• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

getRemoteUser

 
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Servlet doc says:
public java.lang.String getRemoteUser()
Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser and type of authentication.
What is this authentication means? Any idea how this exactly takes palce. I would be happy if somebody can give a detailed explanation how this works exactly?
thanks,
Ramdhan YK
 
Ram Dhan Yadav K
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Ranchers,
Seems like no takers for this?
Ramdhan Yadav K
 
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Some discussion re this was in the thread. While I still have to figure it out, basically it means if the remote user has logged-in to our app. server then that remoteUserName will be returned by the method.
Currently I can't spend much time, but will try to get an example asap.
and BTW, what do you expect posting a qstn on Friday @ 5:00 pm..huh!!!
- satya
 
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If u have wrox Jsp Prof. 2nd edition, in chapter 16 there is some information about securitity. But I have not read yet.
Unfortunately at the moment I don't have time. Will post some info later.
Axel
 
Ranch Hand
Posts: 2378
MySQL Database Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ramdhan, i have given a brief description with code in the following thread that i use in the network of my office (the bottom-most one)....
http://www.javaranch.com/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=18&t=000629
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Muhammad:
This is bartender-style.
Thank you
Axel
 
Ashik Uzzaman
Ranch Hand
Posts: 2378
MySQL Database Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
O Axel, i wish i could be....
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if there would be an election for SCWCD - Forum, you could count on my vote.
Printed out war-file explanation and this authentification thread.
Axel
 
Ram Dhan Yadav K
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,
Well, good to find a lot of activity about this topic. Now, after referring to the URL given by Ashik , we have four types of authentication.
(a) HTTP basic authentication,
(b) HTTP digest authentication,
(c) HTTP client or client-cert authentication(through SSL/HTTPS) and
(d) Form-based authentication.
In (a), we have to configure some Realm like LDAP realm for authentication and the webbrowser will automatically prompt you for log in and once you provide the login password, the webserver will provide a mechanism to store the user details in a cookie or some session sort of thing.
In (b), i am not sure how it works exactly.
In (c), the authentication is done using certificate and then i am not sure how server manages the client identity.
In (d), using form based authentication, programatic authentication, or in some server proprietary from specified by Ashik for Tomcat.
Now, my question is how is the method "getRemoteUser()" going to get the client details in all the above cases. In case (a), i can imagine as it is taken care by webserver, but how does the "getRemoteUser()" method get the information in rest of cases.
Am i thinking is stupid way?
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ram,
Server gets getRemoteUserName() from a header line of browser request (Authentification: action of browser-user). Server compares these values with some server-ressource if user is authorisized to access (Authorization).
None of these authentification methods is java-specific. Its HTTP or HTTPS. Form based authentification works - I think - with some tricks on the server. Many Web-Servers have a form-based authentification feature. Even LotusDomino.
The Request.getRemoteUserName() just encapsulates this information send by the browser in a convenien object-oriented way.
here is the sequence for Basic Authentification:
- browser requests a protected ressource
- server responds with 401 (unauthorized) response to chalenge authentification of user
Part of 401 response is "WWW-Authenticate" header, such as WWW-Authenticate: Basic realm="MyRealm"
- Browser reacts by popping up dialog asking to input user name/password. Browser typically caches user-id and password in memory (lost when browser is closed) after the first prompt for a particular realm in a session. So user is not prompted again on subsequent requests.
- upon submission, browser takes these values and Base64 encodes Username:password string and sends it to server along with an authorization header, for example Authorization: Basic WLAERJWRGFKLJS (its encrypted). HE SENDS HIS NAME.
- if username:password is valid for resource HTTP 200 code is returned along with the resource.
- For ressources below the requested path, the browser automatically sends the Authorization header without prompting the user (according to my concept of realm concept).
HTTP Digest Authentification
Seems to functions quite similar, although not very good explained in JSP2.
Server sends random string (called nonce) to browser.
Browser sends authentification username-password as one way hash (MD-5) of username, password, URL, HTTP method. Server creates checksum.
Supported at the moment only in IE5.X. Support for mechanism is NOT mandatory for containers. Perhabs you will find more information on Microsoft sites, if u are interested (please post if you find any results).
Form based authentification
you can deduce from Ashiks post. Quite the same.
HTTPS
later.
Axel
[ January 21, 2002: Message edited by: Axel Janssen ]
 
Ram Dhan Yadav K
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Axel,
Thanks for the explanation. I have been going to through MS&JSP's Declarative Security and Programatic security, still not completed as i am more sleepy these days as i started physical work out also . Well determined to complete the chapters to day and will getback with more information.
 
permaculture is largely about replacing oil with people. And one tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic