You can obtain the UserPrincipal and other security details by going through the request or implementing PrincipalAware. Implementing PrincipalAware is preferred.
Go Through the Request
First obtain the HttpServletRequest and then obtain the security Principal.
| Code Block | ||||
|---|---|---|---|---|
| ||||
HttpServletRequest request = ServletActionContext.getRequest();
String authType = request.getAuthType(); // http or https
String user = request.getRemoteUser(); // the user principal (in string)
Principalprincipal = request.getUserPrincipal(); // get a Principal object
bool isAuth = request.isUserInRole("patrick");
|
Implement PrincipalAware
Preferred
- Ensure that
servlet-configInterceptor is included in the Action's stack.
The default stack already includes servlet-config.
- Edit the Action so that it implements the PrincipalAware interface.
- The PrincipalAware interface expects a
setPrincipalProxy(PrincipalProxy)method. You may wish to include a companiongetPrincipalProxymethod.
- The PrincipalAware interface expects a
- At runtime, use the PrincipalProxy reference to invoke methods such as
isUserInRole,getUserPrincipal(),getRemoteUser(),isRequestSecure(), and so forth.
@see org.apache.struts.action2.interceptor.PrincipalProxy
@see org.apache.struts.action2.interceptor.PrincipalAware
@see org.apache.struts.action2.interceptor.ServletConfigInterceptor