java request.getRemoteUser() 有时返回 null
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7205977/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
request.getRemoteUser() sometimes returns null
提问by user829237
I have a java-web-application using struts2 combined with old-style servlets. Using Acegi security.
我有一个使用 struts2 和旧式 servlet 的 java-web-application。使用 Acegi 安全性。
In my servlets, I'm logging what the user is trying to do and which user it is. To get the user im using request.getRemoteUser()
在我的 servlet 中,我记录了用户正在尝试做什么以及它是哪个用户。让用户即时使用request.getRemoteUser()
But to my big supprise, the result is not consistent. Most of the times the getRemoteUser()returns the correct username, but every once in a while i get a null-value.
但令我大吃一惊的是,结果并不一致。大多数时候getRemoteUser()返回正确的用户名,但每隔一段时间我都会得到一个空值。
What could be the reason behind this?
这背后的原因可能是什么?
EDIT:
After your feedback i have figured out that the servlet-urls are not covered by security at all. So that could cause getRemoteUser()to be null. I will now implement security for these and do some more testing before i post back the results.
编辑:在您的反馈之后,我发现 servlet-url 根本不受安全保护。所以这可能导致getRemoteUser()为空。我现在将为这些实现安全性,并在我发回结果之前做一些更多的测试。
采纳答案by lschin
Did login formfilter by Acegi Security (loginFormUrlof AuthenticationProcessingFilterEntryPoint) ?
难道登录表单由Acegi安全(过滤器loginFormUrl的AuthenticationProcessingFilterEntryPoint)?
If yes, get the logged in username by
如果是,请通过以下方式获取登录用户名
SecurityContextHolder.getContext().getAuthentication().getName();
回答by CoolBeans
getRemoteUser()will return the user logged in else it will return null.
getRemoteUser()将返回登录的用户,否则将返回空值。
What kind of authentication are you using (Jaas with basic/digest, etc)?
您使用的是哪种身份验证(带有基本/摘要等的 Jaas)?
Do you see this error for a particular URLs (servlets)? In that case that URL may have other security constraints.
您是否看到针对特定 URL (servlet) 的此错误?在这种情况下,该 URL 可能具有其他安全限制。
Another reason would be the client (browser) is not sending the user name with the request. That can happen if you are outside the URL tree that asked for the authentication.
另一个原因是客户端(浏览器)没有随请求发送用户名。如果您在要求进行身份验证的 URL 树之外,则可能会发生这种情况。
回答by Jeremy
The docsays why you're getting null:
该文档说,为什么你要空:
Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser and type of authentication. Same as the value of the CGI variable REMOTE_USER.
如果用户已通过身份验证,则返回发出此请求的用户的登录名,如果用户尚未通过身份验证,则返回 null。用户名是否随每个后续请求一起发送取决于浏览器和身份验证类型。与 CGI 变量 REMOTE_USER 的值相同。
You need to investigate the browser that's causing the problem.
您需要调查导致问题的浏览器。
