Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Received-SPF: pass (hermes.apache.org: local policy)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Problem with security?
Date: Fri, 10 Jun 2005 10:43:10 -0400
Message-ID: <885C7EC41C6782488AD7D3A7C325910601F3D408@blums0009>
Thread-Topic: Problem with security?
Thread-Index: AcVtxmdnkN9eRS1/Q/yvIUTNljjVMwABBRJA
From: "Gagnon, Joseph M  \(US SSA\)" <joseph.m.gagnon@baesystems.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>

I believe I've covered that all in my original message.  Read further.

-----Original Message-----
From: egan0019 [mailto:egan0019@umn.edu]=20
Sent: Friday, June 10, 2005 10:10 AM
To: Tomcat Users List
Subject: Re: Problem with security?

Look into the ServletRequest interface.  That interface, which is
extended
in HttpServletRequest.  You can call the getRemoteAddr(),
getRemoteHost(),
etc. methods.  You receive null in your getRemoteUser because the user
hasn't been 'authenticated' yet.


On 10 Jun 2005, Gagnon, Joseph M  (US SSA) wrote:
> Hello,
>=20
> I'm new to JSP development (and to dynamic web development as a whole)
> so please bear with me.  I'm investigating using JSP/Java for a
project
> at my workplace.  My system (test server, if you will) is a PC running
> Windows XP Pro and I am using Tomcat 5.5.9.
>=20
> I have a situation where I want to be able to provide user access to
an
> application by determining the identity of the requesting user,
without
> them having to go through a login procedure.  Specifically, what I've
> been trying to do is call the request.getRemoteUser() method to ID the
> requesting user.  When I do so, I keep getting null.  After reading in
> the JSP and Java servlet specifications, I see that this call would
> return null if the user is not authenticated.  Reading further, I get
> the impression that by default, no authentication is needed to access
> resources.  If a security mechanism is specified in the deployment
> descriptor (which I take to be my webapps\ROOT\WEB-INF\web.xml file),
> then authentication would be required.
>=20
> Now, I'm not sure that I understand all the nuances of the terminology
> (not to mention the technology), but it seems that what I've been
trying
> to do should have worked.  The web.xml file indicated above contains
> only the following (and this is the way it came - I added nothing):
>=20
> <?xml version=3D3D"1.0" encoding=3D3D"ISO-8859-1"?>
> <!--
>   Copyright 2004 The Apache Software Foundation
>=20
>   Licensed under the Apache License, Version 2.0 (the "License");
>   you may not use this file except in compliance with the License.
>   You may obtain a copy of the License at
>=20
>       http://www.apache.org/licenses/LICENSE-2.0
>=20
>   Unless required by applicable law or agreed to in writing, software
>   distributed under the License is distributed on an "AS IS" BASIS,
>   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
>   See the License for the specific language governing permissions and
>   limitations under the License.
> -->
>=20
> <web-app xmlns=3D3D"http://java.sun.com/xml/ns/j2ee"
>     xmlns:xsi=3D3D"http://www.w3.org/2001/XMLSchema-instance"
>     xsi:schemaLocation=3D3D"http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
>     version=3D3D"2.4">
>=20
>   <display-name>Welcome to Tomcat</display-name>
>   <description>
>      Welcome to Tomcat
>   </description>
>=20
> <!-- JSPC servlet mappings start -->
>=20
>     <servlet>
>         <servlet-name>org.apache.jsp.index_jsp</servlet-name>
>         <servlet-class>org.apache.jsp.index_jsp</servlet-class>
>     </servlet>
>=20
>     <servlet-mapping>
>         <servlet-name>org.apache.jsp.index_jsp</servlet-name>
>         <url-pattern>/index.jsp</url-pattern>
>     </servlet-mapping>
>=20
> <!-- JSPC servlet mappings end -->
>=20
> </web-app>
>=20
> Does anyone have any suggestions as to why this doesn't work -or- any
> suggestions for an alternate method?  Also, in a more general sense,
any
> information regarding good sources of information for learning how to
do
> JSP/Servlet programming (web, books, etc.) would be appreciated.
Please
> keep in mind that I am new at this, so examples of some obscure
> objective or expert level programming will probably be over my head.
>=20
> Thanks,
> Joe Gagnon
>=20
>=20
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>=20
>=20


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org