tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleix Vergés <a.ver...@terra.es>
Subject RV: Re[2]: tomcatAuthentication="false" and getRemoteUser returning null in recent versions of Tomcat
Date Thu, 23 Jan 2003 21:53:13 GMT


-----Mensaje original-----
De: Aleix Vergés [mailto:a.verges@terra.es] 
Enviado el: jueves, 23 de enero de 2003 22:52
Para: 'Ignacio J. Ortega'
Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser
returning null in recent versions of Tomcat


How can I send this to that box? This is my first contribution to the
forum

Aleix

-----Mensaje original-----
De: Ignacio J. Ortega [mailto:nacho@siapi.es] 
Enviado el: jueves, 23 de enero de 2003 22:19
Para: 'Aleix Vergés'
Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser
returning null in recent versions of Tomcat

Aleix, te agradeceria que mandaras esto a tomcat-user tb.., asi los
demas se enteran, tb.. gracias

Ahhh y me alegro un taco que te funcione... tamos pa eso :)

Saludos, 
Ignacio J. Ortega 

> -----Original Message-----
> From: Aleix Vergés [mailto:a.verges@terra.es]
> Sent: Thursday, January 23, 2003 10:02 PM
> To: Ignacio J. Ortega
> Subject: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser
> returning null in recent versions of Tomcat
> 
> 
> Hi,
> 
>    Thank you very much for your help. Finally my configuration is
> working properly.
> 
>    Regards
> 
> Aleix
> 
> -----Mensaje original-----
> De: Ignacio J. Ortega [mailto:nacho@siapi.es] 
> Enviado el: jueves, 23 de enero de 2003 16:22
> Para: 'Tomcat Users List'
> CC: 'a.verges@terra.es'
> Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser
> returning null in recent versions of Tomcat
> 
> Aleix,
> 
> > 
> > <security-constraint>
> >  <display-name>Example Security Constraint</display-name>
> >  <web-resource-collection>
> >  <web-resource-name>Protected Area</web-resource-name>
> >  <url-pattern>/*</url-pattern>
> >  <http-method>DELETE</http-method>
> >  <http-method>GET</http-method>
> >  <http-method>POST</http-method>
> >  <http-method>PUT</http-method>
> >  </web-resource-collection>
> >  <auth-constraint>
> >  <role-name>tomcat</role-name>
> >  </auth-constraint>
> > </security-constraint>
> > <login-config>
> >  <auth-method>BASIC</auth-method>
> >  <realm-name>BASIC Authentication</realm-name>
> > </login-config>
> > <security-role> 
> > <role-name>tomcat</role-name> 
> > </security-role>
> > 
> 
> 
> Oops, sorry senility is starting to bother me ;)..
> 
> Well the problem is related to the fact that Apache doenst have a
> roleslike info and of course not having them Tomcat cannot 
> know it from
> him, so your security constraint ends not seeing the correct role for
> that user, you need to have a correctly configured realm, using the
> exact same names you get from apache, where tomcat can go to 
> ask for the
> user's roles... the Realm type doesnt matter for our porpouse..
> 
> If configuring exactly the same user name to have the needed 
> roles in a
> tomcat realm doesnt work, i think it's a bug in tc 4.1.18..
> 
> So to summarize:
> 
> 1) Apache needs to be configured tro do the auth
> 2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) 
> containing the same
> exact usernames, with the associated roles, tha Apache will 
> transmit to
> TC..
> 3) tomcatAuthentication=false, so tomcat will get the username from
> Apache..
> 
> I know is a pain, but the lack of the roles concept in Apache makes it
> cumbersome, as web.xml only uses role names for security 
> constraint not
> usernames..
> 
> Saludos, 
> Ignacio J. Ortega 
> 
> 
> 
> 



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message