-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan,
On 9/23/2009 11:51 PM, daniel steel wrote: > we are using jndi authentication for authenticating the user against > active directory. the user is hitting the load balancer and then the > request is forwarded to the tomcat. > > at times we are seeing slowness and on analyzing the access log, the > jsps having high execution duration do not have any remoteusername > associated with that call and has http response 401 - unauthorised > access. > > the question is what stripping the remote username ? > 1. the load balancer is off loading the SSL. > 2. we are using basic authentication schema tied into JNDI - LDAP > authentication. Since your load balancer is handling SSL for you, it should be trivial to set up a packet sniffer and watch the HTTP traffic going to Tomcat. If you can find a remote client that loses its authentication information, you ought to be able to look for a set of matching packets in your log and see the headers (including any authentication information included). If you're talking about using request.getRemoteUser(), I believe the SSL (or mod_jk if using httpd/mod_jk) connector is supposed to supply that information to the request. If you are stripping-off SSL information at the load-balancer, how is the remote user information being delivered to Tomcat? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq9MNUACgkQ9CaO5/Lv0PDQ9QCfeYCiYQsejhzV9JXFiEEvlpHY yS8AnRyafIhfBQEBZy6CvPd71d3vwENh =qKbR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
