tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Question on workers.properties file
Date Thu, 20 May 2010 11:10:07 GMT
savoym wrote:
> Thanks again for the reply.  
> 
> I do already have the tomcatAuthentication="false" setting as you stated
> below and I had tried the getRemoteUse() from the HttpRequestServlet but
> that unfortunately did not work unless I did something wrong.
> 
> I will try again but I do not think that is working.  Again, I appreciate
> the time and help.
> 
No problem, that's why we're here.
As mentioned earlier, I'm not too sure that this works with IIS and the 
mod_jk redirector for IIS.
I am working on the assumption that it does the same thing as 
Apache/mod_jk : if Apache already has a user-id, then mod_jk forwards it 
to Tomcat.
When in Tomcat the tomcatAuthentication="false" is set, Tomcat accepts 
this user-id from Apache/mod_jk instead of trying to get its own.
Maybe IIS+ jk redirector does the same, maybe not.

If not, there is another possibility : if IIS authenticates the user, it 
/might/ automatically add a HTTP header to the request, before even 
forwarding it to Tomcat through the redirector.
If so, a servlet filter at the Tomcat level might be able to pick up 
this header, extract the user-id, and pass it to your webapp in a way it 
can use it.

If all of that is negative, then you need something like the Jespa 
filter from ioplex.
That filter /will/ authenticate the call on the base of the user's 
domain user-id, and set it in Tomcat, allowing your webapp to pick it up 
via getRemoteUser().  This is a certainty, not a guess. I use this often.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message