Another google ("mod_proxy_ajp REMOTE_USER tomcat") resulted in
pointers to:
http://mailman1.u.washington.edu/pipermail/pubcookie-users/2006-July/
001527.html
which in turn mentioned that adding:
tomcatAuthentication="false"
to the AJP13 connector statement below (from %CATALINA_HOME%/conf/
server.xml) caused
things to work.
Now my servlet invokes the following with good results:
import javax.servlet.*;
import javax.servlet.http.*;
HttpServletRequest request <-- input argument for doGet()
String user = request.getRemoteUser();
this.log("user:" + user);
causes "user: <user>" to show up in catalina.out.
On Jun 6, 2007, at 4:54 PM, Bill Doster wrote:
Yep. I actually *do" have the ajp request getting handled by using:
ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
(note "ajp//:" not "http://";)
as well as enabling the AJP13 connector in server.xml via:
<Connector port="8009" enableLookups="false" redirectPort="8443"
protocol="AJP/1.3" />
The *problem* that I'm having is that I can NOT determine how to
access the equivalent of
"REMOTE_USER" from a tomcat servlet.
request.getRemoteUser() is null (since no Authorization header
was provided)
System.getenv("REMOTE_USER") is not getting set by tomcat
From looking at the source for mod_proxy_ajp (in ajp_header.c) it
looks like user value gets passed
in the ajp protocol to the tomcat ajp13 listener on port 8009. I
was kinda hoping that someone
else could tell me how tomcat makes this user value available to a
servlet container.
On Jun 6, 2007, at 4:35 PM, Martin Gainty wrote:
following
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
I *thought* ProxyPass was
ProxyPass /mirror/foo/ http://foo.com/
cause a local request for the
<http://wibble.org/mirror/foo/bar> to be internally converted into
a proxy request to
<http://foo.com/bar>.
so..
ProxyPass /HelloWorld http://locahost:8009/
causes a local request for the
http://HelloWorld/HelloWorld
will yield
http://localhost:8009/HelloWorld
ajp is configured by enabling the AJP13 connector in Tomcat %
CATALINA_HOME%/conf/server.xml on Port 8009
http://www.onjava.com/pub/a/onjava/2002/11/20/tomcat.html
From: "Bill Doster" <[EMAIL PROTECTED]>
On FC6 (intel), I need to have tomcat servlets know the user
associated with each ajp request.
After authenticating (I'm using mod_cosign), when I load https://
host/ cgi-bin/hi (a shell script which outputs html-ized "Hello
$REMOTE_USER" the web-page returned is "Hello <user>" for
whatever user I authenticated as.
I've got mod_proxy_ajp set-up to:
ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
Since I have the entire host set-up to be cosign-authenticated,
accessing:
https://host/HelloWorld/HelloWorld
causes cosign to force authentication (iff I haven't already).
Then the request gets passed via mod_proxy_ajp
to tomcat (running on the same host on port 8009). HelloWorld
happily executes, but all the ways that I've coded that I
thought would receive the connection user... haven't.
Since I'm very much a beginner Java person, I've tried googling
and FAQ'ing around but ended up following numerous dead ends.
I've read over the mod_proxy_ajp source and from ajp_header.c it
certainly seems like "user" is always provided to tomcat as long
as user is set for the connection (on the apache side).
I'd really appreciate any tips on how to access this from a
servlet running under Tomcat. Or any tips that would enable me
to at least prove to myself that tomcat received it from
mod_proxy_ajp (like how to tinker with tomcat logging).
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
