Peter wrote:
> How do I use getRemoteUser() ?
>
Depends on the web server / servlet engine combination you are using. The key
generalization is that it is normally the web server's responsibility to provide
the authentication checking, and then pass on the authenticated username to the
servlet engine.
>
> According to what I've read in this mailing list, I'm supposed to "protect" the
> servlet engine (ApacheJServ) before the above method returns the actual user
> name istead of null. Now that I've "protect" the servlet, I cant access any of
> my servlets anymore. Netscape keeps saying "Connect. Host etc..." but there's
> nothing on the screen. This is what I've done to err.... "secure" ApacheJServ :
>
> I've enabled Apache to "protect" the servlet engine using the following :
>
> 1) I've put the following in jserv.conf :
>
> ApJServSecretKey conf/jserv.secret.key
>
> 2) Plus in jserv.properties :
>
> security.authentication=true
> security.secretKey=/usr/src/ApacheJServ-1.0/payroll/jserv.secret.key
>
> 3) I also put jserv.secret.key above in $APACHE-ROOT-DIR/conf
>
This level of "protection" has nothing at all to do with getRemoteUser(). It is
only there to limit where connections between Apache and Apache JServ can come
from. Put all these settings back the way they were.
>
> Pls help. As with most open source apps, the ApacheJServ manual is just Greek
> to me. Furthermore, I must protect these servlets as anyone can access them once
> they got the correct URL - bypassing the web server htpasswd authentication!!!!
> Tell me what I did wrong above and I would be truly truly grateful. Thanks in
> advance.
>
To "protect" a servlet in the sense that you are talking about, you want to tell
Apache that a certain URL pattern needs to have user authentication. With static
pages, you usually do this with an .htaccess file in that directory. Because there
is no "directory" as such that matches servlet URLs, you need to use the <Location>
directive in your httpd.conf file.
For more info on Apache configuration, see the documentation at the Apache web site
(http://www.apache.org), or get one of the books about it (you're probably still
going to be lost without doing this). You should also check the FAQ-O-MATIC at the
Apache JServ web site (http://java.apache.org) -- the very first entry under
"Configuration" addresses this issue:
http://java.apache.org/faq/?file=22
You can actually use any authentication module supported in Apache. Once you do,
the getRemoteUser() value will be populated with the authenticated username for any
URL that starts with the pattern.
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
