I am using the combination of Tomcat/Jboss and am having problems when using webcontainer security (using j_security_check).
I have some resource protected in my web.xml (using <security-contraint> tag). Now when I try to acces this resource Tomcat presents me my loginform and validates my identify. If this is correct I will gain access to the secured resource. So far so good. Now I have a custom tag that verifies the role in which I am to display some pages differently. My tag nicely detects the users identity (using getUserPrincipal() method). Now when I go to a non-secured jsp-page, my tag returns null on getUserPrincipal?!?! When I switch to a secured jsp-page it does work and I receive the correct identity. I have the same behaviour in servlets. I was not expecting this behaviour and I really need to be able to determine the identity on these non-secured resources (both servlets and jsp). It there a setting that makes Tomcat behave in this way and is there a way to change this behaviour. Thanks, Erwin -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>