I'm not quite sure what a redirector is but I had better success with ajp13
than ajp12 wrt non-tomcat managed authorization credentials.
HTH
> -----Original Message-----
> From: Crane, David [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 26, 2001 8:15 AM
> To: '[EMAIL PROTECTED]'
> Subject: Cannot Use Basic Authentication With Tomcat Redirecter
>
>
> Should I report this as a bug? Or forward it to tomcat-dev?
>
> Tomcat servlets cannot use Basic authentication if the
> request is proxied
> through a redirecter. This is a fairly serious problem.
>
> David
>
>
> -----Original Message-----
> From: Crane, David
> Sent: Monday, September 24, 2001 2:43 PM
> To: '[EMAIL PROTECTED]'
> Subject: getRemoteUser Returns Null, Ignoring Authorization Header
>
>
> The getRemoteUser method of the HttpServletRequest class is
> returning null.
> The "Authorization" header does contain the correctly encoded user and
> password for "Basic" authentication. Maybe there is a
> configuration setting
> that is wrong?
>
> We are using the NSAPI redirector that came with
> jakarta-tomcat-3.2.3-src/src/native/netscape. The browser
> connects to the
> iPlanet 4.1 SP5 server using HTTPS, and is challenged for the
> user name and
> password. The NSAPI redirector sends the request over to
> Tomcat 3.2.3 using
> HTTP (not HTTPS). In my Tomcat servlet, I can read and decode the
> "Authorization" header, which looks correct. But it is not being
> interpretted correctly by Tomcat's HttpServletRequest
> implementation, as you
> can see below.
>
> Here is some logging output from my servlet:
>
> [DsemServlet] userLogin: null
> [DsemServlet] Authentication type: null
> [DsemServlet] Authorization header: Basic VDEzMk02NjM6eXXXXXXXXXX=
> [DsemServlet] Decoded name and password:
> T132M663:not_gonna_give_this
> [DsemServlet] Expected userLogin: T132M663
>
> And here is the corresponding piece of code from the
> servlet's goGet method:
>
>
> String userLogin = request.getRemoteUser();
> cat.info("userLogin: " + userLogin);
>
> if (userLogin == null)
> {
> cat.info("Authentication type: " + request.getAuthType());
> String authorization = request.getHeader("Authorization");
> cat.info("Authorization header: " + authorization);
> BASE64Decoder dec = new sun.misc.BASE64Decoder();
> String encoded = authorization.substring(6);
> String decoded = new String(dec.decodeBuffer(encoded));
> cat.info("Decoded name and password: " + decoded);
> int pos = decoded.indexOf(":");
> if (pos >= 0)
> {
> String expected = decoded.substring(0, pos);
> cat.info("Expected userLogin: " + expected);
> }
> }
>
> I am using the Tomcat 3.2.3 that came bundled with JBoss 2.4.1a. The
> configuration files (such as server.xml) are the ones that
> came with the
> bundle. I cannot find anything obviously wrong with them,
> but they are
> quite long, and I don't know what to look for.
>
> I did find questions in the mailing list archives that looked
> similar, but
> they were mostly from last year, and had to do with form-based
> authentication.
>
> --
> David Crane
> Thomson Financial Municipals Group
>
