Hi,
Thanks to you both, but my question is not so much about how to get the user name in the request.
Instead, it's this: I need to use basic authentication (i.e. the browser pops up the login), but then I need to run custom code to actually check the login and password with an internal system, instead of the usual options available out of the box (memory realms, jdbc realms, etc.)
I thought at first I would need a custom realm, but several messages on this
list gave me the impression that a realm can't really affect the request/response.
I need to not only do custom authentication, but the response will also be
completely customized to the user who logs in.
I'm still learning here, but realms seem to be too limited, valves seem to be too complex for the job.
Is there a simple middle ground?
Thanks again,
Fred
At 02:41 PM 8/16/2004 -0400, you wrote:
Someone please correct me if I'm wrong here...
Also be aware that non-protected pages will not provide you with a value to request.getRemoteUser(). I had assumed I could get the remote user from any page once the user logged in, but it doesn't work as I expected. I believe there *was* a bug report over on the TC bugzilla system and the response I remember was that the system was working as designed.
Bob
On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote: > You can use request.getRemoteUser() to obtain the username. The password > is not really accessible except by examining the http headers. > > Jake > > At 11:21 PM 8/13/2004 -0400, you wrote: > >Hi all, > > > >I've been spending the last few hours reading about realms, > >valves, authenticators and the like, and I'm totally confused. > >I'm hoping if I describe my situation, someone can help me > >cut through the fog. > > > >I'm working on a simple web app that will feed custom RSS XML > >to clients that must use basic authentication. In my application, > >I need to do more than just look up users somewhere. Instead, the > >login/password values returned via basic authentication headers will be > > used in some fairly complex ways to both authenticate and then > >construct the custom response. > > > >What is the simplest way to customize basic authentication > >in Tomcat 4? It seems that realms are not the way to go, since > >they just handle authentication and have nothing to do with the > >request/response. Valves/authenticators seem like overkill. Form > >based authentication is not an option. > > > >Can I have Tomcat manage basic authentication headers but pass > >the login/password values to my code? And can I then have access > >to that information in the servlet that creates the response? > > > >Many thanks, > > > >Fred > > > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
