在 JSP 中设置 REMOTE_USER
我们正在尝试使用我们组织的单点登录身份验证来保护从供应商处购买的 Web 软件。他们的软件期望在我们将控制转发到他们的欢迎页面之前,在 JSP 中将 CGI 环境变量 REMOTE_USER 设置为用户 ID。 (他们的技术手册仅以这种方式描述它:“...HTTP响应对象应该使用经过身份验证的用户的用户名填充远程用户属性。”)获取这个值很容易,但我们还没有找到一个简单的方法谷歌搜索设置它。我们有信心这是可能的。感谢您的任何建议。
We're attempting to front Web software we've purchased from a vendor with our organization's single-signon authentication. Their software expects the CGI environment variable REMOTE_USER to be set in JSP to a user ID before we forward control to their welcome page. (Their technical manual describes it only in this way: "...the HTTP response object should populate the remote user attribute with the username of the authenticated user.") Getting this value is easy but we haven't found a straightforward method in Google searches of setting it. We're confident it's possible. Thanks for any suggestions.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您无法以编程方式自行设置 CGI 变量
REMOTE_USER。这是一个网络服务器控制的变量,基于从授权HTTP 请求标头。原始标头由客户端(Web 浏览器)在客户端输入 HTTP 基本身份验证的凭据后设置。我只是不明白手册中在 HTTP 响应中设置属性的含义。这没有道理。如果它是基于 Java Servlet 的 API,则将其设置为请求上的自定义属性会更有意义。
转发(不是重定向!)后,它将可供转发的资源使用。
但这仍然没有什么意义。我想知道您是否实际上意味着“重定向”或可能是“代理”而不是“转发”,但您通常不会为此使用 JSP,因为这是响应的一部分,因此可能会导致响应错误。 servlet 是正确的地方。
You can't set the CGI variable
REMOTE_USERyourself programmatically. This is a webserver-controlled variable which is based on the user name as extracted from theAuthorizationHTTP request header. The original header is to be set by the client (webbrowser) after the client has entered the credentials for HTTP basic authentication.I only don't understand what the manual means with setting an attribute in the HTTP response. It doesn't make sense. Setting it as a custom attribute on the request would make a bit more sense if it's a Java Servlet based API.
After forwarding (not redirecting!), it'll be available to the forwarded resource.
But still, this makes very little sense. I'm wondering if you don't actually mean "redirecting" or maybe "proxying" instead of "forwarding", but you usually wouldn't use JSP for this since that's part of the response and thus may malform it. A servlet is the right place.