tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omari Stephens <x...@google.com>
Subject Re: How to get SSL connection information from Apache HTTPD over AJP?
Date Thu, 06 Jun 2013 22:45:04 GMT
[re-adding mailing list]

Martin:
Everything is working perfectly on the Apache side.  If I run this CGI:
"""
#!/bin/sh

printf "Content-Type: text/plain\r\n\r\n"

env | sort
"""

I get, among other variables:
HTTPS=on
REMOTE_USER=xsdg
SERVER_PORT=443
SSL_PROTOCOL=TLSv1

What I want is to somehow retrieve the username "xsdg" (or whatever it
may be) from the Servlet.  That is all I want.  So far, I can't see
how to do that, including after I've set tomcatAuthentication="false"
in the Connector definition.

--xsdg

On Thu, Jun 6, 2013 at 3:18 PM, Martin Gainty <mgainty@hotmail.com> wrote:
> getAuthType()
> Returns the name of the authentication scheme used to protect the servlet
>
> you dont have SSL setup on TC do the method will always return null
>
> you will need to get Mod-ssl setup on your Apache Server beforehand
> http://www.modssl.org/example/
>
> Martin
> ______________________________________________
> Verzicht und Vertraulichkeitanmerkung
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>
>
>
>
>
>
>> Date: Thu, 6 Jun 2013 15:02:04 -0700
>> Subject: Re: How to get SSL connection information from Apache HTTPD over
>> AJP?
>> From: xsdg@google.com
>> To: users@tomcat.apache.org
>
>>
>> Howdy, Rainier
>>
>> Thanks for the response. I gave this a shot, but I'm not seeing any
>> change at the Servlet level. After your advice, I changed my
>> Connector definition to this:
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>> tomcatAuthentication="false" />
>>
>> Is there any change I need to make on the httpd side? I've restarted
>> both tomcat and httpd, and I still get null from both
>> request.getRemoteUser() and request.getAuthType().
>>
>> Moreover, is there somewhere I can turn on debugging to see if the
>> setting is at least getting picked up properly? I intentionally
>> introduced a typo into an attribute name, and saw no change in
>> behavior or other warnings or errors, which is somewhat disconcerting.
>>
>> Thanks,
>> --xsdg
>>
>>
>> On Thu, Jun 6, 2013 at 12:20 AM, Rainer Jung <rainer.jung@kippdata.de>
>> wrote:
>> > On 06.06.2013 07:23, Omari Stephens wrote:
>> >> Howdy, y'all
>> >>
>> >> I'm working on porting a pure java CGI to a servlet. I'm using Tomcat
>> >> 6 behind Apache HTTPD 2.2.
>> >>
>> >> At this point, I have everything talking to each other fine. When I
>> >> hit the right URL on httpd, my servlet gets run. yay.
>> >>
>> >> My question: incoming connections to httpd are over SSL. For the CGI,
>> >> apache sets user-identifying information in the environment, so that I
>> >> can read a particular environment variable and uniquely identify the
>> >> user making the request.
>> >>
>> >> So far, I can't figure out how to uniquely identify the user from the
>> >> Tomcat side. All of the obvious methods (like #getRemoteUser()) from
>> >> HttpServletRequest return null. I see "JkEnvVar" at
>> >> http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html,
>> >> but either that only copies variables from Apache's environment
>> >> (rather than ones that it sets for CGI), or I'm not using it
>> >> correctly.
>> >>
>> >> Lastly, I'm not hitting Tomcat SSL directly because I depend on a
>> >> module that only exists for Apache HTTPD.
>> >
>> > Set tomcatAuthentication="false" in your ajp connector.
>> >
>> > See tomcatAuthentication on page
>> > http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html.
>> >
>> > Setting it to "false" means that Tomcat will not authenticate the user
>> > but instead fully trust the remoteUser send by Apache. default is
>> > "true".
>> >
>> > Note that this is not really related to the subject of your mail (SSL
>> > connection information).
>> >
>> > Regards,
>> >
>> > Rainer
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> > For additional commands, e-mail: users-help@tomcat.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message