tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: User-password from the HttpServletRequest
Date Wed, 02 May 2007 17:31:49 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sam,

sebbo@gmx.ch wrote:
> How can I get the password from the logged in user via the
> HttpServletRequest in general? (I need the password in a servlet
> filter to do some stuff)

Do you mean during the login process, or after it has been done?

Unless you can get a request object during the login process, you will
only be able to get the user's password when using BASIC authentication
(not FORM).

You'll need to get the "Authorization" header from the request and
decode it to get the user's credentials. You can read all about HTTP
auth in RFC 2617 (http://www.faqs.org/rfcs/rfc2617.html) to determine
how to interpret the data found there.

> And there some web server independent solution?

I assume that you mean /application server/-independent solution. Yes,
all (compliant) Java application servers support the servlet API.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGOMsF9CaO5/Lv0PARAlIvAKChwWOlitX82IddFCuhseB/yVQKdgCgpwAN
IUy2xRS5++zOtJm/Zvfd31s=
=HvYe
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message