tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omar Nafees <>
Subject Apache --> Tomcat SSL via mod_jk
Date Tue, 28 Aug 2007 19:34:21 GMT

I recently posted under the thread "Apache authentication information 
(remoteuser) not visible in Tomcat" and I am grateful to all that 
responded with useful comments.

I learned the following about how Tomcat treats authentication 
information received from Apache via AJP headers (mod_jk) - once told to 
consider it by using "tomcatAuthentication=false" in the appropriate place:

1) request.getRemoteUser() only works on the "entry-point" servlet (e.g. 
index.jsp) - it doesn't work if you forward immediately to another page. 
It seems strange that Tomcat doesn't keep remote user around for later 
use and forces me to keep it around explicitly in some form (such as a 
hidden POST parameter).

2) The above is assuming SSL is turned off for my application. The 
minute I turn it on in it's security constraint (in web.xml), 
request.getRemoteUser() only returns null. Is there a particular setting 
in security constraint or elsewhere to achieve the desired behavior?

Thanks in advance for any help.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message