问题
User successfully authenticated but after authentication when I go to next controller I got request.getUserPrincipal() null. I am using websphere 7 and my application is in spring mvc.
System.out.println("subject.getPrincipals(): " + subject.getPrincipals());
WSSubject.setRunAsSubject(subject);
After authentication in login controller subject.getPrincipals() returns principal but when I go to next controller I got request.getUserPrincipal() null.
web.xml
<security-role>
<role-name>Administrator</role-name>
</security-role>
<security-constraint>
<display-name>manager_Service</display-name>
<web-resource-collection>
<web-resource-name>manageservice</web-resource-name>
<url-pattern>/manageServiceList.htm</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
application.xml
<security-role>
<role-name>Administrator</role-name>
</security-role>
ibm-application-bnd.xml
<security-role name="Administrator">
<group name="Administrator" />
</security-role>
User belongs to Administrator group. All my deployment descriptors are set up well. Any idea where I am getting mistake?
回答1:
It seams that you are guarding only one url /manageServiceList.htm so if the user access an other url then there should be no principal at all.
回答2:
Creating and configuring custom JAAS login module solves problem. See Listing 4 here
Don't know what was the problem with my previous code.
来源:https://stackoverflow.com/questions/7795012/request-getuserprincipal-got-null