|
Problem |
getRemoteUser() returns null even though
user is authenticated (entered valid userid and password at the browser).
Subsequent role checks will fail (eg. the isUserInRole() method).
This behavior only occurs when HTTP request is sent to the IBM HTTP
Server rather than the HTTP Transport Handler. |
|
|
|
Solution |
The following element structure
must be present in the deployment descriptor (web.xml in the WAR file) for
the Web application that is calling getRemoteUser():
<security-constraint>
<web-resource-collection>catalog</web-resource-collection>
<url-pattern>/catalog/*</url-pattern>
</security-constraint>
The URL specified in the <url-pattern>
element must match the request.
Without the above structure, the Web container
does not attempt to authenticate the request. The userid that he Web
container runs the request under is considered unauthenticated and
subsequent role checks (eg. isUserInRole() method) will fail.
Note: The WebAuth.UnauthenticatedUserSurrogate property in thewebcontainer.conf file
specifies the SAF UserID in which unauthenticated clients are to execute.
This must contain a valid SAF UserID. |
In WSAD (or a similar development tool) or the
AAT, add a <security constraint> along with a
<web-resource-collection> and <url-pattern> that matches the
application.
Related Information
- WebSphere Application Server
V4.0..1 for z//OS and OS/390: Assembling JAVA2 Platform,Enterprise
Edition(J2EE) Applications, SA22-7836
- z/OS WebSphere and Security
Handbook, SG24-6846
(Redbook)
Additional remarks
Request was authenticated in the IBM HTTP Server
(Protect directives or Userid %%CLIENT%% in
httpd.conf file) rather than in the
Web container. |
Internal Use
Only:
The Information in this field is for
internal use only and is not to be shared with customers. This information
will not be published to the Internet. |
|
|
|
 |
|
|
|
|
|