You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bill Doster <bi...@umich.edu> on 2007/06/06 23:44:03 UTC
Re: passing user variable from apache2.2 via mod_proxy_ajp to tomcat5.5? -- SOLVED
Another google ("mod_proxy_ajp REMOTE_USER tomcat") resulted in
pointers to:
http://mailman1.u.washington.edu/pipermail/pubcookie-users/2006-July/
001527.html
which in turn mentioned that adding:
tomcatAuthentication="false"
to the AJP13 connector statement below (from %CATALINA_HOME%/conf/
server.xml) caused
things to work.
Now my servlet invokes the following with good results:
import javax.servlet.*;
import javax.servlet.http.*;
HttpServletRequest request <-- input argument for doGet()
String user = request.getRemoteUser();
this.log("user:" + user);
causes "user: <user>" to show up in catalina.out.
On Jun 6, 2007, at 4:54 PM, Bill Doster wrote:
> Yep. I actually *do" have the ajp request getting handled by using:
>
>>> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
>
> (note "ajp//:" not "http://")
>
> as well as enabling the AJP13 connector in server.xml via:
>
> <Connector port="8009" enableLookups="false" redirectPort="8443"
> protocol="AJP/1.3" />
>
> The *problem* that I'm having is that I can NOT determine how to
> access the equivalent of
> "REMOTE_USER" from a tomcat servlet.
>
> request.getRemoteUser() is null (since no Authorization header
> was provided)
> System.getenv("REMOTE_USER") is not getting set by tomcat
>
> From looking at the source for mod_proxy_ajp (in ajp_header.c) it
> looks like user value gets passed
> in the ajp protocol to the tomcat ajp13 listener on port 8009. I
> was kinda hoping that someone
> else could tell me how tomcat makes this user value available to a
> servlet container.
>
> On Jun 6, 2007, at 4:35 PM, Martin Gainty wrote:
>> following
>> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
>>
>> I *thought* ProxyPass was
>>
>> ProxyPass /mirror/foo/ http://foo.com/
>> cause a local request for the
>> <http://wibble.org/mirror/foo/bar> to be internally converted into
>> a proxy request to
>> <http://foo.com/bar>.
>>
>> so..
>> ProxyPass /HelloWorld http://locahost:8009/
>>
>> causes a local request for the
>> http://HelloWorld/HelloWorld
>>
>> will yield
>> http://localhost:8009/HelloWorld
>>
>> ajp is configured by enabling the AJP13 connector in Tomcat %
>> CATALINA_HOME%/conf/server.xml on Port 8009
>> http://www.onjava.com/pub/a/onjava/2002/11/20/tomcat.html
>
>> From: "Bill Doster" <bi...@umich.edu>
>>> On FC6 (intel), I need to have tomcat servlets know the user
>>> associated with each ajp request.
>>>
>>> After authenticating (I'm using mod_cosign), when I load https://
>>> host/ cgi-bin/hi (a shell script which outputs html-ized "Hello
>>> $REMOTE_USER" the web-page returned is "Hello <user>" for
>>> whatever user I authenticated as.
>>>
>>> I've got mod_proxy_ajp set-up to:
>>>
>>> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
>>>
>>> Since I have the entire host set-up to be cosign-authenticated,
>>> accessing:
>>>
>>> https://host/HelloWorld/HelloWorld
>>>
>>> causes cosign to force authentication (iff I haven't already).
>>> Then the request gets passed via mod_proxy_ajp
>>> to tomcat (running on the same host on port 8009). HelloWorld
>>> happily executes, but all the ways that I've coded that I
>>> thought would receive the connection user... haven't.
>>>
>>> Since I'm very much a beginner Java person, I've tried googling
>>> and FAQ'ing around but ended up following numerous dead ends.
>>> I've read over the mod_proxy_ajp source and from ajp_header.c it
>>> certainly seems like "user" is always provided to tomcat as long
>>> as user is set for the connection (on the apache side).
>>>
>>> I'd really appreciate any tips on how to access this from a
>>> servlet running under Tomcat. Or any tips that would enable me
>>> to at least prove to myself that tomcat received it from
>>> mod_proxy_ajp (like how to tinker with tomcat logging).
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org