It's not a secret anymore!*
The moose likes EJB and other Java EE Technologies and the fly likes getRemoteUser disappears Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "getRemoteUser disappears" Watch "getRemoteUser disappears" New topic
Author

getRemoteUser disappears

evodas
Greenhorn

Joined: Jun 13, 2003
Posts: 3
Problem:
I have some pretty simple JSPs and Servlets...no EJBs. I use LDAP as a container managed authenticator. It's worked fine until recently.
I'm certain nothing significant has changed on the Appserver side. Of course, I would not bet my child on it. Nevertheless, what happens suggests its still partially working.
The login pop-up still works and prevents unauthorized logins. And (this is the bugger) in the first jsp invoked (an index.jsp from a welcome config) successfully acquires the uid from getRemoteUser(). EVERY SUBSEQUENT CALL TO GETREMOTEUSER() RETURNS NULL!
I can invoke any other app object on startup except the index.jsp and the security is bypassed. I've attached the relevant portion of my web.xml below.
Any ideas would be vastly appreciated. Thank, joe

<security-constraint>
<web-resource-collection>
<web-resource-name>Access Control</web-resource-name>
<description></description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>All Users</description>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<description>Restrict Access to authenticated users</description>
<role-name>user</role-name>
</security-role>
I am using the following platform/tech:
-Websphere 5.0 appserver on Win2k
-Domino 5.0.11 LDAP server and directory (i.e., Notes)
WS Global Security Configuration:
Active Authentication Mechanism: SWAM
WS LDAP User Registry Configuration:
"Custom" LDAP user registry configuration, as the Domino one never seemed to work
User Filter (&(uid=%v)(objectclass=dominoPerson))
Group Filter (&(cn=%v)(objectclass=dominoGroup))
User ID Map dominoPerson:shortname
Group ID Map *:cn
Group Member ID Map dominoGroup:member
Certificate Map Mode EXACT_DN
Certificate Filter none
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: getRemoteUser disappears
 
Similar Threads
Sample web.xml.. may be useful for SCWCD Ranchers
J2EE Security
EJB and Security (JAAS)
securing ejb application depolyed in glassfish V3 using ldap realm that points to active directory
Configure JNDI Realm