Hi Rainer,
Thanks for the response. I should have thought of testing the relevant
methods in a simpler servlet. This has revealed the following:
If I turn off the SSL requirement in my application's web.xml (i.e., in
the security constraint of web.xml), request.getRemoteUser() works fine.
As soon as I flip it back on (by adding
<user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint>),
I get null as before.
I need to have tomcat working over SSL with the client. Is there I way I
can get it to trust the information its obtained from the apache
web-server via AJP?
Thanks,
Omar
Rainer Jung wrote:
Hi Omar,
Omar Nafees schrieb:
request.getRemoteUser() returns null in my servlet.
request.getAttribute("REMOTE_USER") also returns null. I have even
checked the headers that are being sent to the AJP connector in Tomcat.
request.getRemoteUser() works for me (mod_jk 1.2.25 and TC 5.5.23)
1) remove the JkEnvVar REMOTE_USER. It's not an Apache environment
variable, and it will be forwarded by mod_jk automatically
2) Set log level to debug in a dev system. The request should produce a
line similar to
[Sun Aug 26 01:12:03.482 2007] [27669:0] [debug]
init_ws_service::mod_jk.c (782): Service protocol=HTTP/1.1 method=GET
host=(null) addr=127.0.0.1 name=fraxinus.entenhausen.zz port=8080
auth=Basic user=jung laddr=127.0.0.1 raddr=127.0.0.1 uri=/auth.jsp
Here you can see, that mod_jk found Basic authentication and User "jung"
in the Apache repesentation of the request.
Here's what I'm running: apache-2.0.59 in front of tomcat-5.5.23_1 via
mod_jk-ap2-1.2.23 on FreeBSD 6.2
Snippet of AJP13 header:
...
01d0 35 4f 44 41 32 4e 7a 67 3d 00 a0 08 00 01 30 00 5ODA2Nzg =.....0.
01e0 03 00 08 6f 6d 6e 61 66 65 65 73 00 04 00 05 42 ...omnaf ees....B
01f0 61 73 69 63 00 0a 00 0b 52 45 4d 4f 54 45 5f 55 asic.... REMOTE_U
0200 53 45 52 00 00 08 6f 6d 6e 61 66 65 65 73 00 ff SER...om nafees..
Starting from 01e0 we have "03" for "remote_user", then "0008" for 8
Bytes, then the name of the remote user "omnafees" and a terminating
"00", then "04" for authentication type, "0005" for length 5, and
"Basic" as the authentication type. That looks fine!
How do I get Tomcat servlet to read remote user as sent above??
<!-- Define an AJP 1.3 Connector -->
<Connector port="8009"
enableLookups="false" redirectPort="8443"
protocol="AJP/1.3" tomcatAuthentication="false" />
Looks good to me.
Try with a very simple servlet first. Maybe put in in the root context
to isolate it from alle complex things in your webapp:
<HTML>
User: <%=request.getRemoteUser() %>
</HTML>
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
