Can anyone confirm this as an issue ? -- Joe Van Demark [EMAIL PROTECTED]
I'm running Apache/tomcat 3.3 Beta with jserv. My server.xml contains the following RequestInterceptor tag/element <RequestInterceptor className="org.apache.tomcat.modules.server.Ajp12Interceptor" tomcatAuthentication="false" port="8007" /> But it doesn't seem that tomcatAuthentication is actually disabled. Looking at the code I see the following The AjpInteceptor instantiates both AjpRequest and AjpResponse objects. The instantiation of AjpRequest in turn instantiates an instance of Ajp12 which is where we read off the stream from jserv. Both AjpInterceptor and Ajp12 default tomcatAuthentication to true. when Ajp12 is reading the stream it will ignore the remote users if tomcat Authentication is true. if (isTomcatAuthentication()) dummy=readString(ajpin, null); else which is what is happening. It would seem to me given the Request interceptor definition in server.xml that Ajp12 should be reading the remote user, i.e. tomcatAuthentication is false. Since Ajp12Interceptor instantiates Ajp12 I would expect given the server.xml def it would make a call to Ajp12 to set tomcat authentication to false. This might possible occur in the processConnection method: if( reqA==null || resA==null ) { reqA = new AJP12Request(); reqA.setSecret( secret ); ((AJP12Request)reqA).setTomcatAuthentication( isTomcatAuthentication()); resA=new AJP12Response(); cm.initRequest( reqA, resA ); } But it would require that the local instance field tomcatAuthentication be set to false if it were to work at all. None of this is happening as far as I can tell. Basically I don't see a path through the code which would disable tomcatAuthentication that corresponds the the server.xml Request Intercepter definition. The only way I've been able to disable the tomcatAuthentication and read a remote_user off the jserv stream was to modify Ajp12, defaulting tomcatAuthentication to false. Any insight would be appreciated. -- Joe Van Demark [EMAIL PROTECTED]
