You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Martin Rusnak <ma...@corinex.sk> on 2000/02/03 09:38:47 UTC

Q: problem with authentication

I'm trying to use http authentication with tomcat3.0.
Method HttpServletRequest.getRemoteUser() alwais returns null.

here is code:
------
    public void service (HttpServletRequest request, HttpServletResponse
response)
        throws ServletException, IOException
    {
        String user=request.getRemoteUser();
	if(user==null||user==""){
            response.setHeader("WWW-Authenticate","Basic realm=\"My
Realm\"");
            response.sendError(401,"Unauthorized");
            out.println("Text to send if user hits Cancel button\n");
            return;
        }

        ....
------

Is there any other way to get user name?

Martin Rusnak

Re: Q: problem with authentication

Posted by Andreas Siegrist <A....@tv1.de>.

You may get the user name (and password) by decoding the
authorization string yourself. We are using a static method in a
utility class:

public static String getRemoteUser(HttpServletRequest request) {
    String auth = request.getHeader("authorization"); // as send by apache
    if (auth == null) return null;

    try {
      auth = new String((new
BASE64Decoder()).decodeBuffer(auth.substring(6)));
    }
    catch (Exception exc) {
      exc.printStackTrace();
      return null;
    }

    if (auth == null)
      return null;
    int pos = auth.indexOf(":");
    if (pos < 0)
      return null;
    return auth.substring(0, pos);
}

Bye
Andi


Martin Rusnak schrieb:

> I'm trying to use http authentication with tomcat3.0.
> Method HttpServletRequest.getRemoteUser() alwais returns null.
>
> here is code:
> ------
>     public void service (HttpServletRequest request, HttpServletResponse
> response)
>         throws ServletException, IOException
>     {
>         String user=request.getRemoteUser();
>         if(user==null||user==""){
>             response.setHeader("WWW-Authenticate","Basic realm=\"My
> Realm\"");
>             response.sendError(401,"Unauthorized");
>             out.println("Text to send if user hits Cancel button\n");
>             return;
>         }
>
>         ....
> ------
>
> Is there any other way to get user name?
>
> Martin Rusnak
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org