Method Call getRemoteUser() Returns Null Value (WebSphere Application Server Version 4.0.1 for z/OS and OS/390)
 Technote (troubleshooting)
 
Problem(Abstract)
The customer was using the Local Redirector Plug-in with the IBM HTTP Server v5.3 to route requests to a J2EE server. The application running in the J2EE server called getRemoteUser() on the request object which returned null. The customer had set up basic authentication in his HTTP Server and could see the REMOTE_USER environment variable being passed to the plug-in in his -vv trace.
 
Cause
The customer had not set up EJBROLEs for his Web application.
 
Resolving the problem
In order for REMOTE_USER to pass through from the HTTP Server address space to the J2EE server address space, you must have an EJBROLE defined to enable security on the Web application. A single EJBROLE, like "AuthorizedUsers", is sufficient to cover everyone that is authorized to access the Web application. RACF instructions for setting up an EJBROLE for a Web application can be found in Chapter 4 of WebSphere Application Server V4.0.1 for z/OS and OS/390: Assembling J2EE Applications, SA22-7836, under the section "Security Roles and Method Permissions". Also, changes must be made to the web.xml and application.xml files for the Web applications's EAR file. For example, the following tags need to be updated or added for configuring BASIC authentication (as opposed to Form-Based authentication) in a Web application:
  • You must add a security-constraint and login-config tag to your web.xml file.
    Here is an example of each of these tags:

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>manager</role-name>
    </auth-constraint>
    </security-constraint>

    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Example Basic Authentication Area</realm-name>
    </login-config>
  • You must also add a security-role tag to your application.xml file.
    Here is an example:

    <security-role>
    <description>A manager in the enterprise.</description>
    <role-name>Manager</role-name>
    </security-role>

Once the customer setup his EJBROLE, and added these tags, he was able to access the REMOTE_USER variable in his Web application using a call to getRemoteUser().
 
 
 


Document Information


Current web document: swg21114909.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS > Servlet Engine/Web Container
Operating system(s): z/OS
Software version: 5.0
Software edition:
Reference #: 1114909
IBM Group: Software Group
Modified date: Jun 29, 2004