Not a problem. We have a custom auth module for Apache httpd, no
equivalent for tomcat :-( where we need to do exactly this.
--David
Joe Pluta wrote:
Thanks, David. I swear I tried that on one of my attempts, but
evidently I didn't save the file or didn't bounce the server or
something. The tomcatAuthentication (not request.tomcatAuthentication)
works fine. Interesting to note that the Tomcat security constraints do
NOT work -- they immediately fail with a permission denied. However, I
didn't need that anyway, I just wantde the user ID. The application
will do its own thing based on the user ID.
Thanks again.
Joe
-----Original Message-----
From: David Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 18, 2006 10:50 AM
To: Tomcat Users List
Subject: Re: Confused about getRemoteUser and Apache authentication
I can fix one issue for you -- if you add the attribute
tomcatAuthentication="false" to the connector element in server.xml, the
remote user will start coming through from Apache httpd.
Never tried to do security constraints in web.xml and use
tomcatAuthentication="false" together. You could try it. My suspicion
is it should work.
--David
Joe Pluta wrote:
I am trying to authenticate via Apache and use getRemoteUser in Tomcat.
I want to serve static pages via Apache and run a web application
through Tomcat. I am receiving a null for getRemoteUser in my simple
Spy servlet. I have read in different places where the AJP connector
requires the keyword "tomcatAuthentication" and other places where it
says "request.tomcatAuthentication". I'm not sure whether I the
security constraints define in the application's web.xml. I'm not even
sure if I have to use a Location to secure the application, although
that seemed to get me closest. In any case, I've tried lots of
combinations:
1. tomcatAuthentication vs. request.tomcatAuthentication 2. Security
constraints in the application web.xml vs. no constraints
I've tried the four combinations of the above along with others.
Supplying an authentication realm to the Location got me challenged
when I tried to launch the servlet. That's the closest I've gotten,
and changes to the other options above seem to make no difference. In
the mod_jk.log file, I see the user ID being passed to the connector.
I just don't see it in getRemoteUser in the servlet. Here are the last
lines of the request from the mod_jk.log:
05 00 1E 42 61 73 69 63 20 53 6D 39 6C 49 46 42 - ...Basic.Sm9lIFB
73 64 58 52 68 4F 6D 46 77 59 57 4E 6F 5A 58 42 - sdXRhOmFwYWNoZXB
33 00 A0 08 00 01 30 00 03 00 09 4A 6F 65 20 50 - 3.....0....Joe.P 6C
75 74 61 00 04 00 05 42 61 73 69 63 00 FF 00 - luta....Basic...
But the Spy servlet shows the remote user as null. (Interestingly,
getRemoteHost and getRemoteAddr return valid information.)
I'm out of ideas. Any help would be GREATLY appreciated.
Joe
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
