tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omari Stephens <>
Subject Re: How to get SSL connection information from Apache HTTPD over AJP?
Date Thu, 06 Jun 2013 22:02:04 GMT
Howdy, Rainier

Thanks for the response.  I gave this a shot, but I'm not seeing any
change at the Servlet level.  After your advice, I changed my
Connector definition to this:
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
tomcatAuthentication="false" />

Is there any change I need to make on the httpd side?  I've restarted
both tomcat and httpd, and I still get null from both
request.getRemoteUser() and request.getAuthType().

Moreover, is there somewhere I can turn on debugging to see if the
setting is at least getting picked up properly?  I intentionally
introduced a typo into an attribute name, and saw no change in
behavior or other warnings or errors, which is somewhat disconcerting.


On Thu, Jun 6, 2013 at 12:20 AM, Rainer Jung <> wrote:
> On 06.06.2013 07:23, Omari Stephens wrote:
>> Howdy, y'all
>> I'm working on porting a pure java CGI to a servlet.  I'm using Tomcat
>> 6 behind Apache HTTPD 2.2.
>> At this point, I have everything talking to each other fine.  When I
>> hit the right URL on httpd, my servlet gets run.  yay.
>> My question: incoming connections to httpd are over SSL.  For the CGI,
>> apache sets user-identifying information in the environment, so that I
>> can read a particular environment variable and uniquely identify the
>> user making the request.
>> So far, I can't figure out how to uniquely identify the user from the
>> Tomcat side.  All of the obvious methods (like #getRemoteUser()) from
>> HttpServletRequest return null.  I see "JkEnvVar" at
>> but either that only copies variables from Apache's environment
>> (rather than ones that it sets for CGI), or I'm not using it
>> correctly.
>> Lastly, I'm not hitting Tomcat SSL directly because I depend on a
>> module that only exists for Apache HTTPD.
> Set tomcatAuthentication="false" in your ajp connector.
> See tomcatAuthentication on page
> Setting it to "false" means that Tomcat will not authenticate the user
> but instead fully trust the remoteUser send by Apache. default is "true".
> Note that this is not really related to the subject of your mail (SSL
> connection information).
> Regards,
> Rainer
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message