Home/ Questions/Q 8530929
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T09:22:04+00:00

Short version: How do I get HttpServletRequest.getRemoteUser() to return the username when I am

  • 0

Short version: How do I get HttpServletRequest.getRemoteUser() to return the username when I am using a custom authentication filter?

Long version:

I am modifying a Tomcat application that currently uses declarative security (web.xml & tomcat-users.xml) to instead use a custom (written by me) authentication filter (derived from javax.servlet.Filter). There is a lot of information out there on how to do this and it looks very straightforward.

However, the existing application makes calls to HttpServletRequest.getRemoteUser(), and I assume that unless I do something to set this property in my filter, it will return null. I cannot find any information on how to populate the getRemoteUser() property in a filter (there is no setRemoteUser()). I found a post out there that recommends wrapping the request object in the filter. I will do this if I have to, but I am hoping there is a less invasive way to accomplish this.

Can anyone help?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, the only way to modify an HttpServletRequest or HttpServletResponse is to decorate it and provide your own implementation for the methods of interest by overriding them. This is a standard pattern with authentication filters and that is the purpose of HttpServletRequestWrapper (the response counterpart is HttpServletResponseWrapper). We do it this way to wrap a kerberized request, as follows

    public class KerbHttpServletRequest extends HttpServletRequestWrapper
{
    private Principal myPrincipal;
    private String myAuthType;

    public KerbHttpServletRequest(HttpServletRequest aRequest,
        Principal aPrincipal,
        String aAuthType)
    {
        super(aRequest);
        myPrincipal = aPrincipal;
        myAuthType = aAuthType;
    }

    /**
     * This method returns the Remote User name as user\@domain.com.
     */
    @Override
    public String getRemoteUser()
    {
        return myPrincipal.getName();
    }

    @Override
    public String getAuthType()
    {
        return myAuthType;
    }

    @Override
    public Principal getUserPrincipal()
    {
        return myPrincipal;
    }
}
    • 0