>From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
>Subject: RE: Still having problem retrieving user value from ISAPI
>Filter for authentication
>
>What I did was comment out the filter from the web.xml and I went
>straight from the IE browser (http://localhost/index.jsp) to the
>index.jsp page that was comprised of only the following:
>
> <%...@page language="java" contentType="text/html; charset=ISO-
>8859-1" pageEncoding="ISO-8859-1"%>
>
> Here is my USERID using getRemoteUser,
><%=request.getRemoteUser()%> , in my index.jsp page.
>
>My browser window then showed: Here is my USERID using getRemoteUser,
>null, in my index.jsp page.
>
>That was it. So I wasn't even going through my application at all but
>only from the browser to Tomcat and it returned my page without issue
>but with NO user value as is indicated below in the log.
Unless you are going to authenticate via one of Tomcat's authentication
methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
You'll need to add a security constraint, login-config and security-role to
your web.xml to test getRemoteUser(); in just Tomcat.
Look at the manager webapp web.xml example:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLManger and Manager command</web-resource-name>
<url-pattern>/jmxproxy/*</url-pattern>
<url-pattern>/html/*</url-pattern>
<url-pattern>/list</url-pattern>
<url-pattern>/expire</url-pattern>
<url-pattern>/sessions</url-pattern>
<url-pattern>/start</url-pattern>
<url-pattern>/stop</url-pattern>
<url-pattern>/install</url-pattern>
<url-pattern>/remove</url-pattern>
<url-pattern>/deploy</url-pattern>
<url-pattern>/undeploy</url-pattern>
<url-pattern>/reload</url-pattern>
<url-pattern>/save</url-pattern>
<url-pattern>/serverinfo</url-pattern>
<url-pattern>/status/*</url-pattern>
<url-pattern>/roles</url-pattern>
<url-pattern>/resources</url-pattern>
<url-pattern>/findleaks</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>manager</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
