Sorry, I was reading the latest Tomcat 8.0.24 source to verify how it
worked (it hasn't changed in some time it seems).
The flag to which you refer is for AJP only, hence the inconsistency (as
AJP becomes less common and reverse proxying HTTP becomes the norm).
On Thu, Jul 23, 2015, at 08:05 PM, Violeta Georgieva wrote:
> Hi,
>
> 2015-07-23 21:54 GMT+03:00 John Baker <jba...@dryfish.org.uk>:
> >
> > Hello,
> >
> > I note the HTTP connector does the following when
> > Request.getRemoteUser() is called:
> >
> > public String getRemoteUser() {
> > if (userPrincipal == null) {
> > return null;
> > }
> > return userPrincipal.getName();
> > }
> >
> > I understand what it's trying to do but it's not consistent with the AJP
> > adapter and doesn't make it helpful to interact with upstream reverse
> > proxies setting the username as a header (ie REMOTE_USER). Would it be
> > possible to change the implementation to this:
> >
> > public String getRemoteUser() {
> > String user = userPrincipal.getName();
> > if (userPrincipal == null)
> > user= getHeader("REMOTE_USER");
> > return user;
> > }
> >
> > Or even better, allow the REMOTE_USER header name to be set via a
> > configuration value? This seems much more consistent with the AJP
> > adapter that does pick up REMOTE_USER (sent by the ajp module) and
> > avoids users having to retrieve a header from the request.
> >
>
> You didn't specify any Tomcat version.
>
> Check this feature [1] -> tomcatAuthentication/tomcatAuthorization
>
> Regards,
> Violeta
> [1]
> http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Standard_Implementations
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
