BTW, noCookies=false in my server.xml. Thanks, R. -----Original Message----- From: Roland Chan [mailto:[EMAIL PROTECTED]] Sent: May 29, 2002 1:28 PM To: 'Struts Users Mailing List' Subject: RE: Action classes/Form based authentication/ EJBs
Okay, I turned on my "prompt before adding cookies" in my browser and it appears that during form-based authentication a cookie is never being saved to my clients browser. Can anyone provide any sort of guidance here? Thanks, R. -----Original Message----- From: Struts Newsgroup [mailto:@[EMAIL PROTECTED]] Sent: May 29, 2002 4:10 AM To: [EMAIL PROTECTED] Subject: Re: Action classes/Form based authentication/ EJBs Subject: Re: Action classes/Form based authentication/ EJBs From: Torgeir Veimo <[EMAIL PROTECTED]> === Roland Chan wrote: > Hi There, > > Using BASIC authentication my action classes work like a charm. However, > when I switched to form based authentication calls to secured EJBs > present an "authentication exception, principal=null error". > > This is strange only because I know the principal exists and was > authenticated. What is stranger is my workaround: I can get the > authentication to work for my EJBs just by calling logging the > request.getRemoteUser() from within my action. Why should I need to do > this? I thought this sort of thing is handled by the container. This is probably a problem of lost session, either by the browser not sending the session cookie back or while using url rewriting and not properly wrapping an url sent back to the browser. Remember that when using basic authentication, the auth header is sent by the browser at every request, so it never looses the session. Using form based authentication requires the session to be intact, since you only authenticate once. -- -Torgeir -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
