On Wed, Jul 16, 2008 at 3:22 PM, Rainer Jung <[EMAIL PROTECTED]> wrote:
> Nikhil schrieb: > > On Wed, Jul 16, 2008 at 2:52 PM, Rainer Jung <[EMAIL PROTECTED]> >> wrote: >> >> To repeat two of my questions: >>> >>> What do you expect to be the value of the 'REMOTE_USER' variable? >>> >>> Do you expect something else, than what you get from >>> request.getRemoteUser()? >>> >>> After I understand that, we can find an appropriate solution. >>> >>> >>> Regards, >>> >>> Rainer >>> >>> >> Hi Rainer, >> >> REMOTE_USER variable value is always expected to be as set by the httpd >> process and passed onto the tomcat. >> >>> Do you expect something else, than what you get from >>>> >>> request.getRemoteUser()? >> No, but I would not want to have this method invoked everytime I want to >> know a logged in account instead an already set (global) variable value >> (preferrably by httpd and passed onto the tomcat) would do. >> > > OK. REMOTE_USER goes back to the times oF CGI. At that time the web server > could only pass along information to the CGI process via environmnt > variables, because it had to start an external process for doing CGI. > > The servlet spec tries to make the same information available in the > context of a java web container. The correct way of retrieving the name of > the authenticated user from the container *is* request.getRemoteUser(). In > java you would nearly always implement a "global variable" as a member of > some object, which you retrieve via a getter function. > request.getRemoteUser() is the right and standards conforming way to do it. > > When the web container has a web server in front, e.g. Apache httpd and a > connection component like mod_jk, usually the combination tries to hide the > information, that the architecture is more complex, from the webapp > developer. So Apache/mod_jk/Tomcat correctly configured provide the user > name authenticated by httpd to the webapp in exactly the same way, as it > would be seen without Apache and mod_jk. That way the developer doesn't have > to know the details. So using request.gerRemoteUser() still is the correct > way. > > The only thing to configure is tomcatAuthentiction="false" in order to tell > Tomcat to trust the authentication done by Apache and not try to do > authentication itself. > > > Regards, > > Rainer > Thanks Rainer. If I want to explicitly pass an environment variable from the httpd to the tomcat, I am using the RequestHeader, JkEnvVar, Setenv but unable to have them as it is passed in the tomcat... how do I go about that? While I am completely convinced to use getRemoteUser() method only for getting the authenticated principal...