tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shac...@il.ibm.com
Subject Re: Q: problem with authentication
Date Thu, 03 Feb 2000 10:51:05 GMT



Martin,

>
> I'm trying to use http authentication with tomcat3.0.
> Method HttpServletRequest.getRemoteUser() alwais returns null.
>
> here is code:
> ------
>     public void service (HttpServletRequest request, HttpServletResponse
> response)
>         throws ServletException, IOException
>     {
>         String user=request.getRemoteUser();
>         if(user==null||user==""){
>             response.setHeader("WWW-Authenticate","Basic realm=\"My
> Realm\"");
>             response.sendError(401,"Unauthorized");
>             out.println("Text to send if user hits Cancel button\n");
>             return;
>         }
>

First the line if(...user=="") seems like a bug, you should code user.equals("")
instead.

As for the rest of the questions,

To have the remoteUser request property set tomcat need to implement container
managed security.
For all I know it is not implemented yet :-(, so your remoteUser should always
be null. What you should
do instead is implement the HTTP authentication yourself (bad I know, but this
is the current state of things)

Attached is a small servlet that implements HTTP basic auth, look at it if you
want (it used to work on
Jserv).

(See attached file: ProtectMeServlet.java)
     Gal Shachor



-------------------------------
Gal Shachor
IBM Research, Haifa Lab.
Email: shachor@il.ibm.com
Notes: Gal Shachor/Haifa/IBM@IBMIL
Phone: +972-4-8296164
Fax: +972-4-8550070
Address: IBM Haifa Research Lab, Matam, Haifa 31905, Israel

Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message