On Tue, 10 Aug 2004 09:15:49 -0400, Tom McCobb <[EMAIL PROTECTED]> wrote: > > > >One thing to double check is that your welcome page really does do a > >*redirect* to sessionStart.do, rather than a <jsp:forward>. The > >latter will not kick in the container managed security, because they > >are only applied on the URL that is originally requested from the > >client (which will be the one for the welcome page in this scenario). > > AHA! > > Any suggestions for poking the username into the session for alter > retrieval? I am trying a javascript function launched from the onSubmit > event on the form, and an intermediary jsp/form. Can I use a struts > form.action to store the username/pw and forward directly to the > j_security_check servlet?
You can retrieve the logged-in username by calling request.getRemoteUser() in some subsequent request. For security reasons, you cannot retrieve the password, unless your particular app server provides some proprietary mechanism. Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]