Getting a value from HttpServletRequest.getRemoteUser() in Tomcat without modifying application

(Using Java 6 and Tomcat 6.)

Is ther开发者_如何学运维e a way for me to get HttpServletRequest.getRemoteUser() to return a value in my development environment (i.e. localhost) without needing to modify my application's web.xml file?

The reason I ask is that the authentication implementation when the app is deployed to a remote environment is handled by a web server and plugged-in tool. Running locally I obviously do not have the plugged-in tool or a separate web server; I just have Tomcat 6. I am trying to avoid adding code to my application merely to support development on my localhost.

I am hoping there is a modification I can make to the context.xml or server.xml files that will let me set the remote user ID or that will try to pull it from a HTTP header or something.

Here is a proof of concept Valve implementation which does it:

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.ServletException;

import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.valves.ValveBase;

public class RemoteUserValve extends ValveBase {

    public RemoteUserValve() {
    }

    @Override
    public void invoke(final Request request, final Response response)
            throws IOException, ServletException {
        final String username = "myUser";
        final String credentials = "credentials";
        final List<String> roles = new ArrayList<String>();

            // Tomcat 7 version
        final Principal principal = new GenericPrincipal(username, 
                            credentials, roles);
            // Tomcat 6 version:
            // final Principal principal = new GenericPrincipal(null, 
            //              username, credentials, roles);


        request.setUserPrincipal(principal);

        getNext().invoke(request, response);
    }

}

(Tested with Tomcat 7.0.21.)

Compile it, put it inside a jar and copy the jar to the apache-tomcat-7.0.21/lib folder. You need to modify the server.xml:

<Host name="localhost"  appBase="webapps"
    unpackWARs="true" autoDeploy="true">

    <Valve className="remoteuservalve.RemoteUserValve" />
...

I suppose it works inside the Engine and Context containers too.

More information:

• The Valve Component
• Valve javadoc

Use a local, file-based realm for testing. Check your conf/tomcat-users.xml and create roles and users for your application and enable the security constraints in your web.xml. There are good examples in the tomcat-users.xml.