Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Tomcat programmed authentication

Posted on 2004-04-21
Medium Priority
Last Modified: 2007-12-19
How can I programmatically set a user in the Tomcat container?  My scenario is that I want to send a 1024-bit key to a user.  That user will give that key to a specific servlet.  That servlet will take that key and lookup user information.   I want to then let Tomcat know who the user is so that request.getRemoteUser() will work on subsequent page loads.

Question by:mjschehl
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 10886891
There's no way to programmatically set the user (e.g. request.setRemoteUser), but if you need to, you can just use a session variable to let yourself know that this user is "ok."

Expert Comment

ID: 10886924
For a servlet container, with Tomcat 3.2.1  It
provides the ability to create custom "request interceptors" which allow you
to substitute your own security model into the servlet framework.   Tomcat
comes with two pre-built request interceptors already:

SimpleRealm -- which uses a tomcat-users.xml file found in
<tomcat-root>/conf to statically load users, groups, and roles upon Tomcat

JDBCRealm -- which works in a similar fashion but uses a JDBC data source as
a back-end.

Author Comment

ID: 10889285

How would I set the Remote User in a filter when I use custom "request interceptor"?  

I actually already programmed my own realm, so that would be great if I can just update it to set the remote user programmatically.
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

LVL 23

Expert Comment

ID: 10911514

Author Comment

ID: 10918180


I looked at that pdf.  I couldn't find anything that applies to my question, though.  What page or section does it say how to programmatically login a user into Tomcat?


Author Comment

ID: 10918201

Well, I found out how to do it by asking on the Tomcat User mailing list.  The answer is to use a Tomcat Valve.

LVL 15

Expert Comment

ID: 11761438
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:

    PAQ - refund

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Accepted Solution

modulo earned 0 total points
ID: 11800476
PAQed, with points refunded (500)

Community Support Moderator

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month12 days, 5 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question