Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

why is request.getRemoteUser() returning null?

559 views
Skip to first unread message

David Regan

unread,
Jun 28, 2000, 3:00:00 AM6/28/00
to
In my WL 5.1 application I have a redirector servlet. This servlet is in
place
to provide a single secure login point, at which time the user will be
properly
forwarded to a JSP page (which should throw you back to the servlet if you
are
not already authenticated).

The login servlet is registered with a security group in the system, and
properly
prompts the user, at which point he logs in and request.getRemoteUser
returns
his username.

Unfortunately, after he is redirected to a JSP page request.getRemoteUser
returns
null, even though the user is still authenticated (if I go back to the login
servlet
I am not re-prompted for a username/password).

Does anyone have insight into why this is not working?
Thanks,
-David

Here are the relevant sections of both the servlet and a JSP page using it

=============================
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
String UserId=new String();
try{
HttpSession session = request.getSession(true);

System.out.println(request.getRemoteUser());
String userId=new String(request.getRemoteUser()); <-returns correct
name
session.putValue("userId", userId);
response.sendRedirect("http://localhost:7001/jsp/foo.jsp");
}catch(Exception e){};
}
(prints out username to the console, forwards the user to the jsp page)

--relevant jsp code-

<%@ page session="true" %>
<% System.out.println("req.getRemoteUser="+request.getRemoteUser()); %>
(prints out null to the console)


paul a. bauerschmidt

unread,
Jun 28, 2000, 3:00:00 AM6/28/00
to
many issues with session-based authentication were fixed in SP3. i'd suggest
upgrading to that and giving it another try.

.paul

David Regan

unread,
Jun 30, 2000, 3:00:00 AM6/30/00
to
I installed SP3 and the problem is still there. For now I have created an
object in my httpSession to 'remember' the user, but this is at best a
bandaid fix since I should just be retrieving this from the HTTP header
(request) and it's definitely in there, otherwise when I went back to my
login servlet it would re-prompt me for a name/password key.

-David

"paul a. bauerschmidt" <paul.bau...@bea.com> wrote in message
news:395A7BA7...@bea.com...

Cameron Purdy

unread,
Jul 13, 2000, 3:00:00 AM7/13/00
to
Because the spec says it can be :-( ... browser-dependent meaning if a
browser could mess it up it would.

Use request.getPrincipal().getName().

Cameron Purdy, LiveWater

"David Regan" <dre...@callidussoftware.com> wrote in message
news:395a...@newsgroups.bea.com...

0 new messages