OK, I'm sorry, I was thinking in your own authentication schema. I didn't notice.
> -----Mensaje original----- > De: Rustad, Aaron [mailto:[EMAIL PROTECTED] > Enviado el: sábado, 18 de octubre de 2003 18:20 > Para: 'Struts Users Mailing List' > Asunto: RE: Strange Security Problem > > > You are mistaken Carlos....getUserPrincipal() is part of the > Servlet Specfications...it should be the Application Server > that is fullfilling this request. > > AR. > > -----Original Message----- > From: Carlos Sánchez [mailto:[EMAIL PROTECTED] > Sent: October 18, 2003 10:20 AM > To: 'Struts Users Mailing List' > Subject: RE: Strange Security Problem > > > If you want the user name stored in the request (bad idea) it > must be sent in the form using a hidden field. > > You should store it in the session. Only submitted form > fields will be in the request. > > > > > -----Mensaje original----- > > De: Rustad, Aaron [mailto:[EMAIL PROTECTED] > > Enviado el: sábado, 18 de octubre de 2003 17:40 > > Para: '[EMAIL PROTECTED]' > > Asunto: Strange Security Problem > > > > > > I am encountering a strange security problem when trying to > > submit a form to an action. This JSP is as follows: > > > > <%= request.getUserPrincipal().getName() %> > > <form action="/edm/ebb/upload.do" method="POST"> > > <table width="75%" border="1"> > > <tr> > > <td><bean:message key="upload.from"/></td> > > <td><input type="text" name="from"/></td> > > </tr> > > <tr> > > <td><bean:message key="upload.to"/></td> > > <td><input type="text" name="to"/></td> > > </tr> > > <tr> > > <td><bean:message key="upload.version"/></td> > > <td><input type="text" name="version"/></td> > > </tr> > > <tr> > > <td><bean:message key="upload.file"/></td> > > <td><input type="file" name="input-data"></td> > > </tr> > > </table> > > <input type="submit" value="Submit"/> > > </form> > > <html:link forward="ups">upload</html:link> > > > > The strange thing is this: > > > > When this page is loaded, and I am ligitimatly logged in, the > > name of the UserPrincipal is displayed as it should be. > > However, if I submit the form, the appropriate action class > > is called, but when I invoke request.getUserPrincipal()...it > > returns null. Notice the last line of the HTML, it has a link > > that points to the same action class...when it is clicked, > > the principal is propogated to action and it is NOT null. > > > > Can anyone help me out with this? I would like the post to > > work correctly. > > > > Thanks! > > Aaron. > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]