request URI. For servlets in the default root context, this method returns "".

The container does not decode this string. This method returns null if the URL does not have a query string. Returns: a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.

Whether the user name is sent with each subsequent request depends on the browser and type of authentication. To maintain as much independence as possible from the underlying LoginMethod implementation executed by JAAS, the following policy is implemented by this Realm:. All Rights Reserved. Object org.

LifecycleBase org. LifecycleMBeanBase org. RealmBase org. To maintain as much independence as possible from the underlying LoginMethod implementation executed by JAAS, the following policy is implemented by this Realm: The JAAS LoginModule is assumed to return a Subject with at least one Principal instance representing the user himself or herself, and zero or more separate Principals representing the security roles authorized for this user.

On the Principals representing the security roles, the name is the name of the authorized security role. This Realm will be configured with two lists of fully qualified Java class names of classes that implement java. Principal - one that identifies class es representing a user, and one that identifies class es representing a security role. As this Realm iterates over the Principals returned by Subject. It is a configuration error for the JAAS login method to return a validated Subject without a Principal that matches the "user classes" list.

Tomcat must be able to find an application with this name in the JAAS configuration file. RealmBase RealmBase. Lifecycle Lifecycle. Comma-delimited list of java. I think the behaviour is correct; if something is not in a security context, then it doesn't have an authenticated user, so there is no principal. If you have some user specific code in your page, then why aren't you defining it as protected?? My problem is mainly because I have to deal with additional security checks to be flexible.

We use Struts and want to declare security access at Action level. According to the J2EE spec controlling things like security settings should be a responsability of the deployer!? We use an extention of Struts that performs additional access control in the central controller servlet MVC based on a declarative configuration in struts-config. This is why I would like to be able to check the users identity in any page either protected or unprotected.

Any ideas on who to work around this?!? I know at least some other appl. My personal opinion is that JBoss-Tomcat4 should work exactly like JBoss-Tomcat3 did which would eradicate your problem However in the meantime the only thing I can suggest is that in your extension of the central controller servlet, shove the prinicipal name in the httpsession so you will have access to it in both protected and unprotected pages.

The only thing this does not cover is how to check the roles of a user on non-protected pages even if they're logged in. Of course, you could always go back to JBoss-Tomcat3, but that won't be a viable option for long especially if you want to use the latest Servlet spec's API.