Excellent reply, thanks.
This part
>However, if you are sending this to your own webapp and need to extract
>the
>information, you can get the username via req.getRemoteUser()
>http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpS ervletRequest.html#getRemoteUser(>)
Is exactly what I am after. However, when I make the call inside a jsp that the BASICAuthIFramePortlet, is sending to, then the result is null.
Am i doing something wrong ?
Are you fronting Tomcat with Apache and doing Basic Auth with Apache? Then you need to set the following in jk2.properties...
request.tomcatAuthentication=false
On the other hand, now that I think about it, the CGI REMOTE_USER variable may not be populated since no header is set. Instead, the URL is rewritten. You can double check this by looking at the contents of the Authorization header. Look at the WebAuthentication.html link I provided in my last email for hints on how to deal with that header.
You could also take the URL string, feed it into the URL class, and then do call getUserInfo() and/or getAuthority(). Not exactly sure what format those methods return the data in, so you'll have to test it yourself.
Jake
On Tue, 2003-11-04 at 19:13, Jacob Kjome wrote:
> Hi Paul,
>
> At 05:56 PM 11/4/2003 +0100, you wrote:
>
>
> >I have a few questions about BASICAuthIFramePortlet, I wonder if anyone
> >can help.
> >
> >
> >How come its in the src tree in b4 but i cant find it in the jar files ?
>
> No idea. Haven't checked out the latest binaries.
>
>
> >If i redirect to a JSP page, how can one extract the username and
> >password ??
> >
> >If i modify the source to put them as arguments to the web page
> >e.g. www.webpage.domain?username=xxx?password=xxx
> >The username is null ( have not checked password yet )
> >
> >Can anyone help me out here ?
> >
>
> First, when using BASIC Authentication, you don't pass the username and
> password as query parameters. You pass them like this....
>
> <https://cool:[EMAIL PROTECTED]/>https://myusername:[EMAIL PROTECTED]/
>
> Second, my original idea for creating this portlet was to just send it to
> servers that were protected using BASIC Authentication so, normally, you
> wouldn't need to extract the username and password. The receiving site
> would authenticate automatically.
>
> However, if you are sending this to your own webapp and need to extract the
> information, you can get the username via req.getRemoteUser()
> http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletRequest.html#getRemoteUser()
>
> I'm not entirely clear on how to extract the password, but that isn't
> usually necessary since the container performs the authentication. All
> you generally need to know is the name. However, IBM has an article that
> might be of interest to you which applies to their portal server (which is
> based on Jetspeed)...
> http://www7b.boulder.ibm.com/wsdd/library/techarticles/0110_gilmore/gilmore.html
>
> ....actually, this might give you what you need...
> http://www.ajsoft.net/Products/WebUtils/xref/net/ajsoft/WebUtils/Security/WebAuthentication.html
>
> Also, you might want to read this bug (enhancement) report describing the
> use of BasicAuthIFramePortlet...
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18632
>
>
> Jake
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
