Hello,
I note the HTTP connector does the following when
Request.getRemoteUser() is called:
public String getRemoteUser() {
if (userPrincipal == null) {
return null;
}
return userPrincipal.getName();
}
I understand what it's trying to do but it's not consistent with the AJP
adapter and doesn't make it helpful to interact with upstream reverse
proxies setting the username as a header (ie REMOTE_USER). Would it be
possible to change the implementation to this:
public String getRemoteUser() {
String user = userPrincipal.getName();
if (userPrincipal == null)
user= getHeader("REMOTE_USER");
return user;
}
Or even better, allow the REMOTE_USER header name to be set via a
configuration value? This seems much more consistent with the AJP
adapter that does pick up REMOTE_USER (sent by the ajp module) and
avoids users having to retrieve a header from the request.
Thanks
John
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
