Geek Answers Handbook

Accessing a username using getRemoteUser () when using a custom authentication filter

Short version: How do I get HttpServletRequest.getRemoteUser() to return a username when I use a custom authentication filter?

Long version:

I am modifying a Tomcat application that currently uses declarative protection (web.xml and tomcat-users.xml) instead of using a custom (written by me) authentication filter (derived from javax.servlet.Filter). There is a lot of information on how to do this, and it looks very simple.

However, an existing application calls HttpServletRequest.getRemoteUser() , and I assume that if I don't do something to set this property in my filter, it will return null. I can not find information on how to populate the getRemoteUser() property in the filter (no setRemoteUser() ). I found a message there in which it is recommended to wrap the request object in a filter. I will do this if necessary, but I hope it will be a less invasive way to achieve this.

Can anyone help?

+2
java servlets servlet-filters
source share
1 answer

Yes, the only way to change the HttpServletRequest or HttpServletResponse is to decorate it and provide your own implementation for the methods of interest by overriding them. This is a standard template with authentication filters, and it is the target of the HttpServletRequestWrapper (response instance of the HttpServletResponseWrapper response). We do this in such a way as to wrap the request for keroxization, as shown below.

 public class KerbHttpServletRequest extends HttpServletRequestWrapper { private Principal myPrincipal; private String myAuthType; public KerbHttpServletRequest(HttpServletRequest aRequest, Principal aPrincipal, String aAuthType) { super(aRequest); myPrincipal = aPrincipal; myAuthType = aAuthType; } /** * This method returns the Remote User name as user\@domain.com. */ @Override public String getRemoteUser() { return myPrincipal.getName(); } @Override public String getAuthType() { return myAuthType; } @Override public Principal getUserPrincipal() { return myPrincipal; } }
+2
source share

More articles:


All Articles