--
Hi,
I am not sure of other variables, but if you are using standard
HTTP Authentication then you can you can always make a
req.getRemoteUser() call in your servlets to find out the
remote user.
If you are going for HTML page authentication, without SSL
then the user-name and password will travel from client to
server totally un-encrypted and anyone listening on the packets
can easily fetch the information.
thanks,
At 02:38 PM 6/30/99 -0400, you wrote:
>--
>
>All,
>
>I've read the FAQ-O-Matic about accessing environment variables within a
>servlet run by JServ, however I'm not getting *all* the variables I'm
>looking for. I've (also with the help of the F-O-M) figured-out how to
>have a standard HTTP authentication window open when a user accesses my
>servlets directly. Creating a servlet that shows the environment as
>well as the JVM properties, I've concluded that JServ isn't passed the
>authentication (or other Web server) variables, such as REMOTE_USER,
>etc.
>
>I've writing some servlets that will interact with like 30,000 users. I
>want there to be four classes of users, i.e. users, administrators,
>managers, and cashiers. In order to tell one type of user apart from
>the other, I want to have the four groups have usernames associated with
>it (or, actually, by default everyone would be in the "user" group, and
>then just manage the other three). To know just what the user who just
>logged-in can do and can't do, I'd like the servlet to query the
>database to see if the user is an admin or cashier or just a plain
>user. I've not found any way of finding-out who the user is that just
>authenticated using JServ, though.
>
>Two solutions to my own problem would be:
>
>1. Create separate servlet zones with separate HTPASSWD files and have
>only the relevent users listed in the given servlet zone's
>configuration.
>
>2. Have the user authenticate via a Web form (rather than the standard
>HTTP authentication) and have a servlet check the HTPASSWD file
>manually, and then pass the appropriate username and group information
>around.
>
>The first solution seems okay, if a little kludgy. It also means a
>larger code base to take care of and slightly increased administration
>overhead due to the four HTPASSWD files. The second solves the problems
>of the first but introduces the need to check passwords using something
>akin to the UNIX Crypt libraries, something not only do I know nothing
>about, but know even less about in Java (even if someone has already
>implemented Crypt in Java).
>
>What I'm looking for is either a way to access the REMOTE_USER and other
>such environment variables from within a servlet (I understand it makes
>things a little platform and Web server dependant) or another solution
>as to how I might authenticate a user and then be able to know within
>the servlet which username I'm working with.
>
>Thanks for any suggestions!
>
> -Fred Whipple
> Syracuse University
>
>PS - Source code to my servlet which shows first the Web server
>environment variables and then the JVM system properties is available
>upon request :-)
>
>
>
>--
>--------------------------------------------------------------
>To subscribe: [EMAIL PROTECTED]
>To unsubscribe: [EMAIL PROTECTED]
>READ THE FAQ!!!! <http://java.apache.org/faq/>
>Archives and Other: <http://java.apache.org/main/mail.html/>
>Problems?: [EMAIL PROTECTED]
>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
READ THE FAQ!!!! <http://java.apache.org/faq/>
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
