For example, Spec 2.3 specifies The getRemoteUser method returns the user name the client used for authentication. If no user has been authenticated, the getRemoteUser method returns null. getRemoteUser(): ... Whether the user name is sent with each subsequent request depends on the browser and type of authentication.
-----Message d'origine----- De : Robert Bateman [mailto:[EMAIL PROTECTED] Envoyé : lundi 16 août 2004 20:42 À : Tomcat Users List Objet : Re: Customizing BASIC authentication Someone please correct me if I'm wrong here... Also be aware that non-protected pages will not provide you with a value to request.getRemoteUser(). I had assumed I could get the remote user from any page once the user logged in, but it doesn't work as I expected. I believe there *was* a bug report over on the TC bugzilla system and the response I remember was that the system was working as designed. Bob On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote: > You can use request.getRemoteUser() to obtain the username. The password > is not really accessible except by examining the http headers. > > Jake > > At 11:21 PM 8/13/2004 -0400, you wrote: > >Hi all, > > > >I've been spending the last few hours reading about realms, > >valves, authenticators and the like, and I'm totally confused. > >I'm hoping if I describe my situation, someone can help me > >cut through the fog. > > > >I'm working on a simple web app that will feed custom RSS XML > >to clients that must use basic authentication. In my application, > >I need to do more than just look up users somewhere. Instead, the > >login/password values returned via basic authentication headers will be > > used in some fairly complex ways to both authenticate and then > >construct the custom response. > > > >What is the simplest way to customize basic authentication > >in Tomcat 4? It seems that realms are not the way to go, since > >they just handle authentication and have nothing to do with the > >request/response. Valves/authenticators seem like overkill. Form > >based authentication is not an option. > > > >Can I have Tomcat manage basic authentication headers but pass > >the login/password values to my code? And can I then have access > >to that information in the servlet that creates the response? > > > >Many thanks, > > > >Fred > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]