---- oh...@cox.net wrote: > > ---- Christopher Schultz <ch...@christopherschultz.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Jim, > > > > On 12/2/11 11:26 AM, oh...@cox.net wrote: > > > Sure. Here's the section from httpd.conf. This is testing where I > > > purposely insert a "REMOTE_USER" HTTP header into the request > > > being proxied. As I said, I have a sniffer on the line, and I can > > > see the REMOTE_USER header, but still, when I get to my test JSP > > > hosted on the Tomcat, getUserPrincipal() is returning null (don't > > > mind the hostname in the ProxyPass, etc. I just happen to be > > > hosting Tomcat on that machine, and WebLogic is shutdown there). > > > > The problem is that AJP sends the authentication information as part > > of the AJP protocol, not as a request header. You are setting a > > request header which is not the mechanism AJP uses to transfer the userid. > > > > You might want to check to see if your SSO module works the way that > > other httpd modules expect -- like the other mod_auth_[xyz], for instance. > > > > See http://tomcat.apache.org/connectors-doc/reference/apache.html. > > Specifically, the JkRemoteUserIndicator directive which allows you to > > override the environment variable whose value will be used to > > send-over the username to Tomcat. > > > > I wouldn't think you'd have to do that (REMOTE_USER should already be > > set by your auth module and mod_proxy_jk should already be using > > that), but you might be able to force it for some testing. > > > > - -chris > > > Chris, > > FYI, that link you posted give as 404 error. > > To be clear, in the discussion before now, I was just using mod_ajp (built > into/included with Apache), and NOT mod_jk. > > I'm now in the process of trying to switch my Apache conf to use mod_jk. The > reason is that I'm starting to get the feeling that the Apache 3rd party > agent (it's Oracle's OAM webgate, which I haven't said till now, sorry) might > not be setting things in the Apache environment that are needed for AJP. > I've been checking, and there's very little (= none) that I can do with > trying to change the OAM webgate behavior, and if it's not setting whatever > Apache/AJP needs, then I'm stuck, so I'm trying mod_jk, hoping that that'll > give me some way to set what AJP needs. > > Now that I'm doing that, I'm starting to remember how confusing (to me at > least) configuring mod_jk is :) (vs. mod_ajp). > > I just got the initial part of the re-configuration done. I got the > mod_jk.so (my test Apache is on Windows, BTW), and added the LoadModule. I > have the Apache pointed to a new simple workers.properties file, and the > Apache comes up, but it doesn't seem to be proxing my test URLs to the Tomcat > anymore (/samplesajp/*). > > Here's what I added to my Apache httpd.conf: > > > # 2011-12-02 - ADDING MOD_JK > LoadModule jk_module modules/mod_jk.so > JkWorkersFile c:/Apache2.2/conf/workers.properties > # some other configuration > JkLogFile "c:/Apache2.2/logs/jk.log" > JkLogLevel debug > JkShmFile c:/Apache2.2/logs/jk.shm > JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories > # forwarding URL prefixes to Tomcat instances > JkMount /samplesajp/* tomcatA > > JkEnvVar REMOTE_USER > > > And, here's the workers.properties: > > > <IfModule mod_jk.c> > # a list of Tomcat instances > #JkWorkerProperty worker.list=tomcatA > worker.list=tomcatA > # connection properties to instance A on localhost > # JkWorkerProperty worker.tomcatA.type=ajp13 > # JkWorkerProperty worker.tomcatA.host=weblogic1.whatever.com > # JkWorkerProperty worker.tomcatA.port=8009 > worker.tomcatA.type=ajp13 > worker.tomcatA.host=weblogic1.whatever.com > worker.tomcatA.port=8009 > > </IfModule> > > > And, here's what I'm seeing in jk.log when I try to access my test URL (via > the Apache): >
Hi, I stripped the jk.log stuff (too long) above. I've made some progress. I have a VirtualHost, so I had to add a "JkMountCopy 'on'" inside the <VirtualHost>, and now, it's at least proxying through to the Tomcat using mod_jk!! BUT, it's still not logging me into the Tomcat :(... I don't want to post the entire jk.log, so can someone point me to what to look for in there, maybe? Thanks, Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
