Omar I actually had this exact same problem early today although I'm
sure my environment is slightly different from your perhaps I can offer
some help.  

In my case I have LDAP authentication configured for my servlet.  I
believe this step should be the same regardless of the authentication
scheme you are using....
  
First I edit CATALINA_HOME/webapps/myServelet/WEB-INF/web.xml to define
roles and constraints for what pages can be accessed...

<login-config>
    <auth-method>BASIC</auth-method>
  </login-config>

  <security-role>
    <role-name>GRP-myGroup </role-name>
  </security-role>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>my Authentication</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
      <role-name>GRP-myGroup</role-name>
    </auth-constraint>
  </security-constraint>


The other file I change sets up all the LDAP machine details.  I've
placed it in Context.xml because there are several servlets that make
use of this authentication...

$CATALINA_HOME/conf/Context.xml

<Context>
        <Realm className       ="org.apache.catalina.realm.JNDIRealm"
             debug             ="99"
             connectionURL     ="ldap://ldapMachine:3268";
             connectionName    ="CRYPTOLOGIC\myUser"
             connectionPassword="myPassword"              
                
                userBase          ="dc=myDomain,dc=com"
             userSearch        ="(sAMAccountName={0})"
                 userSubtree       ="true"
             userRoleName      ="memberOf"
                 
                 roleBase   ="OU=Groups,DC=myDomain,DC=com"
                 roleSubtree="false"
                 roleName   ="cn"
                 roleSearch ="(member={0})"/>
</Context>

This has worked for me.  Hope it is of some use to you.  We also have
Apache over top of Tomcat in our environment and found it necessary to
configure authentication both in Apache and in Tomcat to get things to
work properly.

Robert Segal
Tools Developer
CryptoLogic Inc.
55 St. Clair Ave W., 3rd Floor
Toronto, Ontario
Canada  M4V 2Y7
tel.  + 1.416.545.1455 x5896
fax. + 1.416.545.1454

This message, including any attachments, is confidential and/or
privileged and contains information intended only for the person(s)
named above. Any other distribution, copying or disclosure is strictly
prohibited. If you are not the intended recipient or have received this
message in error, please notify us immediately by reply email and
permanently delete the original transmission from all of your systems
and hard drives, including any attachments, without making a copy.

-----Original Message-----
From: Omar Nafees [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 24, 2007 2:30 PM
To: Tomcat Users List
Subject: Re: Apache authentication information (remoteuser) not visible
in Tomcat

Thanks for the response Christopher... although I had very early on, 
already tried what is suggested in the link you have referred to, i.e., 
setting tomcatAuthentication="false" in the appropriate server.xml line 
(see the config listing I produced earlier in the thread).

Oh I hope its not some obscure bug in mod_jk!! :)

Thanks,
Omar



Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Omar,
>
> Omar Nafees wrote:
>   
>> request.getRemoteUser() returns null in my servlet.
>> request.getAttribute("REMOTE_USER") also returns null. I have even
>> checked the headers that are being sent to the AJP connector in
Tomcat.
>>     
>
> This is a FAQ. The answer is easily findable in the archives:
>
> http://www.nabble.com/forum/ViewPost.jtp?post=3132974&framed=y
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGzxDY9CaO5/Lv0PARAi0fAKC+7Rb+k5E3fEPFGhhiXvXumpz9QwCgwgss
> OPTfCFM5pLAQ0jH0i+BCkis=
> =+c/H
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>   


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to