7 Replies Latest reply on Dec 12, 2002 10:51 AM by simon.nicholls

getRemoteUser() returns null for some URLs but not others

wwheeler1464 Dec 8, 2002 10:39 PM

I'm having some trouble with my JBoss 3.0.3/Tomcat 4.1.12 bundle regarding basic authentication. The web app has two pages, one that's protected by a security constraint and one that's not. When I point the browser to the protected page, the browser makes me login, which is what I want, and HttpServletRequest.getRemoteUser() returns the right user ID. But if I return to the unprotected page, in the same session, getRemoteUser() returns null! Both requests occur in the same servlet context (I checked) and the same HTTP session (I checked). Can anybody think of what might be going on?

Thanks,
Willie

1. Re: getRemoteUser() returns null for some URLs but not other

wwheeler1464 Dec 9, 2002 3:33 PM (in response to wwheeler1464)

I found some info on this. If anybody else runs into the problem, here's the explanation:

http://www.geocrawler.com/mail/thread.php3?subject=%5BJBoss-user%5D+bundled+tc4%2Fjetty+not+remembering+previous+authentication+in+single+session&list=10767
Actions
2. Re: getRemoteUser() returns null for some URLs but not other

wwheeler1464 Dec 9, 2002 3:35 PM (in response to wwheeler1464)

I found some info on this. If anybody else runs into the problem, here's the explanation:

http://www.geocrawler.com/mail/thread.php3?subject=%5BJBoss-user%5D+bundled+tc4%2Fjetty+not+remembering+previous+authentication+in+single+session&list=10767
Actions
3. Re: getRemoteUser() returns null for some URLs but not other

wwheeler1464 Dec 9, 2002 3:48 PM (in response to wwheeler1464)

I found something:

http://www.geocrawler.com/mail/thread.php3?subject=%5BJBoss-user%5D+bundled+tc4%2Fjetty+not+remembering+previous+authentication+in+single+session&list=10767
Actions
4. Re: getRemoteUser() returns null for some URLs but not other

wwheeler1464 Dec 9, 2002 3:49 PM (in response to wwheeler1464)

I found something:

http://www.geocrawler.com/mail/thread.php3?subject=%5BJBoss-user%5D+bundled+tc4%2Fjetty+not+remembering+previous+authentication+in+single+session&list=10767
Actions
5. Re: getRemoteUser() returns null for some URLs but not other

wwheeler1464 Dec 9, 2002 3:50 PM (in response to wwheeler1464)

Hm, I keep trying to reply to this message to give everyone a URL and it won't post...argh...
Actions
6. Re: getRemoteUser() returns null for some URLs but not other

simon.nicholls Dec 10, 2002 9:40 AM (in response to wwheeler1464)

Hey thanks for the link!

I guess us app developers have to secure every page in that case. Ok, so how do I give a user browsing a page for the first time a default role of "guest", without them having to log in - that'll solve it! Any takers? :-)

I love JBoss, but I doubt that being able to access the remote user info under non-protected resources wouldn't also be legitimate - plus a whole lot more useful.
Actions
7. Re: getRemoteUser() returns null for some URLs but not other

simon.nicholls Dec 12, 2002 10:51 AM (in response to wwheeler1464)

Anyways...for now I'll use a filter mapped to jsps that gets the Auth info from the session and chucks it in a subclassed HttpServletRequestWrapper to suit the isUserInRole etc needs. People having success this way?
Actions

Go to original post