Hi, I'm developing a java servlet application using tomcat ad apache web server under linux. The application is located in a reserved area of the website where the request are authenticated by basic authentication of Apache. Problem: since getRemoteUser returns always null, I haven't found a method to know the remote user name/id. I read in other messages of this list that actual implementation of tomcat does not manage this security feature -( but I would be surprised if does not exists any method to "connect" the web server authentication and the servlet engine. I supposed two scenarios: 1 - Apache make the basic authentication, and tells to the servlet who the authenticated user is 2 - (very, very better) Apache delegates a servlet for the authentication of an area... this would be the best solution (for this and other problems), but I'm pessimist Tnx Marco