tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikhil <mnik...@gmail.com>
Subject Re: tomcat, apache with mod_jk and mod_auth_kerb
Date Wed, 16 Jul 2008 10:09:40 GMT
Thanks for the explanation, Rainer. Fine, I am going with using the method
only then...
Regards,
Nikhil

On Wed, Jul 16, 2008 at 3:22 PM, Rainer Jung <rainer.jung@kippdata.de>
wrote:

> Nikhil schrieb:
>
>  On Wed, Jul 16, 2008 at 2:52 PM, Rainer Jung <rainer.jung@kippdata.de>
>> wrote:
>>
>>  To repeat two of my questions:
>>>
>>> What do you expect to be the value of the 'REMOTE_USER' variable?
>>>
>>> Do you expect something else, than what you get from
>>> request.getRemoteUser()?
>>>
>>> After I understand that, we can find an appropriate solution.
>>>
>>>
>>> Regards,
>>>
>>> Rainer
>>>
>>>
>> Hi Rainer,
>>
>> REMOTE_USER variable value is always expected to be as set by the httpd
>> process and passed onto the tomcat.
>>
>>> Do you expect something else, than what you get from
>>>>
>>> request.getRemoteUser()?
>> No, but I would not want to have this method invoked everytime I want to
>> know a logged in account instead an already set (global)  variable value
>> (preferrably by httpd and passed onto the tomcat) would do.
>>
>
> OK. REMOTE_USER goes back to the times oF CGI. At that time the web server
> could only pass along information to the CGI process via environmnt
> variables, because it had to start an external process for doing CGI.
>
> The servlet spec tries to make the same information available in the
> context of a java web container. The correct way of retrieving the name of
> the authenticated user from the container *is* request.getRemoteUser(). In
> java you would nearly always implement a "global variable" as a member of
> some object, which you retrieve via a getter function.
> request.getRemoteUser() is the right and standards conforming way to do it.
>
> When the web container has a web server in front, e.g. Apache httpd and a
> connection component like mod_jk, usually the combination tries to hide the
> information, that the architecture is more complex, from the webapp
> developer. So Apache/mod_jk/Tomcat correctly configured provide the user
> name authenticated by httpd to the webapp in exactly the same way, as it
> would be seen without Apache and mod_jk. That way the developer doesn't have
> to know the details. So using request.gerRemoteUser() still is the correct
> way.
>
> The only thing to configure is tomcatAuthentiction="false" in order to tell
> Tomcat to trust the authentication done by Apache and not try to do
> authentication itself.
>
>
> Regards,
>
> Rainer
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Nikhil

Google is Great !

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message