Hi all,
I just read a tutorial regarding with accessing the standard CGI Variables
with servlet and JSP. There are variables called remote_host and remote_user
in old CGI program. These can be accessed if MS ASP is being used. It seems
that the same thing applies to JSP.
Can someone clarify this to me?
Regards,
Jun
-----Original Message-----
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 25, 1999 12:20 PM
To: [EMAIL PROTECTED]
Subject: Re: Access to system properties (specifically user) from JSP
brian wrote:
> Hi Jeff,
>
> Craig is probably a better person to answer this, but in case it doesn't
attract
> his attention (the volume on this list has drastically increased of late),
the way
> I think it works is like this:
>
That's what I get for answering lots of questions :-). I saw it, and try to
respond to
the "interesting" questions, but today's been pretty busy .. see below.
>
> JSP is of course server-side only, and is compiled into a servlet and thus
is bound
> by all the rules that govern servlets. JSP, once executed, generates
plain old
> HTML. Absent some javascript, you can't do anything more on the client
side than
> you can with HTML. Even if you could execute a System.getProperty() [and
maybe you
> can from a Servlet?], you'll be returning the values of the server
machine, not the
> client.
>
> I'm no javascript guru, but perhaps there is a way in javascript to
attempt what
> you're trying to do. I still don't think so - if applets aren't allowed
access to
> client-side system values, I doubt that javascripts are.
>
> Of course that's just my opinion; I could be wrong...
> -bml
>
> "Bailey, Jeff A" wrote:
>
> > Quick question
> >
> > Has anyone implemented a method to access the username of the person
logged
> > into an NT system through a JSP in any way? Specifically the username
of
> > the person accessing the jsp through a browser.
> >
> > Sort of like using System.getProperty("user") from a JSP (sorta)
> >
> > I remember reading about some attempts to do this but dont remember the
> > details and it is something that would greatly aid some tasks I am
working
> > on. Any third party utilities? etc?
> >
> > Any ideas are greatly appreciated.
> >
> > Thanks,
> >
> > J
The first thing necessary is a clarification -- are we talking about the
user's logon
name on the client machine (where the browser is running) or the server
machine (where
the servlet is running)?
If it's the client machine, there's nothing you can do with servlets and JSP
per se
because they are only on the server side. I also don't think there's a
JavaScript
function that lets you ask this question. Of course, I wouldn't trust the
answer even
if there was such a function, because the actual client could really be
application
program that is masquerading as a user.
On the server machine, you need to remember that executing a JSP page does
*not*
require logging in to NT on the server. The servlet engine (or the web
server you are
running it under) usually provides some mechanism to define valid users for
the web
application that are usually not the same as OS logins. Unless you have
configured
your server to know that a particular URL needs authentication,
getRemoteUser() is
going to return null.
At first blush, it sounds really tempting to set up your server to use NT's
authentication mechanism to validate usernames and passwords (some servers
let you do
this), and therefore let the user use their same username and password.
However, if
you're using Basic authentication (the pop-up prompt you see on subscription
web
sites), this is a *VERY* bad idea, because your username and password are
sent in what
amounts to cleartext across the network with every request. That's not the
kind of
thing you want to make known to anyone with a packet sniffer in the right
place.
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
