Hi,
I have developed a servlet application using Tomcat as servlet engine and
Apache as webserver, under linux plattform.
In some circumstances the servlet app is located in a reserved area of the
web site, this area is defined with basic authentication in the apache
httpd.conf. The problem is: request.getRemoteUser() always returns null and
I haven't found any method to know the user authenticated by apache...
I have read in other message of this list that this is a well-known problem
since Tomcat does not implements the security container. However I hope
there is an "elegant" solution.
I supposed two scenarios:
1 - Apache authenticates the user whith basic (or other) method, and servlet
are enabled to know the actual userid
2 - Apache delegates the servlet to make the authentication. This would be
the very best solution, but I suppose it is impossible (could an Apache
module implement this feature?)
Tnx in advance
Marco
