RE: Retrieving username and password from url??

Mon, 02 Dec 2002 08:28:55 -0800 

Hi, 
Try this : 

 String authheader = request.getHeader("authorization");
 
I should point out, that usually sessions are only authenticated once, there for there 
is not authorization header in every request but only the one that is used for 
authentication). Some browsers sometimes try to authenticate every request, I think it 
has to do with cookie settings and more. 

Hope it helps
  -reynir


> -----Original Message-----
> From: Andreas Probst [mailto:[EMAIL PROTECTED]] 
> Sent: 2. desember 2002 14:09
> To: Tomcat Users List
> Subject: RE: Retrieving username and password from url??
> 
> 
> Hi Reynir,
> 
> how can you get the Authentication header? As far as I know the 
> only information you can get is the Principal and the username, 
> but not the password, neither clear nor encoded.
> 
> Andreas
> 
> 
> On 2 Dec 2002 at 9:14, Reynir Hübner wrote:
> 
> > Hi,
> > 
> > Depending on the browser and authentication scheme this 
> will may try 
> > to authenticate against tomcat. There for you should be able to do 
> > request.getRemoteUser() on (at least) the first request 
> that has the 
> > authenticative username:password.
> > request.getRemoteUser() only returns the username, you can get the 
> > Authentication header wich is formed like this in BASIC 
> authentication 
> > scheme: String user_Password = login+ ":"+ password; String 
> encoding  
> > = new String (Base64.encode(user_Password.getBytes())); String 
> > Authentication = "Basic " + encoding;
> > 
> > You might be able to do that backwards somehow....
> > 
> > Hope it helps
> > -reynir
> > 
> > 
> > > -----Original Message-----
> > > From: Abhishek Srivastava [mailto:[EMAIL PROTECTED]]
> > > Sent: 2. desember 2002 08:30
> > > To: [EMAIL PROTECTED]
> > > Cc: Sunu Joseph
> > > Subject: Retrieving username and password from url??
> > > 
> > > 
> > > Hi,
> > > Is there a way that I can retrieve the username and password from 
> > > the url given as below using a servlet. 
> > > https://username:password@hostname/servletname> /servlet
> > > 
> > > 
> > > 
> > > Regards,
> > > Abhishek
> > > 
> > > 
> > > 
> > > 
> > > 
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-user-> [EMAIL PROTECTED]>
> For 
> additional commands, 
> e-mail: <mailto:[EMAIL PROTECTED]>
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to