tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleix Vergés <a.ver...@terra.es>
Subject RV: Re[2]: tomcatAuthentication="false" and getRemoteUser returning null in recent versions of Tomcat
Date Thu, 23 Jan 2003 21:53:04 GMT


-----Mensaje original-----
De: Aleix Vergés [mailto:a.verges@terra.es] 
Enviado el: jueves, 23 de enero de 2003 22:01
Para: 'Ignacio J. Ortega'
Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser
returning null in recent versions of Tomcat

Hi,

   Thank you very much for your help. Finally my configuration is
working properly.

   Regards

Aleix

-----Mensaje original-----
De: Ignacio J. Ortega [mailto:nacho@siapi.es] 
Enviado el: jueves, 23 de enero de 2003 16:22
Para: 'Tomcat Users List'
CC: 'a.verges@terra.es'
Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser
returning null in recent versions of Tomcat

Aleix,

> 
> <security-constraint>
>  <display-name>Example Security Constraint</display-name>
>  <web-resource-collection>
>  <web-resource-name>Protected Area</web-resource-name>
>  <url-pattern>/*</url-pattern>
>  <http-method>DELETE</http-method>
>  <http-method>GET</http-method>
>  <http-method>POST</http-method>
>  <http-method>PUT</http-method>
>  </web-resource-collection>
>  <auth-constraint>
>  <role-name>tomcat</role-name>
>  </auth-constraint>
> </security-constraint>
> <login-config>
>  <auth-method>BASIC</auth-method>
>  <realm-name>BASIC Authentication</realm-name>
> </login-config>
> <security-role> 
> <role-name>tomcat</role-name> 
> </security-role>
> 


Oops, sorry senility is starting to bother me ;)..

Well the problem is related to the fact that Apache doenst have a
roleslike info and of course not having them Tomcat cannot know it from
him, so your security constraint ends not seeing the correct role for
that user, you need to have a correctly configured realm, using the
exact same names you get from apache, where tomcat can go to ask for the
user's roles... the Realm type doesnt matter for our porpouse..

If configuring exactly the same user name to have the needed roles in a
tomcat realm doesnt work, i think it's a bug in tc 4.1.18..

So to summarize:

1) Apache needs to be configured tro do the auth
2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) containing the same
exact usernames, with the associated roles, tha Apache will transmit to
TC..
3) tomcatAuthentication=false, so tomcat will get the username from
Apache..

I know is a pain, but the lack of the roles concept in Apache makes it
cumbersome, as web.xml only uses role names for security constraint not
usernames..

Saludos, 
Ignacio J. Ortega 



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message