(Using Java 6 and Tomcat 6.)
Is ther开发者_如何学运维e a way for me to get HttpServletRequest.getRemoteUser()
to return a value in my development environment (i.e. localhost) without needing to modify my application's web.xml file?
The reason I ask is that the authentication implementation when the app is deployed to a remote environment is handled by a web server and plugged-in tool. Running locally I obviously do not have the plugged-in tool or a separate web server; I just have Tomcat 6. I am trying to avoid adding code to my application merely to support development on my localhost.
I am hoping there is a modification I can make to the context.xml or server.xml files that will let me set the remote user ID or that will try to pull it from a HTTP header or something.
Here is a proof of concept Valve
implementation which does it:
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.valves.ValveBase;
public class RemoteUserValve extends ValveBase {
public RemoteUserValve() {
}
@Override
public void invoke(final Request request, final Response response)
throws IOException, ServletException {
final String username = "myUser";
final String credentials = "credentials";
final List<String> roles = new ArrayList<String>();
// Tomcat 7 version
final Principal principal = new GenericPrincipal(username,
credentials, roles);
// Tomcat 6 version:
// final Principal principal = new GenericPrincipal(null,
// username, credentials, roles);
request.setUserPrincipal(principal);
getNext().invoke(request, response);
}
}
(Tested with Tomcat 7.0.21.)
Compile it, put it inside a jar and copy the jar to the apache-tomcat-7.0.21/lib
folder. You need to modify the server.xml
:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="remoteuservalve.RemoteUserValve" />
...
I suppose it works inside the Engine
and Context
containers too.
More information:
- The Valve Component
- Valve javadoc
Use a local, file-based realm for testing. Check your conf/tomcat-users.xml
and create roles and users for your application and enable the security constraints in your web.xml. There are good examples in the tomcat-users.xml
.
精彩评论