We have a Java application running on Tomcat with an Apache HTTP proxy in front. Our SSO system (Shibboleth) runs as an Apache module and sets an HTTP header with the logged-in username, which gets passed through to Tomcat and which the app uses Spring's RequestHeaderAuthenticationFilter to read.
We would like to switch from HTTP to AJP for the proxy, as recommended by our SSO vendor. When we do, though, the logged-in username ends up in an environment variable and gets passed to Tomcat as a request attribute rather than a header. The Spring filter is using javax.servlet.http.HttpServletRequest.getHeader to read the value, which fails. For things to work, it would need to use javax.servlet.ServletRequest.getAttribute. As far as I can tell, no filter exists in Spring that uses requests instead of headers. Is there a way to make Tomcat expose the values of AJP request attributes as headers so that the Spring filter can see them? Or maybe a way to make one the user principal, accessible through javax.servlet.http.HttpServletRequest.getUserPrincipal? Then I could use a different Spring filter, J2eePreAuthenticatedProcessingFilter). And if there is a way to do one or both of these, do you think I would be better off trying to fix this on the Spring side? Thanks for any suggestions. -- Elliot Kendall IAM Support Engineer - Single Sign On Information Technology Services University of California, San Francisco --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
