Hi all,
Can someone let me know if this is a bug or the expected behavior?
When I use HttpServletRequest#login() to pass in user credentials, the
login works fine and a user principal is created. Within that same
request, I am now authenticated and can access resources that my
role(s) allows.
However, on each subsequent request, the user principal information is
lost. So I have no authentication session information and, to do
anything, would have to log in on every call to the server. Is this a
bug? I have a test case that shows this in a servlet (attached).
Loading the servlet the first time should output that a login call was
made and succeeded, along with the user principal's name. But when I
reload the servlet I see the same info rather than some output telling
me my identity.
Thanks,
Bobby