"TeCh" <Te**@spelletjesgarnaal.be> wrote in message news:<pa****************************@spelletjesgar naal.be>...
The getUserInfo() method is a method of the URL class, but apparently
there's no way to get a URL object out of a servlet request :-(.
Google told me that
a method from the HttpUtils class should give me the full url but it
doesn't work for me.
On Mon, 10 Nov 2003 00:30:54 -0800, DaiIchi wrote: What class/package is getUserInfo() in? I viewed the page request over
port 80 and didn't see the browser transmitting the username/password
pair.... so I assume that it is inaccesible in an HTTP session. I hope I
was wrong.
Ah, that explains it. I now know what you were proposing. But even
if request.getRequestURL() (for example) returned a URL object, the
getUserInfo() would have been meaningless. Try this:
import java.io.*;
import java.net.*;
public class test {
public static void main(String args[]) throws Exception {
ServerSocket ssocket = new ServerSocket(80);
Socket s = ssocket.accept();
InputStream is = s.getInputStream();
int ch = 0;
while ( (ch = is.read()) != -1) {
System.out.print((char) ch);
}
}
}
Run it... and then open a browser an type the URL:
http://somepretendusername@localhost
You should see:
GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4)
Gecko/20030624
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Notice how "somepretendusername" is *nowhere* in the browser-to-client
dialogue? So this portion of the username (and password) portion of a
URL is not passed to a web server in an HTTP exchange. Hence, Java
would have no way to even form a URL object with a working
getUserInfo() from the data above.
This is not a flaw of Java, as I said, it appears to be an issue with
the HTTP specification: even though username/password is a valid
formation of a URL, it isn't being passed by any of the browsers I
have (Mozilla or Internet Explorer). It would have been really useful
to me if it worked, though.