1

I'm opening a connection to WebService with an URLConnection class. I also set request property for basic authorization like this: 

c.setRequestProperty("Authorization", "Basic " + usernameAndPasswordEncoded);

Where c is an object of type URLConnection. So this is client side of WebService call. Now on server side I need to get username from session: 

User user = (User) request.getSession().getAttribute("user");

But this won't get an username. Also if I look through debug mode, I see an anonymous userName in HttpSession object. What to do to solve this problem, so that username is sent through client to WebService server for authorization?

Thanks everyone!

Improve this question
2
  • 1
    Have you 'secured' this url in the web.xml? Commented Jun 1, 2010 at 8:05
  • No, I didn't. Thank you, I didn't really know I have to. Commented Jun 1, 2010 at 8:27

2 Answers 2

Reset to default
3

On the server end, you need to specify the login method in web.xml. For example,

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>My App</realm-name>
</login-config>

Once you do that, the username should be available using request.getRemoteUser().

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Tnx. I had that, but I didn't have <security-constraint> defined in web.xml file.
0

The servlet specification provides explicit abstractions for that - what you need is request.getRemoteUser()., or perhaps request.getUserPrincipal()

Improve this answer

1 Comment

@zigomir: then the authorization process isn't working out. See if you can find any hints in the server log.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.