On Feb 21, 2013, at 1:44 PM, Liam Hoekenga <li...@umich.edu> wrote:
>
> Try the attached patch for apache2 mod_cosign 3.2.0. Ideally, it will force
> mod_cosign to run ahead of mod_rewrite. If it doesn't work, we can look at a
> patch that allows the administrator to specify a prefix for the environment
> variables set by mod_cosign.
>
> Looks like it works. You have to use the "ENV" namespace, e.g.
>
> RewriteRule .* - [E=AJP_COSIGN_FACTOR:%{ENV:COSIGN_FACTOR}]
>
> ...I kinda think the right solution would be to figure out what needs to
> happen to make it work with mod_rewrite (lookahead?). Then you can use
> rewrite to do whatever you want with them (make new variables, turn them into
> headers, etc).
Yes. The best solution has the least code. There may be side-effects to forcing
mod_cosign to run ahead of mod_rewrite that I haven't considered, though in the
case of running apache as a reverse proxy I don't think that's a concern.
> I think that allowing the site to specify a prefix for the mod_cosign
> variables would only be partially helpful. The REMOTE_ variable values are
> available in tomcat through other means (e.g. request.getAuthType(),
> request.getRemoteUser(), etc), and I think prefacing them with AJP would
> break that. Where it would help would be the things that weren't standard
> auth-type variables (COSIGN_ variables and KRB5CCNAME).
Right. We'll keep that in mind if we ever have the need to implement this.
andrew
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
