I’m using jax-rs (jersey) to create a website / web-service that other users can

Question

0

Asked: May 31, 20262026-05-31T14:46:41+00:00 2026-05-31T14:46:41+00:00

I’m using jax-rs (jersey) to create a website / web-service that other users can

0

I’m using jax-rs (jersey) to create a website / web-service that other users can access, and I have come to the point where adding authentication / authorization is a necessity; so that I can use the security annotations, I have implemented a javax.servlet.Filter whose url-pattern is */.

Apache is running in front of my tomcat instance, verifying credentials and passing the REMOTE_USER header to my web-service so I can determine what resources a user has access to. My problem is that regardless of what request object I look at, I see no REMOTE_USER header; I’ve also tried injecting the Request with the @Context param, but to no avail.

Please help me.

web.xml:

<web-app ...>
<display-name>ws</display-name>
<filter>
    <filter-name>REST Service</filter-name>
    <filter-class>com.sun.jersey.spi.container.servlet.ServletContainer</filter-class>
    <init-param>
        <param-name>com.sun.jersey.config.property.packages</param-name>
        <param-value>base.resources</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.config.property.JSPTemplatesBasePath</param-name>
        <param-value>WEB-INF/views</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.config.property.WebPageContentRegex</param-name>
        <param-value>/(js|css|(WEB-INF/views))/.*</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
        <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
    </init-param>
</filter>

<filter>
    <filter-name>auth-filter</filter-name>
    <filter-class>base.auth.AuthFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>auth-filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>REST Service</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

filter.java:

    public void doFilter(ServletRequest req, ServletResponse response, FilterChain next) throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;      
    HttpSession session = request.getSession();
    AuthUser userPrincipal = null;
    Object sessionUser = session.getAttribute("user");
    if(sessionUser != null) userPrincipal = (AuthUser) sessionUser;
    else userPrincipal = new AuthUser();

    // load in the user principal
    Enumeration eheaders = req.getAttributeNames();
    while(eheaders.hasMoreElements()){
        System.out.println(eheaders.nextElement().toString());
    }

    String user = (String) req.getAttribute("REMOTE_USER");
...