tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From LERBSCHER Jean-Pierre <>
Subject RE : Customizing BASIC authentication
Date Tue, 07 Sep 2004 17:08:51 GMT
For example, Spec 2.3 specifies
The getRemoteUser method returns the user name the client used for
authentication. If no user has been authenticated, the getRemoteUser method
returns null. 
getRemoteUser(): ... Whether the user name is sent with each subsequent
request depends on the browser and type of authentication.

-----Message d'origine-----
De : Robert Bateman [] 
Envoyé : lundi 16 août 2004 20:42
À : Tomcat Users List
Objet : Re: Customizing BASIC authentication

Someone please correct me if I'm wrong here...

Also be aware that non-protected pages will not provide you with a value to 
request.getRemoteUser().  I had assumed I could get the remote user from any

page once the user logged in, but it doesn't work as I expected.  I believe 
there *was* a bug report over on the TC bugzilla system and the response I 
remember was that the system was working as designed.


On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote:
> You can use request.getRemoteUser() to obtain the username.  The password
> is not really accessible except by examining the http headers.
> Jake
> At 11:21 PM 8/13/2004 -0400, you wrote:
> >Hi all,
> >
> >I've been spending the last few hours reading about realms,
> >valves, authenticators and the like, and I'm totally confused.
> >I'm hoping if I describe my situation, someone can help me
> >cut through the fog.
> >
> >I'm working on a simple web app that will feed custom RSS XML
> >to clients that must use basic authentication. In my application,
> >I need to do more than just look up users somewhere. Instead, the
> >login/password values returned via basic authentication headers will be
> > used in some fairly complex ways to both authenticate and then
> >construct the custom response.
> >
> >What is the simplest way to customize basic authentication
> >in Tomcat 4? It seems that realms are not the way to go, since
> >they just handle authentication and have nothing to do with the
> >request/response. Valves/authenticators seem like overkill. Form
> >based authentication is not an option.
> >
> >Can I have Tomcat manage basic authentication headers but pass
> >the login/password values to my code? And can I then have access
> >to that information in the servlet that creates the response?
> >
> >Many thanks,
> >
> >Fred
> >
> >

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message