On Wed, 14 Aug 2002, Ed Thompson wrote: > It defaults to true, and I don't have it explicitly set.
Yeah, but what I was saying is that sometimes you need it to be false (i.e. you need to explicitly set it to false). > I got getRemoteUser to work, now I just need to find a password > passing strategy... If you got getRemoteUser to work, then the above is not the problem. As to a password passing strategy, I suggest heeding Craig's advice. > ----- Original Message ----- > From: "Milt Epstein" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Wednesday, August 14, 2002 7:54 PM > Subject: Re: j_username in session cookie - where did it go? > > > > On Wed, 14 Aug 2002, Ed Thompson wrote: > > > > > OK, exploring the alternatives - > > > > > > I authenticate, then I call the snoop.jsp in the tomcat examples > > > directory, and it indicates remote User is null. > > > > > > Am I missing something else? > > > > Are you doing this through Apache, or Tomcat standalone? If the > > former, do you have tomcatAuthentication="false" in your Connector tag > > in your server.xml? I had to put that in there for the AJP connector > > in order to get this to work. > > > > > > > ----- Original Message ----- > > > From: "Craig R. McClanahan" <[EMAIL PROTECTED]> > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > Sent: Tuesday, August 13, 2002 10:41 PM > > > Subject: Re: j_username in session cookie - where did it go? > > > > > > > > > > > > > > > > > > On Tue, 13 Aug 2002, Ed Thompson wrote: > > > > > > > > > Date: Tue, 13 Aug 2002 21:57:53 -0400 > > > > > From: Ed Thompson <[EMAIL PROTECTED]> > > > > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > > > > To: Tomcat Users List <[EMAIL PROTECTED]> > > > > > Subject: j_username in session cookie - where did it go? > > > > > > > > > > I have just upgraded (uninstalled and reintsalled) from Tomcat 3.2 > to > > > > > Tomcat 4.0.4. > > > > > > > > > > I am using form based authentication, and found under 3.2 I could > pull > > > > > j_username out of the session cookie after authenticaion was done. > > > > > > > > > > > > > That's not how it really worked under 3.2, although if you are using > BASIC > > > > authentication you could decode the username out of the > "Authorization" > > > > header. > > > > > > > > > Now under Tomcat 4 it doesn't seem to be there. I know I tried it > under > > > > > Tomcat 4.0.1 before I upgraded and it worked, but not after > uninstalling > > > 3.2 > > > > > and installing 4.0.4 from scratch.. > > > > > > > > > > Can anyone shed light on what is (not) happening? Have the rules > > > changed or > > > > > have I not cfg'd something properly? > > > > > > > > > > > > > The portable way to get ahold of the authenticated username is to call > > > > request.getRemoteUser(). See the servlet spec for more details on > > > > container managed security: > > > > > > > > http://java.sun.com/products/servlet/download.html > > > > > > > > > Thanx! > > > > > Ed > > > > > > > > Craig > > > > > > > > > > > > -- > > > > To unsubscribe, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > > For additional commands, e-mail: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > Milt Epstein > > Research Programmer > > Systems and Technology Services (STS) > > Campus Information Technologies and Educational Services (CITES) > > University of Illinois at Urbana-Champaign (UIUC) > > [EMAIL PROTECTED] > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > Milt Epstein Research Programmer Systems and Technology Services (STS) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
