[re-adding mailing list] Martin: Everything is working perfectly on the Apache side. If I run this CGI: """ #!/bin/sh
printf "Content-Type: text/plain\r\n\r\n" env | sort """ I get, among other variables: HTTPS=on REMOTE_USER=xsdg SERVER_PORT=443 SSL_PROTOCOL=TLSv1 What I want is to somehow retrieve the username "xsdg" (or whatever it may be) from the Servlet. That is all I want. So far, I can't see how to do that, including after I've set tomcatAuthentication="false" in the Connector definition. --xsdg On Thu, Jun 6, 2013 at 3:18 PM, Martin Gainty <mgai...@hotmail.com> wrote: > getAuthType() > Returns the name of the authentication scheme used to protect the servlet > > you dont have SSL setup on TC do the method will always return null > > you will need to get Mod-ssl setup on your Apache Server beforehand > http://www.modssl.org/example/ > > Martin > ______________________________________________ > Verzicht und Vertraulichkeitanmerkung > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte > Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht > dient lediglich dem Austausch von Informationen und entfaltet keine > rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von > E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > > > > > > >> Date: Thu, 6 Jun 2013 15:02:04 -0700 >> Subject: Re: How to get SSL connection information from Apache HTTPD over >> AJP? >> From: x...@google.com >> To: users@tomcat.apache.org > >> >> Howdy, Rainier >> >> Thanks for the response. I gave this a shot, but I'm not seeing any >> change at the Servlet level. After your advice, I changed my >> Connector definition to this: >> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" >> tomcatAuthentication="false" /> >> >> Is there any change I need to make on the httpd side? I've restarted >> both tomcat and httpd, and I still get null from both >> request.getRemoteUser() and request.getAuthType(). >> >> Moreover, is there somewhere I can turn on debugging to see if the >> setting is at least getting picked up properly? I intentionally >> introduced a typo into an attribute name, and saw no change in >> behavior or other warnings or errors, which is somewhat disconcerting. >> >> Thanks, >> --xsdg >> >> >> On Thu, Jun 6, 2013 at 12:20 AM, Rainer Jung <rainer.j...@kippdata.de> >> wrote: >> > On 06.06.2013 07:23, Omari Stephens wrote: >> >> Howdy, y'all >> >> >> >> I'm working on porting a pure java CGI to a servlet. I'm using Tomcat >> >> 6 behind Apache HTTPD 2.2. >> >> >> >> At this point, I have everything talking to each other fine. When I >> >> hit the right URL on httpd, my servlet gets run. yay. >> >> >> >> My question: incoming connections to httpd are over SSL. For the CGI, >> >> apache sets user-identifying information in the environment, so that I >> >> can read a particular environment variable and uniquely identify the >> >> user making the request. >> >> >> >> So far, I can't figure out how to uniquely identify the user from the >> >> Tomcat side. All of the obvious methods (like #getRemoteUser()) from >> >> HttpServletRequest return null. I see "JkEnvVar" at >> >> http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html, >> >> but either that only copies variables from Apache's environment >> >> (rather than ones that it sets for CGI), or I'm not using it >> >> correctly. >> >> >> >> Lastly, I'm not hitting Tomcat SSL directly because I depend on a >> >> module that only exists for Apache HTTPD. >> > >> > Set tomcatAuthentication="false" in your ajp connector. >> > >> > See tomcatAuthentication on page >> > http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html. >> > >> > Setting it to "false" means that Tomcat will not authenticate the user >> > but instead fully trust the remoteUser send by Apache. default is >> > "true". >> > >> > Note that this is not really related to the subject of your mail (SSL >> > connection information). >> > >> > Regards, >> > >> > Rainer >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> > For additional commands, e-mail: users-h...@tomcat.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
