[thelist] LOGON_USER in JSP

david.landy at somerfield.co.uk david.landy at somerfield.co.uk
Tue Feb 10 02:38:33 CST 2004

Yes, it's Windows-native. It picks up the already-logged-on windows user and
passes it as a system variable to ASP, which is handy, as the user doesn't
have to log in again.

I've looked at all the HTTP headers and cookies (I think - see below), and
sadly no user information is passed... there is an environment variable with
the logged-on user but given that getenv() is deprecated I'm beginning to
think that - sadly - there really *is* no way of doing this in JSP, and I'll
have to ask the user to log in again, and keep my own tables of user id's
and logins.

Any ideas, anyone? Suggestions very welcome.



Cookie[] cookies = request.getCookies();
for (int n = 0; n < cookies.length; n++)
    Cookie cookie = cookies[n];
    out.print("Cookie: " + cookie.getName() + ":'");
    out.println(cookie.getValue() + "'<br>");

Enumeration headers = request.getHeaderNames();
while (headers.hasMoreElements()) {
    String header=(String)headers.nextElement();
    out.print("Header: " + header + ":'");
    out.println(request.getHeader(header) + "'<br>");


Cookie: JSESSIONID:'65C45F3D82FFBCF525C97772E8EE4E46'
Header: accept:'*/*'
Header: referer:'http://localhost/'
Header: accept-language:'en-gb'
Header: accept-encoding:'gzip, deflate'
Header: user-agent:'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)'
Header: host:'localhost:8080'
Header: connection:'Keep-Alive'
Header: cache-control:'no-cache'
Header: cookie:'JSESSIONID=65C45F3D82FFBCF525C97772E8EE4E46'

David Landy, IT Consultant
Business Intelligence
+44 (0) 117-301-8977
david.landy at somerfield.co.uk <mailto:david.landy at somerfield.co.uk>    

-----Original Message-----
From: Hassan Schroeder [mailto:hassan at webtuitive.com]
Sent: Monday, 09 February 2004 15:46
To: thelist at lists.evolt.org
Subject: Re: [thelist] LOGON_USER in JSP

david.landy at somerfield.co.uk wrote:

> Thanks Hassan. I've tried using request.getRemoteUser() in my JSP script
> it returns null.

Oops, belated realization -- is the "LOGON_USER" you mentioned in
your original mail from some Windows-native authentication? Because
getRemoteUser() being non-null depends on your having authenticated
with Tomcat's own methods.

So how does the LOGON_USER value work in an IE/ASP environment? Is
it passed in an HTTP header? through a cookie? If either, you can
access those, using methods of HttpServletRequest.

Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

                           dream.  code.

* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 
If you are not the intended recipient of this e-mail, please preserve the
confidentiality of it and advise the sender immediately of any error in
transmission. Any disclosure, copying, distribution or action taken, or
omitted to be taken, by an unauthorised recipient in reliance upon the
contents of this e-mail is prohibited. Somerfield cannot accept liability
for any damage which you may sustain as a result of software viruses so
please carry out your own virus checks before opening an attachment. In
replying to this e-mail you are granting the right for that reply to be
forwarded to any other individual within the business and also to be read by
others. Any views expressed by an individual within this message do not
necessarily reflect the views of Somerfield.  Somerfield reserves the right
to intercept, monitor and record communications for lawful business

More information about the thelist mailing list