tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Do any of the Tomcat LDAP-type realms support "no password" authentication?
Date Fri, 02 Dec 2011 17:22:48 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim,

On 12/2/11 11:26 AM, ohaya@cox.net wrote:
> Sure. Here's the section from httpd.conf. This is testing where I 
> purposely insert a "REMOTE_USER" HTTP header into the request
> being proxied. As I said, I have a sniffer on the line, and I can
> see the REMOTE_USER header, but still, when I get to my test JSP
> hosted on the Tomcat, getUserPrincipal() is returning null (don't
> mind the hostname in the ProxyPass, etc. I just happen to be
> hosting Tomcat on that machine, and WebLogic is shutdown there).

The problem is that AJP sends the authentication information as part
of the AJP protocol, not as a request header. You are setting a
request header which is not the mechanism AJP uses to transfer the userid.

You might want to check to see if your SSO module works the way that
other httpd modules expect -- like the other mod_auth_[xyz], for instance.

See http://tomcat.apache.org/connectors-doc/reference/apache.html.
Specifically, the JkRemoteUserIndicator directive which allows you to
override the environment variable whose value will be used to
send-over the username to Tomcat.

I wouldn't think you'd have to do that (REMOTE_USER should already be
set by your auth module and mod_proxy_jk should already be using
that), but you might be able to force it for some testing.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7ZCWgACgkQ9CaO5/Lv0PDPWACgt07Uz0jf04GNXI9ws3aUOmnV
33gAoIh992DyrYkydFVdviUy2zlrQtue
=acs6
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message