You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bill Doster <bi...@umich.edu> on 2007/06/06 23:44:03 UTC

Re: passing user variable from apache2.2 via mod_proxy_ajp to tomcat5.5? -- SOLVED

Another google ("mod_proxy_ajp REMOTE_USER tomcat") resulted in  
pointers to:

	http://mailman1.u.washington.edu/pipermail/pubcookie-users/2006-July/ 
001527.html

which in turn mentioned that adding:

	tomcatAuthentication="false"

to the AJP13 connector statement below (from %CATALINA_HOME%/conf/ 
server.xml) caused
things to work.

Now my servlet invokes the following with good results:

	import javax.servlet.*;
	import javax.servlet.http.*;

	HttpServletRequest	request <-- input argument for doGet()
	String user = request.getRemoteUser();

	this.log("user:" + user);

causes "user: <user>" to show up in catalina.out.

On Jun 6, 2007, at 4:54 PM, Bill Doster wrote:
> Yep.  I actually *do" have the ajp request getting handled by using:
>
>>> ProxyPass   /HelloWorld   ajp://locahost:8009/HelloWorld
>
> 			(note "ajp//:" not "http://")
>
> as well as enabling the AJP13 connector in server.xml via:
>
> 	<Connector port="8009" enableLookups="false" redirectPort="8443"  
> protocol="AJP/1.3" />
>
> The *problem* that I'm having is that I can NOT determine how to  
> access the equivalent of
> "REMOTE_USER" from a tomcat servlet.
>
>    request.getRemoteUser() is null (since no Authorization header  
> was provided)
>    System.getenv("REMOTE_USER") is not getting set by tomcat
>
> From looking at the source for mod_proxy_ajp (in ajp_header.c) it  
> looks like user value gets passed
> in the ajp protocol to the tomcat ajp13 listener on port 8009.  I  
> was kinda hoping that someone
> else could tell me how tomcat makes this user value available to a  
> servlet container.
>
> On Jun 6, 2007, at 4:35 PM, Martin Gainty wrote:
>> following
>> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
>>
>> I *thought* ProxyPass was
>>
>> ProxyPass /mirror/foo/ http://foo.com/
>> cause a local request for the
>> <http://wibble.org/mirror/foo/bar> to be internally converted into  
>> a proxy request to
>> <http://foo.com/bar>.
>>
>> so..
>> ProxyPass   /HelloWorld   http://locahost:8009/
>>
>> causes a local request for the
>> http://HelloWorld/HelloWorld
>>
>> will yield
>> http://localhost:8009/HelloWorld
>>
>> ajp is configured by enabling the AJP13 connector in Tomcat % 
>> CATALINA_HOME%/conf/server.xml on Port 8009
>> http://www.onjava.com/pub/a/onjava/2002/11/20/tomcat.html
>
>> From: "Bill Doster" <bi...@umich.edu>
>>> On FC6 (intel), I need to have tomcat servlets know the user   
>>> associated with each ajp request.
>>>
>>> After authenticating (I'm using mod_cosign), when I load https:// 
>>> host/ cgi-bin/hi (a shell script which outputs html-ized "Hello   
>>> $REMOTE_USER" the web-page returned is "Hello <user>" for  
>>> whatever  user I authenticated as.
>>>
>>> I've got mod_proxy_ajp set-up to:
>>>
>>> ProxyPass   /HelloWorld   ajp://locahost:8009/HelloWorld
>>>
>>> Since I have the entire host set-up to be cosign-authenticated,  
>>> accessing:
>>>
>>> https://host/HelloWorld/HelloWorld
>>>
>>> causes cosign to force authentication (iff I haven't already).   
>>> Then  the request gets passed via mod_proxy_ajp
>>> to tomcat (running on the same host on port 8009).  HelloWorld   
>>> happily executes, but all the ways that I've coded that I  
>>> thought  would receive the connection user... haven't.
>>>
>>> Since I'm very much a beginner Java person, I've tried googling  
>>> and FAQ'ing around but ended up following numerous dead ends.   
>>> I've read  over the mod_proxy_ajp source and from ajp_header.c it  
>>> certainly  seems like "user" is always provided to tomcat as long  
>>> as user is set  for the connection (on the apache side).
>>>
>>> I'd really appreciate any tips on how to access this from a  
>>> servlet running under Tomcat.  Or any tips that would enable me  
>>> to at least  prove to myself that tomcat received it from  
>>> mod_proxy_ajp (like how  to tinker with tomcat logging).
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org