tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 3847] New: - Apache authorization headers not passed through to servlet
Date Thu, 27 Sep 2001 00:38:01 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3847>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3847

Apache authorization headers not passed through to servlet

           Summary: Apache authorization headers not passed through to
                    servlet
           Product: Tomcat 3
           Version: 3.3 Release Candidate 1
          Platform: Other
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: brett.knights@tanner.com


I have a web app where access is managed by Apache using mod_ntlm. The servlet 
uses the req.getRemoteUser() method to determine who is logged in. This has 
worked fine with ApacheJServ and all TC3.3s to now (using ajp13 only - ajp12 
also had this problem)
When I installed TC3.3rc1 this broke. Apache is still authenticating the user 
and the authorization header is being passed through (useless since it is 
encrypted) but the req.getRemoteUser() method returns nothing.

FYI the spec says getRemoteUser is to return the user name "that the client 
authenticated with". It doesn't say that "the client authenticated with the 
servlet container with". By way of clarifiction the servlet 2.3 api docs 
say: "same as the value of the cgi variable REMOTE_USER"

Mime
View raw message