Formanek Gary L wrote:
> I want to get the username from the basic user authentication dialog that
> pops up on a secured URL. I thought this would do it:
>
> log("Remote user = " + req.getRemoteUser().toUpperCase());
>
> However, it seems to return null. Does this not work? The user is
> authenticated by the standard dialog box from the web server on the URL and
> I would think this would get the name in the dialog box.
>
This works, but only if the URL of the servlet itself is configured to be in a
protected area (at the web server level). For example, in Apache if your
servlet path was /servlet/myservlet, you would have to include a <Location>
directive for that path in the Apache configuration file. You cannot use a
".htaccess" file for this, because there is no "real" /servlet directory to put
it in when you've told the server that /servlet calls are mapped to the servlet
engine. Details for other web servers will vary.
>
> I have also tried:
>
> String enc = req.getHeader("Authorization");
>
> I did the routine with base64 encoding but it also seems to return null. Any
> ideas here?
>
The "Authorization" header is where the servlet engine itself discovers the
value to be returned by getRemoteUser() -- if this header is not included in
the request (as discussed above), the value returned by getRemoteUser() will be
null.
I cannot speak for all servlet engines, but IMHO passing the "Authorization"
header on to the servlet is a security risk (because it includes the password
as well as the username). I would not be surprised to see servlet engines
stripping it off from the set of headers they allow to be returned by
request.getHeader().
>
> Thanks,
>
> Gary L. Formanek
> Engineering Systems
> Deere Power Systems Group
> Phone (319) 292-5310
> Fax (319) 292-8813
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
