4 Replies Latest reply on Feb 19, 2015 8:10 PM by swd847

Wildfly 8.2.0.Final HttpRequest.getAuthType() and HttpRequest.getRemoteUser() return null in servlets

gerry.matte Feb 16, 2015 9:16 PM

Hello.

I have been trying to implement a SnoopServlet program on Wildfly 8.2.0.Final.

I've been using it for years with multiple versions of jboss.

When I implemented it with Wildfly 8.2.0.Final I discovered that it no longer can retrieve the HttpRequest RemoteUser name even though I was previously successfully challenged and authenticated when attempting to view a protected XHTML page.

Has anyone else encountered problems with using these methods in an HttpServlet ?

My servlet code is :

	out.println("request properties (methods of the HttpRequest):");
	out.println("Request Is Secure: " + request.isSecure());
	out.println("Auth Type: " + request.getAuthType());
	out.println("HTTP Method: " + request.getMethod());
	out.println("Remote User: " + request.getRemoteUser());
	out.println("Request URI: " + request.getRequestURI());
	out.println("Context Path: " + request.getContextPath());
	out.println("Servlet Path: " + request.getServletPath());
	out.println("Path Info: " + request.getPathInfo());
	out.println("Path Trans: " + request.getPathTranslated());
	out.println("Query String: " + request.getQueryString());

and the output is:

request properties (methods of the HttpRequest):

Request Is Secure: false

Auth Type: null

HTTP Method: GET

Remote User: null

Request URI: /JbossTests7/SnoopServlet

Context Path: /JbossTests7

Servlet Path: /SnoopServlet

Path Info: null

Path Trans: null

Query String: null

1. Re: Wildfly 8.2.0.Final HttpRequest.getAuthType() and HttpRequest.getRemoteUser() return null in servlets

swd847 Feb 17, 2015 4:07 AM (in response to gerry.matte)

How are you performing authentication?
1 of 1 people found this helpful
Actions
2. Re: Wildfly 8.2.0.Final HttpRequest.getAuthType() and HttpRequest.getRemoteUser() return null in servlets

gerry.matte Feb 17, 2015 10:03 AM (in response to swd847)

BASIC authentication configured in Web. Xml
The wildfly security domain uses the same DatabaseLoginModule I used with JBoss AS7.1

With AS7, the behaviour was identical before I went to protected pages and authenticated. After I did so, AuthType displayed BASIC and RemoteUser showed the user name.
Actions
3. Re: Wildfly 8.2.0.Final HttpRequest.getAuthType() and HttpRequest.getRemoteUser() return null in servlets

gerry.matte Feb 19, 2015 6:22 PM (in response to swd847)

It took me a while to realise that your question was key to the symptoms I was seeing.
The methods used in my SnoopServlet program to retrieve AuthType and RemoteUser only worked when I was using FORM based authentication [or more accurately those method calls failed with BASIC authentication]

When I realised my former Jboss AS 7.1.1.Final implemented the webapp's security using a login form and I changed my Wildfly webapp to also use a login form, the output is now:
request properties (methods of the HttpRequest):
Request Is Secure: false
Auth Type: FORM
HTTP Method: GET
Remote User: xxx@gerrymate.ca
Request URI: /JbossTests7/SnoopServlet
Context Path: /JbossTests7
Servlet Path: /SnoopServlet
Path Info: null
Path Trans: null
Query String: null

Thanks for taking time to reply Stuart.
Actions
4. Re: Wildfly 8.2.0.Final HttpRequest.getAuthType() and HttpRequest.getRemoteUser() return null in servlets

swd847 Feb 19, 2015 8:10 PM (in response to gerry.matte)

Either way, it should still work with basic auth. It would be good to understand why it was not, as it sounds like a bug.
Actions

Go to original post