Let me ask, what maybe a stupid question now, but when I print out the enumeration value of the request header names, see below, using request.getHeaderNames() should the user be listed as one of the headers which is passed on from the ISAPI filter:
=== MimeHeaders === accept = */* accept-language = en-us connection = Keep-Alive host = localhost user-agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2) authorization = NTLM TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP accept-encoding = gzip, deflate content-length = 0 Thank you. -----Original Message----- From: Pid [mailto:p...@pidster.com] Sent: Wednesday, June 23, 2010 6:52 AM To: Tomcat Users List Subject: Re: Still having problem retrieving user value from ISAPI Filter for authentication On 23/06/2010 10:45, Rainer Jung wrote: > On 23.06.2010 09:51, Pid wrote: >> On 23 Jun 2010, at 02:40, Rainer Jung<rainer.j...@kippdata.de> wrote: >> >>> On 22.06.2010 21:59, Marc Boorshtein wrote: >>>>> >>>>> Unless you are going to authenticate via one of Tomcat's >>>>> authentication methods; BASIC, FORM, etc, then getRemoteUser() is >>>>> going to return null. >>>>> >>>>> You'll need to add a security constraint, login-config and >>>>> security-role to your web.xml to test getRemoteUser(); in just Tomcat. >>>>> >>>> >>>> This shouldn't be the case since she put tomcatAuthentication="false" >>>> tomcat should be taking the username from the JK_REMOTE_USER >>>> attribute. >>>> >>>> Have you tried a wireshark packet capture? >>> >>> The log file of the ISAPI redirector she presented already contains >>> a dump of the AJP packet the redirector is going to send out. The >>> dump shows the correct user string contained in the packet. >>> >>> I've got no idea what's wrong here. >> >> Would you expect the user value normally to be set as another >> (REMOTE_USER type) header by ISAPI? > > No, it gets send as an AJP specific request attribute that the AJP > connectors know about. It's not an HTTP header. OK, and I'm guessing that if there was a way to get the AJP connector to dump those attributes you'd have said so by now. p > Regards, > > Rainer > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
