You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Joakim Verona <jo...@verona.se> on 2000/01/21 19:50:14 UTC
Q about http authentication with apache/tomcat
hello,
im trying to access restrict a .jsp file using apache and tomcat.
if i restrict the access from within a apache directive(as suggested on
the jserv faq)
the browser authentification dialogue triggers. however, im not able to
see the remote user
in the jsp page, i get only null while printing request.getRemoteUser()
other parts of the request seems to get filled in, the getContextPath
for instance.
is this supposed to work with the tomcat/apache combination? i find no
real evidence of this anywhere.
here is my trivial jsp test file:
<table border=1>
<tr>
<td>remote user </td><td><%= request.getRemoteUser() %></td>
</tr>
<tr>
<td>auth </td><td><%= request.getAuthType() %></td>
</tr>
<tr>
<td>context </td><td><%= request.getContextPath() %></td>
</tr>
<tr>
</table>
here is the apache config:
<Location /timereport/*>
AuthExternal helpdesk_auth
require valid-user
AuthType Basic
AuthName "Tidrapportering"
<Limit GET POST>
require user some_user
</limit>
</Location>
here is the war config:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tidrapportering</realm-name>
</login-config>
<security-role>
<description>Anvandare</description>
<role-name>user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>timereport</web-resource-name>
<url-pattern>/timereport/punch.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
</web-app>
(sorry if this is a faq, i really really tried to search all to me known
sources)
--
Joakim Verona
joakim@verona.se
http://www.verona.se/~joakimv