I am trying to set up authentication for my web app using tomcat. I am using just basic authentication and the application seems to authenticate me and allows the user in. However, when I issue a request.getRemoteUser() the value returned is null.
The following is what I have placed in the web.xml file for the web app: <security-constraint> <web-resource-collection> <web-resource-name>DIS Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/jsp/security/protected/*</url-pattern> <url-pattern>/DIS/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>dis</role-name> <role-name>disrole</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses BASIC authentication --> <login-config> <auth-method>BASIC</auth-method> <realm-name>DIS Basic Authentication Area</realm-name> </login-config> </security-constraint> If anyone could let me know how I can force Tomcat to set RemoteUser I would appreciate it. thanks, wayne