如果我检查httpservletrequest GetPrincipleUser()方法,我会在普通的java类中获得原理用户的值。但是,当我试图在servlet中获得原则用户的价值时,它是null。那么,有没有什么方法可以在servlet中获得主要用户的价值。
答案 0 :(得分:0)
有人在其他帖子中回答了这个问题。
只有将WebSphere Application Server配置为使用Web应用程序的JavaEE安全上下文时,它才会返回主体和远程用户。编辑您的web.xml以包含以下内容:
<security-constraint>
<display-name>userConstraint</display-name>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>user</description>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>secrole</description>
<role-name>user</role-name>
</security-role>
and redeploy your application. After deploying your application take a look at the application's settings in the Administrative Console. You will notice "User/role mapping". Add "all authenticated users from trusted realms" to the newly added role. Restart the application.
After that anonymous users can not access your applic`enter code here`ation anymore. Also, the getRemoteUser and other APIs will return the user properly.