Setting REMOTE_USER in JSP

We're attempting to front Web software we've purchased from a vendor with our organization's single-signon authentication. Their software expects the CGI environment variable REMOTE_USER to be set in JSP to a user ID before we forward control to their welcome page. (Their technical manual describes it only in this way: "...the HTTP response object should populate the remote user attribute with the username of the authenticated user.") Getting this value is easy but we haven't found a straightforward method in Google searches of setting it开发者_运维问答. We're confident it's possible. Thanks for any suggestions.

You can't set the CGI variable REMOTE_USER yourself programmatically. This is a webserver-controlled variable which is based on the user name as extracted from the Authorization HTTP request header. The original header is to be set by the client (webbrowser) after the client has entered the credentials for HTTP basic authentication.

I only don't understand what the manual means with setting an attribute in the HTTP response. It doesn't make sense. Setting it as a custom attribute on the request would make a bit more sense if it's a Java Servlet based API.

request.setAttribute("REMOTE_USER", "some user ID");

After forwarding (not redirecting!), it'll be available to the forwarded resource.

But still, this makes very little sense. I'm wondering if you don't actually mean "redirecting" or maybe "proxying" instead of "forwarding", but you usually wouldn't use JSP for this since that's part of the response and thus may malform it. A servlet is the right place.