tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gagnon, Joseph M \(US SSA\)" <joseph.m.gag...@baesystems.com>
Subject Problem with security?
Date Fri, 10 Jun 2005 12:12:08 GMT
Hello,

I'm new to JSP development (and to dynamic web development as a whole)
so please bear with me.  I'm investigating using JSP/Java for a project
at my workplace.  My system (test server, if you will) is a PC running
Windows XP Pro and I am using Tomcat 5.5.9.

I have a situation where I want to be able to provide user access to an
application by determining the identity of the requesting user, without
them having to go through a login procedure.  Specifically, what I've
been trying to do is call the request.getRemoteUser() method to ID the
requesting user.  When I do so, I keep getting null.  After reading in
the JSP and Java servlet specifications, I see that this call would
return null if the user is not authenticated.  Reading further, I get
the impression that by default, no authentication is needed to access
resources.  If a security mechanism is specified in the deployment
descriptor (which I take to be my webapps\ROOT\WEB-INF\web.xml file),
then authentication would be required.

Now, I'm not sure that I understand all the nuances of the terminology
(not to mention the technology), but it seems that what I've been trying
to do should have worked.  The web.xml file indicated above contains
only the following (and this is the way it came - I added nothing):

<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
  Copyright 2004 The Apache Software Foundation

  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
    version="2.4">

  <display-name>Welcome to Tomcat</display-name>
  <description>
     Welcome to Tomcat
  </description>

<!-- JSPC servlet mappings start -->

    <servlet>
        <servlet-name>org.apache.jsp.index_jsp</servlet-name>
        <servlet-class>org.apache.jsp.index_jsp</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.index_jsp</servlet-name>
        <url-pattern>/index.jsp</url-pattern>
    </servlet-mapping>

<!-- JSPC servlet mappings end -->

</web-app>

Does anyone have any suggestions as to why this doesn't work -or- any
suggestions for an alternate method?  Also, in a more general sense, any
information regarding good sources of information for learning how to do
JSP/Servlet programming (web, books, etc.) would be appreciated.  Please
keep in mind that I am new at this, so examples of some obscure
objective or expert level programming will probably be over my head.

Thanks,
Joe Gagnon


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message