Home/ Questions/Q 7828169
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T10:14:19+00:00

I have created a LoggingFilter for Jersey and have it configured correctly in the

  • 0

I have created a LoggingFilter for Jersey and have it configured correctly in the web.xml. All works fine. When I do a “GET” I get the userPrincipal (request.getUserPrincipal()) but for a POST it returns null. I have written several REST services in java 1.4 on Websphere and could always get to the userPrincipal, but on Tomcat/1.6 I get the above. I am using Basic Auth. Is Jersey doing this? Or Tomcat?

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Lookup Resources</web-resource-name>
        <description>A set of secured resources.</description>
        <url-pattern>/rest/lookup/*</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>DataServ_Lookup</role-name>
        <role-name>DataServ_Admin</role-name>
    </auth-constraint>
    <!-- Comment this out for Dev.  It is a MUST for Prod... 
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>-->

</security-constraint>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Cudos to dma_k for leading me to my own insanity. As you can see above, there is no security constraint on the POST!

    I needed to add:<http-method>POST</http-method>. Doh!

    • 0