You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jim Kennedy <ji...@gigaheads.com> on 2003/10/13 18:28:25 UTC
Determining remote user and inrole for unprotected pages
I have recently noticed that when you have a site with both protected and
unprotected pages that getRemoteUser returns null on the unprotected pages
eventhough I have authenticated against a protected page. isUserInRole also
does not work.
Is there a way I can determine who is logged in when I access an unprotected
url?
To answer my own Q, I supose I could create an object and store it in the
session then access later, but is there another way?
Ultimately I would like to present a dynamic menu in which administrators
see a different menu than regular joe users. The menu is part of every page
in this case. I would simple like to hide "admin only" sections so regular
users don't see them.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Determining remote user and inrole for unprotected pages
Posted by Tim Funk <fu...@joedog.org>.
I think this is an open question to the dev list right now as it was recently
discussed. The quick summary (IIRC) is if you are logged in and request a
page which is not defined in web.xml as protected, the spec doesn't require
that the RemoteUser be set. (Which really sucks.)
-Tim
Jim Kennedy wrote:
> I have recently noticed that when you have a site with both protected and
> unprotected pages that getRemoteUser returns null on the unprotected pages
> eventhough I have authenticated against a protected page. isUserInRole also
> does not work.
>
> Is there a way I can determine who is logged in when I access an unprotected
> url?
>
> To answer my own Q, I supose I could create an object and store it in the
> session then access later, but is there another way?
>
>
> Ultimately I would like to present a dynamic menu in which administrators
> see a different menu than regular joe users. The menu is part of every page
> in this case. I would simple like to hide "admin only" sections so regular
> users don't see them.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Determining remote user and inrole for unprotected pages
Posted by Jacob Kjome <ho...@visi.com>.
Are you using mod_jk and Apache to front server requests?
If so, Apache has the getRemoteUser information and you need to configure
Tomcat to tell it where to pull this from. If you are using a recent
version of Tomcat, put the following jk2.properties....
request.tomcatAuthentication=false
Jake
At 12:28 PM 10/13/2003 -0400, you wrote:
>I have recently noticed that when you have a site with both protected and
>unprotected pages that getRemoteUser returns null on the unprotected pages
>eventhough I have authenticated against a protected page. isUserInRole also
>does not work.
>
>Is there a way I can determine who is logged in when I access an unprotected
>url?
>
>To answer my own Q, I supose I could create an object and store it in the
>session then access later, but is there another way?
>
>
>Ultimately I would like to present a dynamic menu in which administrators
>see a different menu than regular joe users. The menu is part of every page
>in this case. I would simple like to hide "admin only" sections so regular
>users don't see them.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org