Geek Answers Handbook

Why request.getRemoteUser () sometimes returns a tomcat windows service account

I am trying to get Windows authentication to work with a third-party application developed in conjunction with GWT. I host an application with tomcat on a windows server. I access the site through an IIS proxy (installed after the tomcat documentation).

If I modify .jsp webapp to display "<% = request.getRemoteUser ()%>", I get the username that I am jumping into, my Windows account.

But webapp authenticates me with the account on which I installed the Windows Tomcat service on the server.

In the (decompiled) webapp source code, I see a call to exactly the same "request.getRemoteUser ()", so I wonder where the difference might be.

Here are the decompiled classes:

import javax.servlet.http.HttpServletRequest; public class RemoteUserLoginProvider extends BaseRequestLoginProvider { public String extractLoginFromRequest(HttpServletRequest request) { return request.getRemoteUser(); } }

AND:

 import com.google.inject.Inject; import com.google.inject.Provider; import javax.servlet.http.HttpServletRequest; public abstract class BaseRequestLoginProvider implements Provider<String> { @Inject private Provider<HttpServletRequest> requestProvider; public abstract String extractLoginFromRequest(HttpServletRequest paramHttpServletRequest); public String get() { HttpServletRequest request = (HttpServletRequest)this.requestProvider.get(); String userlogin = extractLoginFromRequest(request); return userlogin; } }

Could my problem be related to this error in google guice: https://github.com/google/guice/issues/780 ?

If so, is there any work?

+8
java tomcat iis gwt windows-authentication
source share
1 answer

HttpServletRequest.getRemoteUser() usually returns only the same value as the CGI REMOTE_USER variable, which is the username from basic HTTP authentication. It looks like you want this to be a different value, which means that something is HttpServletRequest object. Most likely, this is achieved using a servlet filter.

If the Guice error is the culprit, it's easy enough to get GuiceFilter : just make sure that GuiceFilter installed after the filter validates the request and modifies the HttpServletRequest object.

As a rule, I don’t think that changing this query is a good idea, precisely because it is so difficult to debug when something goes wrong. If instead you had an @RequestScoped provider that @RequestScoped values ​​(s) that you want to retrieve from the request and did some kind of authentication, you could instead use the user information by injecting dependencies. Or, more generally: always prefer to create new (preferably immutable) values ​​rather than mutate existing objects - this makes the control flow much easier to reason about.

0
source share

More articles:


All Articles