tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: AJP and attributes versus headers
Date Tue, 11 Feb 2014 20:11:12 GMT
Elliot Kendall wrote:
>> You could try setting tomcatAuthentification="false" on your AJP connector
>> in server.xml. If Shibboleth put the value in REMOTE_USER as it should then
>> tomcat should pick it up as the principal.
>> Be aware that you should protect your ajp connector so that no other
>> machine than your Apache can connect to it.
> This was one of the first things I tried, and when it didn't work I
> thought I must be missing something. Of course, now that you've
> inspired me to try again it works flawlessly. Thanks!
> I am still curious as to why the AJP connector populates incoming
> request headers as attributes, though.

It doesn't.  Read the previous responses.
Incoming HTTP request headers are passed to Tomcat as HTTP request headers.
Request attributes are something else.

  It seems like it has the
> potential to cause problems without offering any obvious benefits.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message