Re: Determining remote user and inrole for unprotected pages
Are you using mod_jk and Apache to front server requests? If so, Apache has the getRemoteUser information and you need to configure Tomcat to tell it where to pull this from. If you are using a recent version of Tomcat, put the following jk2.properties request.tomcatAuthentication=false Jake At 12:28 PM 10/13/2003 -0400, you wrote: I have recently noticed that when you have a site with both protected and unprotected pages that getRemoteUser returns null on the unprotected pages eventhough I have authenticated against a protected page. isUserInRole also does not work. Is there a way I can determine who is logged in when I access an unprotected url? To answer my own Q, I supose I could create an object and store it in the session then access later, but is there another way? Ultimately I would like to present a dynamic menu in which administrators see a different menu than regular joe users. The menu is part of every page in this case. I would simple like to hide "admin only" sections so regular users don't see them. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Determining remote user and inrole for unprotected pages
I think this is an open question to the dev list right now as it was recently discussed. The quick summary (IIRC) is if you are logged in and request a page which is not defined in web.xml as protected, the spec doesn't require that the RemoteUser be set. (Which really sucks.) -Tim Jim Kennedy wrote: I have recently noticed that when you have a site with both protected and unprotected pages that getRemoteUser returns null on the unprotected pages eventhough I have authenticated against a protected page. isUserInRole also does not work. Is there a way I can determine who is logged in when I access an unprotected url? To answer my own Q, I supose I could create an object and store it in the session then access later, but is there another way? Ultimately I would like to present a dynamic menu in which administrators see a different menu than regular joe users. The menu is part of every page in this case. I would simple like to hide "admin only" sections so regular users don't see them. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Determining remote user and inrole for unprotected pages
I have recently noticed that when you have a site with both protected and unprotected pages that getRemoteUser returns null on the unprotected pages eventhough I have authenticated against a protected page. isUserInRole also does not work. Is there a way I can determine who is logged in when I access an unprotected url? To answer my own Q, I supose I could create an object and store it in the session then access later, but is there another way? Ultimately I would like to present a dynamic menu in which administrators see a different menu than regular joe users. The menu is part of every page in this case. I would simple like to hide "admin only" sections so regular users don't see them. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]