Hi! Even tough I am logged on, I always get "null" on request.getUserPrincipal() when I am on pages outside the secured area. Is that a feature or a bug? It seems to be happening on WebLogic so I am assuming it's a feature. Is there anyway I can work around this? so anything outside the /secure directory returns me null.
this is my xml descriptor: <security-constraint> <web-resource-collection> <web-resource-name>Restricted</web-resource-name> <description>Secure Area</description> <url-pattern>/secure/*</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>Web</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>jdbcRealm</realm-name> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Web</role-name> </security-role> I would appreciate any help. Thank you, Felipe ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user