This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Authentication and Authorization Problems with IIS 6 and Jrun 4  RSS feed

Savin John
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I am using IIS 6 with JRun 4 as my app server, and I am having problems trying to get authentication and role authorization with Windows Integrated Authentication to work. I have set up IIS 6 to pass-through the authentication credentials to Jrun, without using an anonymous user. What I have done is written a small test servlet that displays the username of the logged in user, and then tries to check if a user is in a test role that I set up in my database. I have specified that a roles table is to be used by specifying a JDBCLoginModule in Jrun's auth.config file. The code for the servlet is below:

1. What I am seeing is that when request.getRemoteUser() is called, the username information is what I expect it to be. It is of the form <Domain>\<Username>. When I try to redisplay the username using the request object's Principal object, the call to request.getUserPrincipal() returns null. This is a little confusing to me since I thought that essentially getRemoteUser() was a short cut for calling getUserPrincipal().getName(), and if I get something for getRemoteUser, getUserPrinicipal should return something as well. I guess they work differently at some level. Has anyone ever encountered this before?

2. When I call request.isUserInRole("Test_Role"), it returns false. I've checked the role name being called for typos in both my database and in the code, and that does not seem to be the case. I think the setup in auth.config is properly configured because I have created many other applications using declaritive FORM based authentication, and the role information was retrieved fine from the database. I would think that when I use request.isUserInRole in my servlet code it would use the same role information, but I could be wrong since this is a different type of authentication. Do you think that the reason request.isUserInRole() is returning false could be tied to the fact that request.getUserPrincipal() is returning null (even though getRemoteUser() is returning a valid username)? How does request.isUserInRole() get its user information, by using getUserPrincipal().getName() or getRemoteUser()?

Any help that is provided is appreciated. Thanks in advance.
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!