I am trying to authenticate via Apache and use getRemoteUser in Tomcat.
I want to serve static pages via Apache and run a web application
through Tomcat. I am receiving a null for getRemoteUser in my simple
Spy servlet. I have read in different places where the AJP connector
requires the keyword "tomcatAuthentication" and other places where it
says "request.tomcatAuthentication". I'm not sure whether I the
security constraints define in the application's web.xml. I'm not even
sure if I have to use a Location to secure the application, although
that seemed to get me closest. In any case, I've tried lots of
combinations:
1. tomcatAuthentication vs. request.tomcatAuthentication
2. Security constraints in the application web.xml vs. no constraints
I've tried the four combinations of the above along with others.
Supplying an authentication realm to the Location got me challenged when
I tried to launch the servlet. That's the closest I've gotten, and
changes to the other options above seem to make no difference. In the
mod_jk.log file, I see the user ID being passed to the connector. I
just don't see it in getRemoteUser in the servlet. Here are the last
lines of the request from the mod_jk.log:
05 00 1E 42 61 73 69 63 20 53 6D 39 6C 49 46 42 - ...Basic.Sm9lIFB
73 64 58 52 68 4F 6D 46 77 59 57 4E 6F 5A 58 42 - sdXRhOmFwYWNoZXB
33 00 A0 08 00 01 30 00 03 00 09 4A 6F 65 20 50 - 3.....0....Joe.P
6C 75 74 61 00 04 00 05 42 61 73 69 63 00 FF 00 - luta....Basic...
But the Spy servlet shows the remote user as null. (Interestingly,
getRemoteHost and getRemoteAddr return valid information.)
I'm out of ideas. Any help would be GREATLY appreciated.
Joe
My environment (Apache software are all binaries):
Win2K3 Server
JavaEE5
Apache 2.2.3 (Win32/x86)
Tomcat 5.5.20
Mod_jk 2.2.3
In server.xml:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" request.tomcatAuthentication="false"
enableLookups="false" redirectPort="8443"
protocol="AJP/1.3" />
In web.xml for application NBSDev:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>PWA Resources</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>pwa</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>PICS Web Access (NBS1)</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to PWA
</description>
<role-name>pwa</role-name>
</security-role>
In workers.properties:
# BEGIN workers.properties
# Definition for Ajp13 worker
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
# END workers.properties
In httpd.conf:
########## Auto generated on Sat Oct 07 10:16:25 CDT 2006##########
# TOMCAT
<Location "/NBSDev">
AllowOverride None
AuthName "Web Access"
AuthGroupFile conf/groups.acl
AuthUserFile conf/users.acl
AuthType Basic
require valid-user
Order allow,deny
Allow from All
</Location>
<IfModule !mod_jk.c>
LoadModule jk_module "D:/Apache/Apache/modules/mod_jk.so"
# Where to find the workers file
JkWorkersFile /Apache/Apache/conf/workers.properties
# Where to put jk logs
JkLogFile /Apache/Apache/logs/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
# JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send EVERYTHING for context /NBSDev to worker named ajp13
JkMount /NBSDev/* ajp13
### Below commented for testing
# Send servlet for context /NBSDev to worker named ajp13
# JkMount /NBSDev/servlet/* ajp13
# Send JSPs for context /NBSDev to worker named ajp13
# JkMount /NBSDev/*.jsp ajp13
</IfModule>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
