tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: REMOTE_USER with Apache 2.2.9 (Debian) + Tomcat 6.0.18 + mod_auth_kerb
Date Sun, 28 Jun 2009 03:31:04 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maciej

On 6/24/2009 10:15 AM, Maciej Matecki wrote:
> I've got the big problem with forward REMOTE_HOST from Apache to
> Tomcat. On the Apache side everything works ok. I've tested it with
> PHP script and it simply works. But on the Tomcat side REMOTE_USER
> header value is not available.

[snip]

> What I've already done is testing for many different ways:
> 1) rewriting: http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg00009.html
> 2) tomcatAuthentication set to false

Which connector are you using? AJP or HTTP? If AJP, are you using
mod_proxy_ajp or mod_jk?

> If I use JkEnvVar REMOTE_HOST I've got attribute available on the
> Tomcat side, but I need that value in header (I want to use
> RequestHeaderPreAuthenticatedProcessingFilter from Spring Security).

You're going to have to do some kind of re-writing to get this in an
HTTP header instead of a request attribute.

Only mod_jk supports JkEnvVar, but the documentation states:

"
If the default value is not given explicitly, the variable will only be
send, if it is set during runtime.
"

It's unclear if "during runtime" means that the value must be calculated
somehow from within httpd, or if the value must be specified in the
original request.

In either case, the JkEnvVar option will only provide these values to
the request attributes. If you want them to act like headers, you're
doing to need to do something else.

mod_headers is a good bet, but then you need to use mod_proxy_http
instead of mod_jk or mod_proxy_ajp because I don't think mod_jk will
forward automagically-generated HTTP headers over the AJP connection.
You could always try to set something simple (like setting FOO=BAR) and
seeing if Tomcat receives it properly.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkpG4/gACgkQ9CaO5/Lv0PAAgwCgnOVyNL1R4RS32enYKDDPrv4c
SG4AniZanN84Ugmi9t0y0YernnJXIB0r
=4Veb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message