tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Do any of the Tomcat LDAP-type realms support "no password" authentication?
Date Fri, 02 Dec 2011 20:26:15 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim,

On 12/2/11 2:08 PM, ohaya@cox.net wrote:
> ---- Christopher Schultz <chris@christopherschultz.net> wrote:
>> 
>> See
>> http://tomcat.apache.org/connectors-doc/reference/apache.html. 
>> Specifically, the JkRemoteUserIndicator directive which allows
>> you to override the environment variable whose value will be used
>> to send-over the username to Tomcat.
> 
> FYI, that link you posted give as 404 error.

WFM... ??!

> To be clear, in the discussion before now, I was just using
> mod_ajp (built into/included with Apache), and NOT mod_jk.

That's mod_proxy_ajp, but I understand. I believe they both provide
that capability, but I'm not sure... the documentation for
mod_proxy_ajp is sorely lacking.

> I'm now in the process of trying to switch my Apache conf to use 
> mod_jk. The reason is that I'm starting to get the feeling that
> the Apache 3rd party agent (it's Oracle's OAM webgate, which I
> haven't said till now, sorry) might not be setting things in the
> Apache environment that are needed for AJP. I've been checking, and
> there's very little (= none) that I can do with trying to change
> the OAM webgate behavior, and if it's not setting whatever
> Apache/AJP needs, then I'm stuck, so I'm trying mod_jk, hoping that
> that'll give me some way to set what AJP needs.

mod_jk definitely has a lot more capabilities than mod_proxy_ajp. I
have only ever used mod_jk for historical reasons (project predates
mod_proxy_ajp) and because we can't do certain things with
mod_proxy_ajp and actually require mod_jk at this point.

Fortunately, mod_jk isn't tough configure -- though mod_proxy_ajp can
do a lot with tro simple directives :)

> # 2011-12-02 - ADDING MOD_JK LoadModule jk_module
> modules/mod_jk.so JkWorkersFile
> c:/Apache2.2/conf/workers.properties # some other configuration 
> JkLogFile "c:/Apache2.2/logs/jk.log" JkLogLevel debug JkShmFile
> c:/Apache2.2/logs/jk.shm JkOptions +ForwardKeySize
> +ForwardURICompat -ForwardDirectories # forwarding URL prefixes to
> Tomcat instances JkMount /samplesajp/* tomcatA

Do you have any VirtualHosts? If so, the JkMounts at the top-level
won't be copied-into the VirtualHosts unless you use another special
directive: JkMountCopy.

> JkEnvVar REMOTE_USER

This will put the REMOTE_USER environment variable (on the httpd side)
into the request /attributes/ on the Tomcat side.

> And, here's the workers.properties:
> 
> 
> <IfModule mod_jk.c>

^^ That's not appropriate in workers.properties. If mod_jk isn't
loaded, this file won't be loaded, either.

> # a list of Tomcat instances #JkWorkerProperty worker.list=tomcatA 
> worker.list=tomcatA # connection properties to instance A on
> localhost # JkWorkerProperty worker.tomcatA.type=ajp13 #
> JkWorkerProperty worker.tomcatA.host=weblogic1.whatever.com #
> JkWorkerProperty worker.tomcatA.port=8009 
> worker.tomcatA.type=ajp13 
> worker.tomcatA.host=weblogic1.whatever.com 
> worker.tomcatA.port=8009

All that looks just fine to me.

> And, here's what I'm seeing in jk.log when I try to access my test
> URL (via the Apache): [...] [Fri Dec 02 14:04:50.022 2011]
> [744:560] [debug] jk_translate::mod_jk.c (3488): missing uri map
> for apache1.whatever.com:/samplesajp/ssoAMTomcatTest.jsp [Fri Dec
> 02 14:04:50.022 2011] [744:560] [debug] jk_map_to_storage::mod_jk.c
> (3647): missing uri map for
> apache1.whatever.com:/samplesajp/ssoAMTomcatTest.jsp

That certainly looks like you don't have any JkMounts in your
VirtualHost. Try using JkMountCopy (if you want to be lazy) or move
your JkMount directives into the <VirtualHost> that you are using.

> Shouldn't the one "JkMount /samplesajp/*" that I have be enough to
> proxy through the mod_jk?
> 
> Also, why is it appearing to try to process the "/oam/..." URIs?

mod_jk has to consider all URIs to determine if it's going to forward
them. In that case, it wouldn't have forwarded to Tomcat because it
wouldn't have matched any JkMount directive.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7ZNGcACgkQ9CaO5/Lv0PBesgCbBFKtc3b2FQyfZBt9hlRwa3BA
9PYAoKF8KB6OuZDSovKDQmt03t5ilfPx
=67UA
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message