I am trying to set up authentication for my web app using tomcat. I am
using just basic authentication and the application seems to authenticate me
and allows the user in. However, when I issue a request.getRemoteUser() the
value returned is null.
The following is what I have placed in the web.xml file for the web app:
<security-constraint>
<web-resource-collection>
<web-resource-name>DIS Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
<url-pattern>/DIS/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>dis</role-name>
<role-name>disrole</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses BASIC authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DIS Basic Authentication Area</realm-name>
</login-config>
</security-constraint>
If anyone could let me know how I can force Tomcat to set RemoteUser I would
appreciate it.
thanks,
wayne
