You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Joakim Verona <jo...@verona.se> on 2000/01/21 19:50:14 UTC

Q about http authentication with apache/tomcat

hello,

im trying to access restrict a .jsp file using apache and tomcat.
if i restrict the access from within  a apache directive(as suggested on
the jserv faq)
the browser authentification dialogue triggers. however, im not able to
see the remote user
in the jsp page, i get only null while printing request.getRemoteUser()

other parts of the request seems to get filled in, the getContextPath
for instance.


is this supposed to work with the tomcat/apache combination? i find no
real evidence of this anywhere.

here is my trivial jsp test file:

<table border=1>
<tr>
<td>remote user </td><td><%= request.getRemoteUser() %></td>
</tr>
<tr>
<td>auth </td><td><%= request.getAuthType() %></td>
</tr>
<tr>
<td>context </td><td><%= request.getContextPath() %></td>
</tr>
<tr>
</table>

here is the apache config:


 <Location  /timereport/*>

 AuthExternal helpdesk_auth
 require valid-user
 AuthType Basic
 AuthName "Tidrapportering"
<Limit GET POST>
  require user some_user
</limit>

 </Location>

here is the war config:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">

<web-app>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tidrapportering</realm-name>
  </login-config>
  <security-role>
    <description>Anvandare</description>
      <role-name>user</role-name>
  </security-role>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>timereport</web-resource-name>
      <url-pattern>/timereport/punch.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>

</web-app>




(sorry if this is a faq, i really really tried to search all to me known
sources)	
-- 
Joakim Verona
joakim@verona.se
http://www.verona.se/~joakimv