> Try the attached patch for apache2 mod_cosign 3.2.0. Ideally, it will
> force mod_cosign to run ahead of mod_rewrite. If it doesn't work, we can
> look at a patch that allows the administrator to specify a prefix for the
> environment variables set by mod_cosign.
>
Looks like it works. You have to use the "ENV" namespace, e.g.
RewriteRule .* - [E=AJP_COSIGN_FACTOR:%{ENV:COSIGN_FACTOR}]
The look-aheads (LA-U, LA-F) don't work.
RewriteRule .* - [E=AJP_KRB5CCNAME:%{LA-U:KRB5CCNAME}]
RewriteRule .* - [E=AJP_COSIGN_SERVICE:%{LA-F:COSIGN_SERVICE}]
(switch them to ENV and they do).
I kinda think the right solution would be to figure out what needs to
happen to make it work with mod_rewrite (lookahead?). Then you can use
rewrite to do whatever you want with them (make new variables, turn them
into headers, etc).
I think that allowing the site to specify a prefix for the mod_cosign
variables would only be partially helpful. The REMOTE_ variable values are
available in tomcat through other means (e.g. request.getAuthType(),
request.getRemoteUser(), etc), and I think prefacing them with AJP would
break that. Where it would help would be the things that weren't
standard auth-type variables (COSIGN_ variables and KRB5CCNAME).
Liam
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
