users@glassfish.java.net

Re: http authentification and access log

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Wed, 03 Jun 2009 11:19:20 -0700

On 06/ 3/09 08:26 AM, glassfish_at_javadesktop.org wrote:
> Hi,
>
> i am using a HTTP Authentification through a JDBCRealm.
>
> it works !
>
> But, in access log, i do not see the user:
>
> "10.X.X.X "NULL-AUTH-USER" "03/Jun/2009:16:14:16 +0100" "POST /EligTechService/EligTech HTTP/1.0" 200 8869
>
> => NULL-AUTH-USER ?!?! but i
> My configuration:
>
> HTTP-Service => Access Log => format
> I tried with:
> %client.name% %auth-user-name% %datetime% %request% %status% %response.length%
> and then with
> format
>
> same problem, the username is not logged
>
> Did i missed something ?
>
> thank you,
>
> PS:
> i can see the HTTP POST request and the header is here:
> Authorization: Basic XXXXXX=
>

This is working for me as expected. I just tried it with FORM and BASIC
authentication, and the authenticated user is getting logged correctly when
specifying "%auth-user-name%" in the access-log pattern in domain.xml.

The access logging implementation determines the id of the authenticated
user by calling HttpServletRequest#getRemoteUser.

Are you sure you're authenticated?

The mere presence of any "Authorization: Basic ..." header in the
request does
not imply that the user name and password provided by the client, and
transmitted via this header, are correct.


Jan

> [Message sent by forum member 'dakol' (dakol)]
>
> http://forums.java.net/jive/thread.jspa?messageID=348929
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>