Martin,
>
> I'm trying to use http authentication with tomcat3.0.
> Method HttpServletRequest.getRemoteUser() alwais returns null.
>
> here is code:
> ------
> public void service (HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException
> {
> String user=request.getRemoteUser();
> if(user==null||user==""){
> response.setHeader("WWW-Authenticate","Basic realm=\"My
> Realm\"");
> response.sendError(401,"Unauthorized");
> out.println("Text to send if user hits Cancel button\n");
> return;
> }
>
First the line if(...user=="") seems like a bug, you should code user.equals("")
instead.
As for the rest of the questions,
To have the remoteUser request property set tomcat need to implement container
managed security.
For all I know it is not implemented yet :-(, so your remoteUser should always
be null. What you should
do instead is implement the HTTP authentication yourself (bad I know, but this
is the current state of things)
Attached is a small servlet that implements HTTP basic auth, look at it if you
want (it used to work on
Jserv).
(See attached file: ProtectMeServlet.java)
Gal Shachor
-------------------------------
Gal Shachor
IBM Research, Haifa Lab.
Email: shachor@il.ibm.com
Notes: Gal Shachor/Haifa/IBM@IBMIL
Phone: +972-4-8296164
Fax: +972-4-8550070
Address: IBM Haifa Research Lab, Matam, Haifa 31905, Israel
|