tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue - PLANDEVX <LeoDona...@mail.maricopa.gov>
Subject RE: Still having problem retrieving user value from ISAPI Filter for authentication
Date Tue, 22 Jun 2010 19:54:39 GMT
>From: Savoy, Melinda [mailto:MelindaSavoy@texashealth.org]
>Subject: RE: Still having problem retrieving user value from ISAPI
>Filter for authentication
>
>What I did was comment out the filter from the web.xml and I went
>straight from the IE browser (http://localhost/index.jsp) to the
>index.jsp page that was comprised of only the following:
>
>        <%@page language="java" contentType="text/html; charset=ISO-
>8859-1" pageEncoding="ISO-8859-1"%>
>
>        Here is my USERID using getRemoteUser,
><%=request.getRemoteUser()%> , in my index.jsp page.
>
>My browser window then showed:  Here is my USERID using getRemoteUser,
>null, in my index.jsp page.
>
>That was it.  So I wasn't even going through my application at all but
>only from the browser to Tomcat and it returned my page without issue
>but with NO user value as is indicated below in the log.

Unless you are going to authenticate via one of Tomcat's authentication methods; BASIC, FORM,
etc, then getRemoteUser() is going to return null.

You'll need to add a security constraint, login-config and security-role to your web.xml to
test getRemoteUser(); in just Tomcat.

Look at the manager webapp web.xml example:

  <!-- Define a Security Constraint on this Application -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLManger and Manager command</web-resource-name>
      <url-pattern>/jmxproxy/*</url-pattern>
      <url-pattern>/html/*</url-pattern>
      <url-pattern>/list</url-pattern>
      <url-pattern>/expire</url-pattern>
      <url-pattern>/sessions</url-pattern>
      <url-pattern>/start</url-pattern>
      <url-pattern>/stop</url-pattern>
      <url-pattern>/install</url-pattern>
      <url-pattern>/remove</url-pattern>
      <url-pattern>/deploy</url-pattern>
      <url-pattern>/undeploy</url-pattern>
      <url-pattern>/reload</url-pattern>
      <url-pattern>/save</url-pattern>
      <url-pattern>/serverinfo</url-pattern>
      <url-pattern>/status/*</url-pattern>
      <url-pattern>/roles</url-pattern>
      <url-pattern>/resources</url-pattern>
      <url-pattern>/findleaks</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <!-- NOTE:  This role is not present in the default users file -->
       <role-name>manager</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Define the Login Configuration for this Application -->
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tomcat Manager Application</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      The role that is required to log in to the Manager Application
    </description>
    <role-name>manager</role-name>
  </security-role>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message