Hi all.
I think that an architecture based on an Apache as front-end and one or
more Tomcat's as back ends is quite common.
Reverse proxying from Apache to Tomcat works, and it still works if we
let Tomcat to provide some authentication and authorization feature
(i.e. via ldap).
Yet I'd like to have authentication (and even authorization) on Apache,
I think it would be more correct. So I tried to study the problem,
having some locations of the Apache protected by a Basic Authentication
and proxy-passed to Tomcat. I expected the Tomcat to preserve the
REMOTE_USER (or HTTP_REMOTE_USER ? ) variable received by Apache. It
does not work.
Do you know how can Tomcat force an environmental variable (coming from
Apache via reverse proxy) into its REMOTE_USER, after recognizing the
REMOTE_ADDR of the federate Apache and without being open to attacks ?
Thanks in advance.
Ciao.
Yours Ezio.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
