>From: Savoy, Melinda [mailto:melindasa...@texashealth.org] >Subject: RE: Still having problem retrieving user value from ISAPI >Filter for authentication > >What I did was comment out the filter from the web.xml and I went >straight from the IE browser (http://localhost/index.jsp) to the >index.jsp page that was comprised of only the following: > > <%...@page language="java" contentType="text/html; charset=ISO- >8859-1" pageEncoding="ISO-8859-1"%> > > Here is my USERID using getRemoteUser, ><%=request.getRemoteUser()%> , in my index.jsp page. > >My browser window then showed: Here is my USERID using getRemoteUser, >null, in my index.jsp page. > >That was it. So I wasn't even going through my application at all but >only from the browser to Tomcat and it returned my page without issue >but with NO user value as is indicated below in the log.
Unless you are going to authenticate via one of Tomcat's authentication methods; BASIC, FORM, etc, then getRemoteUser() is going to return null. You'll need to add a security constraint, login-config and security-role to your web.xml to test getRemoteUser(); in just Tomcat. Look at the manager webapp web.xml example: <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>HTMLManger and Manager command</web-resource-name> <url-pattern>/jmxproxy/*</url-pattern> <url-pattern>/html/*</url-pattern> <url-pattern>/list</url-pattern> <url-pattern>/expire</url-pattern> <url-pattern>/sessions</url-pattern> <url-pattern>/start</url-pattern> <url-pattern>/stop</url-pattern> <url-pattern>/install</url-pattern> <url-pattern>/remove</url-pattern> <url-pattern>/deploy</url-pattern> <url-pattern>/undeploy</url-pattern> <url-pattern>/reload</url-pattern> <url-pattern>/save</url-pattern> <url-pattern>/serverinfo</url-pattern> <url-pattern>/status/*</url-pattern> <url-pattern>/roles</url-pattern> <url-pattern>/resources</url-pattern> <url-pattern>/findleaks</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>manager</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Tomcat Manager Application</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the Manager Application </description> <role-name>manager</role-name> </security-role> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org