tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Q: problem with authentication
Date Thu, 03 Feb 2000 10:51:05 GMT


> I'm trying to use http authentication with tomcat3.0.
> Method HttpServletRequest.getRemoteUser() alwais returns null.
> here is code:
> ------
>     public void service (HttpServletRequest request, HttpServletResponse
> response)
>         throws ServletException, IOException
>     {
>         String user=request.getRemoteUser();
>         if(user==null||user==""){
>             response.setHeader("WWW-Authenticate","Basic realm=\"My
> Realm\"");
>             response.sendError(401,"Unauthorized");
>             out.println("Text to send if user hits Cancel button\n");
>             return;
>         }

First the line if(...user=="") seems like a bug, you should code user.equals("")

As for the rest of the questions,

To have the remoteUser request property set tomcat need to implement container
managed security.
For all I know it is not implemented yet :-(, so your remoteUser should always
be null. What you should
do instead is implement the HTTP authentication yourself (bad I know, but this
is the current state of things)

Attached is a small servlet that implements HTTP basic auth, look at it if you
want (it used to work on

(See attached file:
     Gal Shachor

Gal Shachor
IBM Research, Haifa Lab.
Notes: Gal Shachor/Haifa/IBM@IBMIL
Phone: +972-4-8296164
Fax: +972-4-8550070
Address: IBM Haifa Research Lab, Matam, Haifa 31905, Israel

  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message