tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Savoy, Melinda" <>
Subject RE: Still having problem retrieving user value from ISAPI Filter for authentication
Date Wed, 23 Jun 2010 12:49:39 GMT
Let me ask, what maybe a stupid question now, but when I print out the enumeration value of
the request header names, see below, using request.getHeaderNames() should the user be listed
as one of the headers which is passed on from the ISAPI filter:

=== MimeHeaders ===
accept = */*
accept-language = en-us
connection = Keep-Alive
host = localhost
user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322;
.NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
accept-encoding = gzip, deflate
content-length = 0

Thank you.

-----Original Message-----
From: Pid [] 
Sent: Wednesday, June 23, 2010 6:52 AM
To: Tomcat Users List
Subject: Re: Still having problem retrieving user value from ISAPI Filter for authentication

On 23/06/2010 10:45, Rainer Jung wrote:
> On 23.06.2010 09:51, Pid wrote:
>> On 23 Jun 2010, at 02:40, Rainer Jung<>  wrote:
>>> On 22.06.2010 21:59, Marc Boorshtein wrote:
>>>>> Unless you are going to authenticate via one of Tomcat's 
>>>>> authentication methods; BASIC, FORM, etc, then getRemoteUser() is 
>>>>> going to return null.
>>>>> You'll need to add a security constraint, login-config and 
>>>>> security-role to your web.xml to test getRemoteUser(); in just Tomcat.
>>>> This shouldn't be the case since she put tomcatAuthentication="false"
>>>> tomcat should be taking the username from the JK_REMOTE_USER 
>>>> attribute.
>>>> Have you tried a wireshark packet capture?
>>> The log file of the ISAPI redirector she presented already contains 
>>> a dump of the AJP packet the redirector is going to send out. The 
>>> dump shows the correct user string contained in the packet.
>>> I've got no idea what's wrong here.
>> Would you expect the user value normally to be set as another 
>> (REMOTE_USER type) header by ISAPI?
> No, it gets send as an AJP specific request attribute that the AJP 
> connectors know about. It's not an HTTP header.

OK, and I'm guessing that if there was a way to get the AJP connector to dump those attributes
you'd have said so by now.


> Regards,
> Rainer
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

The information contained in this message and any attachments is intended only for the use
of the individual or entity to which it is addressed, and may contain information that is
PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law.  If you are not
the intended recipient, you are prohibited from copying, distributing, or using the information.
 Please contact the sender immediately by return e-mail and delete the original message from
your system.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message