Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C65F4100B5 for ; Thu, 6 Jun 2013 22:45:33 +0000 (UTC) Received: (qmail 98899 invoked by uid 500); 6 Jun 2013 22:45:30 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 98794 invoked by uid 500); 6 Jun 2013 22:45:30 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 98785 invoked by uid 99); 6 Jun 2013 22:45:30 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Jun 2013 22:45:30 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of xsdg@google.com designates 209.85.128.45 as permitted sender) Received: from [209.85.128.45] (HELO mail-qe0-f45.google.com) (209.85.128.45) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Jun 2013 22:45:25 +0000 Received: by mail-qe0-f45.google.com with SMTP id q19so2314673qeb.18 for ; Thu, 06 Jun 2013 15:45:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=G50mIBifrd9hTLF2pgIxLHO4mLUVJcS5cmBvQZ/940k=; b=cIVkoXlAuLeOh8RjX71djvmgaZyDZRCcjhTEkzYB+pQqeiY/aFyPQPFvNv3UwedBj1 LqtaEgUILy0aqxu8z0hLUqC4OmU/ITIHyM021451z71t2CUwG9mSzt0vWKM4jq53XuFv /RV9nJK8qBvyZJRgA8k4N3sWD5VSullrtnNFI+T5tOUIN3yXGRcETuCuLWKXTcoaxc59 DPOdXImczQwAXYTihv+iFsBLG2twi1MoKN35dK0IgqcdEKWF25C3txVWpzGYSPni1WMt kgqQRChFobaou+mqg4yRvNY18P6GcYOGVQMnMqWg+XkACteHeEByb26DLnGOtmfqm4rh 9w+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=G50mIBifrd9hTLF2pgIxLHO4mLUVJcS5cmBvQZ/940k=; b=eEyzSgQnYwvIGIlZplsE39u5o6gwbJm6YM0lEZ2nhgYBe9Sft/ixodISfEHPL75NfT z1TypZ+S/lVVdb4jije+b1sujen4ZoZFUmQaK+NS3QDkjg9JqJ5rLkfEO9dHPnpEsX1k bBHTiB1+ZAEOrj1G8nP+5O4wyI8hk5dIK710rsIDct8iiPOo/N4uD+PmBab6Vd5ajls3 vlyaYgwfIhtDEfSC9s5CZnCBs4o6KGGczta8MhsQh0nNsjcY0iNEbfq9tOAZb3ne5auw f9YxK6rk1AOUzhI96kEixz/0Y9ItXPi2jwZL5DTxAFznT/IkfCWoBAZMZ3IPB/XEDqkk 6O1Q== MIME-Version: 1.0 X-Received: by 10.49.128.7 with SMTP id nk7mr42652371qeb.35.1370558704269; Thu, 06 Jun 2013 15:45:04 -0700 (PDT) Received: by 10.229.135.198 with HTTP; Thu, 6 Jun 2013 15:45:04 -0700 (PDT) In-Reply-To: References: <51B03852.5080006@kippdata.de> Date: Thu, 6 Jun 2013 15:45:04 -0700 Message-ID: Subject: Re: How to get SSL connection information from Apache HTTPD over AJP? From: Omari Stephens To: Martin Gainty Cc: Tomcat Users List Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQlJRv00h8lNVQyK5m0Zb3JwyhTFnPLVAvmUNGLcFEepMcCgCYVc55ouJJTrywY51UmXKJDmk7D72WUxOWeXVN/wd5rGzb0wZh1ZOmOVGX6QiFUI6j6iq/7V7VRUZ9+U+1uRmGfWUnvigcXDSuFX7AjR06aPy66qZpxOCHlhI78dLokUOLN+Yzz4Dwby/h4RdJATQdVx X-Virus-Checked: Checked by ClamAV on apache.org [re-adding mailing list] Martin: Everything is working perfectly on the Apache side. If I run this CGI: """ #!/bin/sh printf "Content-Type: text/plain\r\n\r\n" env | sort """ I get, among other variables: HTTPS=on REMOTE_USER=xsdg SERVER_PORT=443 SSL_PROTOCOL=TLSv1 What I want is to somehow retrieve the username "xsdg" (or whatever it may be) from the Servlet. That is all I want. So far, I can't see how to do that, including after I've set tomcatAuthentication="false" in the Connector definition. --xsdg On Thu, Jun 6, 2013 at 3:18 PM, Martin Gainty wrote: > getAuthType() > Returns the name of the authentication scheme used to protect the servlet > > you dont have SSL setup on TC do the method will always return null > > you will need to get Mod-ssl setup on your Apache Server beforehand > http://www.modssl.org/example/ > > Martin > ______________________________________________ > Verzicht und Vertraulichkeitanmerkung > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte > Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht > dient lediglich dem Austausch von Informationen und entfaltet keine > rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von > E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > > > > > > >> Date: Thu, 6 Jun 2013 15:02:04 -0700 >> Subject: Re: How to get SSL connection information from Apache HTTPD over >> AJP? >> From: xsdg@google.com >> To: users@tomcat.apache.org > >> >> Howdy, Rainier >> >> Thanks for the response. I gave this a shot, but I'm not seeing any >> change at the Servlet level. After your advice, I changed my >> Connector definition to this: >> > tomcatAuthentication="false" /> >> >> Is there any change I need to make on the httpd side? I've restarted >> both tomcat and httpd, and I still get null from both >> request.getRemoteUser() and request.getAuthType(). >> >> Moreover, is there somewhere I can turn on debugging to see if the >> setting is at least getting picked up properly? I intentionally >> introduced a typo into an attribute name, and saw no change in >> behavior or other warnings or errors, which is somewhat disconcerting. >> >> Thanks, >> --xsdg >> >> >> On Thu, Jun 6, 2013 at 12:20 AM, Rainer Jung >> wrote: >> > On 06.06.2013 07:23, Omari Stephens wrote: >> >> Howdy, y'all >> >> >> >> I'm working on porting a pure java CGI to a servlet. I'm using Tomcat >> >> 6 behind Apache HTTPD 2.2. >> >> >> >> At this point, I have everything talking to each other fine. When I >> >> hit the right URL on httpd, my servlet gets run. yay. >> >> >> >> My question: incoming connections to httpd are over SSL. For the CGI, >> >> apache sets user-identifying information in the environment, so that I >> >> can read a particular environment variable and uniquely identify the >> >> user making the request. >> >> >> >> So far, I can't figure out how to uniquely identify the user from the >> >> Tomcat side. All of the obvious methods (like #getRemoteUser()) from >> >> HttpServletRequest return null. I see "JkEnvVar" at >> >> http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html, >> >> but either that only copies variables from Apache's environment >> >> (rather than ones that it sets for CGI), or I'm not using it >> >> correctly. >> >> >> >> Lastly, I'm not hitting Tomcat SSL directly because I depend on a >> >> module that only exists for Apache HTTPD. >> > >> > Set tomcatAuthentication="false" in your ajp connector. >> > >> > See tomcatAuthentication on page >> > http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html. >> > >> > Setting it to "false" means that Tomcat will not authenticate the user >> > but instead fully trust the remoteUser send by Apache. default is >> > "true". >> > >> > Note that this is not really related to the subject of your mail (SSL >> > connection information). >> > >> > Regards, >> > >> > Rainer >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> > For additional commands, e-mail: users-help@tomcat.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org