Craig McClanahan wrote:
On Tue, 10 Aug 2004 09:15:49 -0400, Tom McCobb <[EMAIL PROTECTED]> wrote:
One thing to double check is that your welcome page really does do a
*redirect* to sessionStart.do, rather than a <jsp:forward>. The
latter will not kick in the container managed security, because they
are only applied on the URL that is originally requested from the
client (which will be the one for the welcome page in this scenario).
AHA!
Any suggestions for poking the username into the session for alter
retrieval? I am trying a javascript function launched from the onSubmit
event on the form, and an intermediary jsp/form. Can I use a struts
form.action to store the username/pw and forward directly to the
j_security_check servlet?
You can retrieve the logged-in username by calling request.getRemoteUser() in some subsequent request. For security reasons, you cannot retrieve the password, unless your particular app server provides some proprietary mechanism.
Craig
Tom,
Just as a quick FYI - this isn't WebSphere specific security, per se. My understanding is that this is all part of the servlet specification. Tomcat supports it, as does any other servlet container. So, if you're looking for some documentation on things like getting the username, or figuring out what roles the user belongs to - check the servlet specification, or any book you have that talks about the servlet spec.
Brice
-- Brice Ruth, Sr. IT Analyst Fiskars Brands Inc http://www.fiskarsbrands.com/
