You can obtain the UserPrincipal and other security details by going through the request or implementing PrincipalAware. Implementing PrincipalAware is preferred.
Go Through the Request
First obtain the HttpServletRequest and then obtain the security Principal.
HttpServletRequest request = ServletActionContext.getRequest(); String authType = request.getAuthType(); // http or https String user = request.getRemoteUser(); // the user principal (in string) Principalprincipal = request.getUserPrincipal(); // get a Principal object bool isAuth = request.isUserInRole("patrick");
Implement PrincipalAware
Preferred
- Ensure that
servlet-config
Interceptor is included in the Action's stack.- The default stack already includes
servlet-config
.
- The default stack already includes
- Edit the Action so that it implements the PrincipalAware interface.
- The PrincipalAware interface expects a
setPrincipalProxy(PrincipalProxy)
method. You may wish to include a companiongetPrincipalProxy
method.
- The PrincipalAware interface expects a
- At runtime, use the PrincipalProxy reference to invoke methods such as
isUserInRole
,getUserPrincipal()
,getRemoteUser()
,isRequestSecure()
, and so forth.
@see org.apache.struts.action2.interceptor.PrincipalProxy
@see org.apache.struts.action2.interceptor.PrincipalAware
@see org.apache.struts.action2.interceptor.ServletConfigInterceptor