tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Kahle <>
Subject Accessing CoyoteRequest attributes in a Servlet
Date Tue, 18 Sep 2012 13:11:07 GMT
Hi all,

I am trying to set up a Java Web Application using Servlets and JSPs in
Tomcat 7. User authentication should be done on a central Shibboleth
Identity Provider.
I have already configured Apache including mod_ssl, mod_proxy_ajp and
the shib2 module following these instructions:
The redirect to the central login page works and, after entering my
credentials, the session is correctly created by the identity provider
and I am forwarded to my webapp.

At this point I should have different attributes in my session, such as
the user's email address, name and so on.
But these are stored in the coyoteRequest attributes, which I can
observe while debugging in Eclipse. As the coyoteRequest is a protected
field of org.apache.catalina.connector.Request which again is a field of
the RequestFacade I can not get any of these values.
What I get is ONE of the attributes in the REMOTE_USER field (compare 2.
in the instructions above).
By setting "ShibUseHeaders On" in apache I get all of the attributes in
the request headers, but this is not recommended for security reasons.

Is there any way to access the coyoteRequest in a servlet or at least
configure tomcat to transfer more attributes to the servletRequest?

My current connector configuration in server.xml looks like this:
<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8081"
protocol="HTTP/1.1" redirectPort="8444"/>
<Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false"
maxThreads="150" port="8444" protocol="HTTP/1.1" scheme="https"
secure="true" sslProtocol="TLS"/>
<Connector URIEncoding="UTF-8" port="8010" protocol="AJP/1.3"
redirectPort="8444" tomcatAuthentication="false" packetSize="65536"/>

Many thanks and best regards,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message