[seam-issues] [JBoss JIRA] Commented: (JBSEAM-3629) Since Seam v2.1.0, httpServletRequest.getUserPrincipal() is always returning null when using plain J2EE security
[
https://jira.jboss.org/browse/JBSEAM-3629?page=com.atlassian.jira.plugin....
]
Markos Fragkakis commented on JBSEAM-3629:
------------------------------------------
What if someone wants to use the J2EE security to populate the Seam Identity?
For example, I have a WebLogic authenticator, which I would like to "populate"
the Seam Identity. Then I would be able to use it within the application to restrict
access. How would this work?
Since Seam v2.1.0, httpServletRequest.getUserPrincipal() is always
returning null when using plain J2EE security
----------------------------------------------------------------------------------------------------------------
Key: JBSEAM-3629
URL: https://jira.jboss.org/browse/JBSEAM-3629
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.1.0.GA
Environment: Seam v2.1.0GA, WebSphere v6.1.0.17 (Without EJB3 FP), RF v3.2.2,
facelets 1.1.14, JSF RI 1.2_09
Reporter: Denis Forveille
Assignee: Dan Allen
Priority: Critical
Fix For: 2.1.1.CR2
Since v2.1.GA, it is not possible to use plain J2EE security.
Now, httpServletRequest.getUserPrincipal() always return null and also
@In
UserPrincipal principal;
does not work
This is not working because the http request is wrapped in IdentityRequestWrapper (in
IdentityFilter) and its getUserPrincipal() method is reading principal variable on
Identity component.
httpServletRequest.getUserPrincipal() should work when seam security is not use, and so
we should have a way to "disable" Seam security
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira