JSP authentication

F

Fran Cottone

I have a web site which will be accessed only from the corporate intranet.

request.getRemoteUser() returns null, therefore, authentication has
not been enabled.

I want to be able to get hold of the Windows 2000 login id of the
person invoking my JSP in their web browser. Given that the version of
Tomcat I am using is running on a Windows 2000 box, I would have
assumed that the web container would have an in-built implementation
of getRemoteUser tailored to returning the Windows login of any one
connecting to it or their netware login.

I have searched, but haven't managed to find a simple means of
enabling this kind of authentication. Surely, this should be a basic
feature of a web server i.e. click a checkbox, or set a property in an
xml file.

Many thanks in advance.
 
R

Robert

If you figure this one out let me know. We spent a few weeks on that
one here at my work. Trying to get the Kerberos token and all that
crap. We finally just set it up so when you log in to the app it does
an ldap lookup in our MS Active directory. so it still uses the
network username and password. Then of course we have a cookie to keep
you logged on forever if you want. Anyone else got an idea on this one?
 
A

Abrasive Sponge

Fran said:
I have a web site which will be accessed only from the corporate intranet.

request.getRemoteUser() returns null, therefore, authentication has
not been enabled.

I want to be able to get hold of the Windows 2000 login id of the
person invoking my JSP in their web browser. Given that the version of
Tomcat I am using is running on a Windows 2000 box, I would have
assumed that the web container would have an in-built implementation
of getRemoteUser tailored to returning the Windows login of any one
connecting to it or their netware login.

I have searched, but haven't managed to find a simple means of
enabling this kind of authentication. Surely, this should be a basic
feature of a web server i.e. click a checkbox, or set a property in an
xml file.

Many thanks in advance.
Click to expand...

Are you looking for a user to enter a name and password and have
authenticated by the tomcat server?
 
A

Abrasive Sponge

Fran said:
I have a web site which will be accessed only from the corporate intranet.

request.getRemoteUser() returns null, therefore, authentication has
not been enabled.

I want to be able to get hold of the Windows 2000 login id of the
person invoking my JSP in their web browser. Given that the version of
Tomcat I am using is running on a Windows 2000 box, I would have
assumed that the web container would have an in-built implementation
of getRemoteUser tailored to returning the Windows login of any one
connecting to it or their netware login.

I have searched, but haven't managed to find a simple means of
enabling this kind of authentication. Surely, this should be a basic
feature of a web server i.e. click a checkbox, or set a property in an
xml file.

Many thanks in advance.
Click to expand...

Anyways, this is what you want to look at...

http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JAASRealm
 
N

Nigel Wade

Fran said:
I have a web site which will be accessed only from the corporate intranet.

request.getRemoteUser() returns null, therefore, authentication has
not been enabled.
Click to expand...

That means the user has not been authenticated against the web server.
I want to be able to get hold of the Windows 2000 login id of the
person invoking my JSP in their web browser. Given that the version of
Tomcat I am using is running on a Windows 2000 box, I would have
assumed that the web container would have an in-built implementation
of getRemoteUser tailored to returning the Windows login of any one
connecting to it or their netware login.
Click to expand...

Why on earth would you think that? Tomcat is platform independent.
HTTPServletRequest.getRemoteUser() has nothing whatsoever to do with a
users authentication on the client, it's to do with the users
authentication to the server. How do you suppose your assumption would work
if the user isn't logged into Windows or Netware? The server has no idea
whatsoever what authentication mechanism the user was required to go
through to access the client, nor should it have. On my PDA I don't have a
userid...
I have searched, but haven't managed to find a simple means of
enabling this kind of authentication. Surely, this should be a basic
feature of a web server i.e. click a checkbox, or set a property in an
xml file.
Click to expand...

No, definitely not. Authentication to the server should be totally
independent of authentication on the client. How could the authentication
of my client here possibly be in any way linked to some independent web
server on the internet?

What you are looking for is a Windows specific mechanism. I doubt you'll
find any solution in Tomcat/Java, which are platform independent.
Maybe .Net can provide you with the service you want.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Servlet authentication on Tomcat 5.5.7 1
JSP, Servlets 9
Help!!! Who's calling my JSP? 4
Custom Authentication 1
jsp authentication redirect tomcat 1
JSP and Ajax 3
JSP not working with Windows 7 2
JSP Web-Development [newbie] 32

Members online

Total: 45 (members: 1, guests: 44)
Robots: 216

Forum statistics

Threads
473,774
Messages
2,569,598
Members
45,145
Latest member
web3PRAgeency

Latest Threads

Top