On Tue, 13 Aug 2002, Ed Thompson wrote:
> Date: Tue, 13 Aug 2002 21:57:53 -0400
> From: Ed Thompson <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: j_username in session cookie - where did it go?
>
> I have just upgraded (uninstalled and reintsalled) from Tomcat 3.2 to
> Tomcat 4.0.4.
>
> I am using form based authentication, and found under 3.2 I could pull
> j_username out of the session cookie after authenticaion was done.
>
That's not how it really worked under 3.2, although if you are using BASIC
authentication you could decode the username out of the "Authorization"
header.
> Now under Tomcat 4 it doesn't seem to be there. I know I tried it under
> Tomcat 4.0.1 before I upgraded and it worked, but not after uninstalling 3.2
> and installing 4.0.4 from scratch..
>
> Can anyone shed light on what is (not) happening? Have the rules changed or
> have I not cfg'd something properly?
>
The portable way to get ahold of the authenticated username is to call
request.getRemoteUser(). See the servlet spec for more details on
container managed security:
http://java.sun.com/products/servlet/download.html
> Thanx!
> Ed
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
