All geek questions in one place

Request.getRemoteUser () sometimes returns null

I have a java-web application using struts2 in combination with old servlets. Using Acegi Security.

In my servlets, I log what the user is trying to do and what user he is. To get user im using request.getRemoteUser()

But to my great supprise, the result is not consistent. In most cases, getRemoteUser() returns the correct username, but each time I get a null value.

What could be the reason for this?

EDIT: After your feedback, I realized that servlet links are not protected at all. This can cause the value of getRemoteUser() to be zero. Now I will implement security for them and do some more tests before posting the results.

+4
source share
3 answers

Acegi Security login form filter ( loginFormUrl from AuthenticationProcessingFilterEntryPoint )?

If yes, enter your login name

 SecurityContextHolder.getContext().getAuthentication().getName();
+2
source

getRemoteUser() will return the user to the system, otherwise he will return null.

What authentication do you use (Jaas with basic / digest, etc.)?

Do you see this error for specific URLs (servlets)? In this case, this URL may have other security restrictions.

Another reason is that the client (browser) does not send the username with the request. This can happen if you are outside the URL tree requesting authentication.

+3
source

doc says why you get zero:

Returns the username of the user making this request if the user was authenticated, or null if the user did not authenticate. Regardless of whether a username is sent with each subsequent request, it depends on the browser and the type of authentication. Same as the value of the CGI REMOTE_USER variable.

You need to investigate the browser that is causing the problem.

+2
source

Source: https://habr.com/ru/post/1369171/

More articles:


All Articles