In my isapi.log I am getting the user value (indicated below in BOLD RED font) from IIS using the Tomcat connector and my understanding from others on this list is that I should be able to get at that user value by using the HttpServletRequest getRemoteUser() however, I am getting a NULL value when doing that. I'm sure I'm doing something stupid but I just can't see it.
Here is what is in my isapi.log: [Thu May 27 09:11:21.706 2010] [4656:4920] [debug] jk_isapi_plugin.c (3108): Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1 name=localhost port=80 auth=Negotiate user=TEXAS\SavoyM uri=/SCMIS/index.jsp Here is the code I'm using in Java to get at the user value above: public User authenticate(final HttpServletRequest request, final HttpServletResponse response) throws IOException { // Initialize the User object User user = null; // 1. Initiate the IIS authentication process. final String auth_user = request.getRemoteUser(); final String auth_user2 = request.getUserPrincipal().getName(); // 2. Create a User object with the user name if (auth_user != null) user = new User(auth_user, ""); // 3. Check to see if the user is populated if (auth_user == null) throw new UnauthorizedException(response, user); // 4. Perform authentication if user not already authenticated if (SecurityContext.getUser(request) == null) { // a. Verify the user credentials if (!manager.verify(user)) return null; // b. Load the application-managed User object and save into the context user = manager.load(user); SecurityContext.setUser(user, request); return user; } return SecurityContext.getUser(request); } As you can see I've also tried to get to the user by using the getUserPrincipal.getName() but that produces a NPE. Any help or direction from someone who knows Java would be greatly appreciated. Thank you. Melinda Savoy Sr. Programmer Analyst, ERP Systems Innovative Technology Solutions Texas Health Resources 600 E. Lamar Blvd, Ste 301, Arlington TX 76011 melindasa...@texashealth.org<mailto:melindasa...@texashealth.org> Texas Health Resources: Arlington Memorial, Harris Methodist and Presbyterian Hospitals A shared mission and now a shared name. The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system.