1 Reply Latest reply on Mar 4, 2002 10:25 AM by Colin Yates

    Find out which *apache* user logged in

    Colin Yates Newbie


      I have a web application that will be serving 600~MB of static info as well as dynamic JSPs.

      Rather than store the 600M static site in an EAR file I thought I would have Apache serve it. The problem is that the whole things needs to be username/password protected.

      The strategy I was going to use was to have Apache do the authentication and then have the JSPs get hold of that username/password to do authorisation.

      Is that possible? Is there a better way.

      At the moment I have an exploded EAR file which contains the static stuff.

      If I cannot integrate JBOSS security with Apache then how would I define a whole context "/myapp" to be username/password protected with the username/password coming from a DB?

      By the way I am using integrate Jetty not tomcat


        • 1. Re: Find out which *apache* user logged in
          Colin Yates Newbie

          I hate replying to my own posts :)

          I set up a directory secured under apache using the auth_anon mod. Set the index.html to redirect to a logon.jsp. The logon.jsp looks in the Authorization header (request.getHeader("Authorization")).

          If the user has authenticated, this will return something of the form "BASIC jksdhfksdhfkjsdhkfjsdhjkfhsdkjfh" where the rubbish is the Base64 encoded version of "username:password".

          The problem with this is that the browser asks for the username and password and remembers it until you close the browser!!!!

          If anyone wants any more info please contact me: colin.yates@ntlworld.com