-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi,
I've discovered that if I use Spring security to perform authentication both ${execution.remoteUser} and Executions.getCurrent().getRemoteUser() yield 'null'. It looks like by bypassing the servlet container authentication mechanism the user information is missing in every request, for Executions.getCurrent().getNativeRequest().getRemoteUser() yields null as well, even if there's a valid http session active (which of course does not imply the 'user' has succeeded in any authentication process).
Being zk's Execution instances wrappers on the target container's requests and responses, isn't there any way to set up an username when authenticatin via Spring?
With kind regards
César Varona
It seems like JEE Web Container doesn't copy this information in HttpServletRequest.
can you provide more detailed message and which container you use?
you can do a simple test to see if a simple jsp page in your project can get the RemoteUser from EL.
As our experiences, WebLogic will cause this kind of problem if ZK Event Thread is activated.
You can turn off it by using the setting below in zk.xml:
<system-config> <disable-event-thread/> </system-config>
I'm using the maven 6.1.11 jetty plugin; curiously enough, after upgrading to zk 3.5.2 Execution.getRemoteUser() works fine with login via spring, so I guess it cannot be considered an issue any longer.
With kind regards
César Varona
I am facing the exact same issue as cvarona. I have a ZK 5.0.0 application running on Weblogic 11. Weblogic came along with Oracle Business Intelligence (OBI) 11g install.
Also, I have implemented Oracle Single sign-on. The ZK pages run inside the OBI dashboards.
Both Executions.getCurrent().getNativeRequest().getRemoteUser() and Executions.getCurrent().getNativeRequest().getRemoteUser() return null.
The WEB-INF/zk.xml has the below tag:
<system-config>
<disable-event-thread/>
</system-config>
Please suggest what else can be tried to come round this problem. thanks in advance!
As Ian has suggested. Can you write a simple JSP (NO ZK) page to check if getRemoteUser() works in your environment. What ZK Execution does is nothing more than just an encapsulation of the native HttpRequest.
Asked: 2008-12-06 17:45:37 +0800
Seen: 621 times
Last updated: Mar 11 '11