You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bill Doster <bi...@umich.edu> on 2007/06/06 21:49:23 UTC
passing user variable from apache2.2 via mod_proxy_ajp to tomcat5.5?
On FC6 (intel), I need to have tomcat servlets know the user
associated with each ajp request.
After authenticating (I'm using mod_cosign), when I load https://host/
cgi-bin/hi (a shell script which outputs html-ized "Hello
$REMOTE_USER" the web-page returned is "Hello <user>" for whatever
user I authenticated as.
I've got mod_proxy_ajp set-up to:
ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
Since I have the entire host set-up to be cosign-authenticated,
accessing:
https://host/HelloWorld/HelloWorld
causes cosign to force authentication (iff I haven't already). Then
the request gets passed via mod_proxy_ajp
to tomcat (running on the same host on port 8009). HelloWorld
happily executes, but all the ways that I've coded that I thought
would receive the connection user... haven't.
Since I'm very much a beginner Java person, I've tried googling and
FAQ'ing around but ended up following numerous dead ends. I've read
over the mod_proxy_ajp source and from ajp_header.c it certainly
seems like "user" is always provided to tomcat as long as user is set
for the connection (on the apache side).
I'd really appreciate any tips on how to access this from a servlet
running under Tomcat. Or any tips that would enable me to at least
prove to myself that tomcat received it from mod_proxy_ajp (like how
to tinker with tomcat logging).
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: passing user variable from apache2.2 via mod_proxy_ajp to tomcat5.5? -- SOLVED
Posted by Bill Doster <bi...@umich.edu>.
Another google ("mod_proxy_ajp REMOTE_USER tomcat") resulted in
pointers to:
http://mailman1.u.washington.edu/pipermail/pubcookie-users/2006-July/
001527.html
which in turn mentioned that adding:
tomcatAuthentication="false"
to the AJP13 connector statement below (from %CATALINA_HOME%/conf/
server.xml) caused
things to work.
Now my servlet invokes the following with good results:
import javax.servlet.*;
import javax.servlet.http.*;
HttpServletRequest request <-- input argument for doGet()
String user = request.getRemoteUser();
this.log("user:" + user);
causes "user: <user>" to show up in catalina.out.
On Jun 6, 2007, at 4:54 PM, Bill Doster wrote:
> Yep. I actually *do" have the ajp request getting handled by using:
>
>>> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
>
> (note "ajp//:" not "http://")
>
> as well as enabling the AJP13 connector in server.xml via:
>
> <Connector port="8009" enableLookups="false" redirectPort="8443"
> protocol="AJP/1.3" />
>
> The *problem* that I'm having is that I can NOT determine how to
> access the equivalent of
> "REMOTE_USER" from a tomcat servlet.
>
> request.getRemoteUser() is null (since no Authorization header
> was provided)
> System.getenv("REMOTE_USER") is not getting set by tomcat
>
> From looking at the source for mod_proxy_ajp (in ajp_header.c) it
> looks like user value gets passed
> in the ajp protocol to the tomcat ajp13 listener on port 8009. I
> was kinda hoping that someone
> else could tell me how tomcat makes this user value available to a
> servlet container.
>
> On Jun 6, 2007, at 4:35 PM, Martin Gainty wrote:
>> following
>> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
>>
>> I *thought* ProxyPass was
>>
>> ProxyPass /mirror/foo/ http://foo.com/
>> cause a local request for the
>> <http://wibble.org/mirror/foo/bar> to be internally converted into
>> a proxy request to
>> <http://foo.com/bar>.
>>
>> so..
>> ProxyPass /HelloWorld http://locahost:8009/
>>
>> causes a local request for the
>> http://HelloWorld/HelloWorld
>>
>> will yield
>> http://localhost:8009/HelloWorld
>>
>> ajp is configured by enabling the AJP13 connector in Tomcat %
>> CATALINA_HOME%/conf/server.xml on Port 8009
>> http://www.onjava.com/pub/a/onjava/2002/11/20/tomcat.html
>
>> From: "Bill Doster" <bi...@umich.edu>
>>> On FC6 (intel), I need to have tomcat servlets know the user
>>> associated with each ajp request.
>>>
>>> After authenticating (I'm using mod_cosign), when I load https://
>>> host/ cgi-bin/hi (a shell script which outputs html-ized "Hello
>>> $REMOTE_USER" the web-page returned is "Hello <user>" for
>>> whatever user I authenticated as.
>>>
>>> I've got mod_proxy_ajp set-up to:
>>>
>>> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
>>>
>>> Since I have the entire host set-up to be cosign-authenticated,
>>> accessing:
>>>
>>> https://host/HelloWorld/HelloWorld
>>>
>>> causes cosign to force authentication (iff I haven't already).
>>> Then the request gets passed via mod_proxy_ajp
>>> to tomcat (running on the same host on port 8009). HelloWorld
>>> happily executes, but all the ways that I've coded that I
>>> thought would receive the connection user... haven't.
>>>
>>> Since I'm very much a beginner Java person, I've tried googling
>>> and FAQ'ing around but ended up following numerous dead ends.
>>> I've read over the mod_proxy_ajp source and from ajp_header.c it
>>> certainly seems like "user" is always provided to tomcat as long
>>> as user is set for the connection (on the apache side).
>>>
>>> I'd really appreciate any tips on how to access this from a
>>> servlet running under Tomcat. Or any tips that would enable me
>>> to at least prove to myself that tomcat received it from
>>> mod_proxy_ajp (like how to tinker with tomcat logging).
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: passing user variable from apache2.2 via mod_proxy_ajp to tomcat5.5?
Posted by Bill Doster <bi...@umich.edu>.
Yep. I actually *do" have the ajp request getting handled by using:
>> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
(note "ajp//:" not "http://")
as well as enabling the AJP13 connector in server.xml via:
<Connector port="8009" enableLookups="false" redirectPort="8443"
protocol="AJP/1.3" />
The *problem* that I'm having is that I can NOT determine how to
access the equivalent of
"REMOTE_USER" from a tomcat servlet.
request.getRemoteUser() is null (since no Authorization header
was provided)
System.getenv("REMOTE_USER") is not getting set by tomcat
From looking at the source for mod_proxy_ajp (in ajp_header.c) it
looks like user value gets passed
in the ajp protocol to the tomcat ajp13 listener on port 8009. I was
kinda hoping that someone
else could tell me how tomcat makes this user value available to a
servlet container.
On Jun 6, 2007, at 4:35 PM, Martin Gainty wrote:
> following
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
>
> I *thought* ProxyPass was
>
> ProxyPass /mirror/foo/ http://foo.com/
> cause a local request for the
> <http://wibble.org/mirror/foo/bar> to be internally converted into
> a proxy request to
> <http://foo.com/bar>.
>
> so..
> ProxyPass /HelloWorld http://locahost:8009/
>
> causes a local request for the
> http://HelloWorld/HelloWorld
>
> will yield
> http://localhost:8009/HelloWorld
>
> ajp is configured by enabling the AJP13 connector in Tomcat %
> CATALINA_HOME%/conf/server.xml on Port 8009
> http://www.onjava.com/pub/a/onjava/2002/11/20/tomcat.html
> From: "Bill Doster" <bi...@umich.edu>
>> On FC6 (intel), I need to have tomcat servlets know the user
>> associated with each ajp request.
>>
>> After authenticating (I'm using mod_cosign), when I load https://
>> host/ cgi-bin/hi (a shell script which outputs html-ized "Hello
>> $REMOTE_USER" the web-page returned is "Hello <user>" for
>> whatever user I authenticated as.
>>
>> I've got mod_proxy_ajp set-up to:
>>
>> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
>>
>> Since I have the entire host set-up to be cosign-authenticated,
>> accessing:
>>
>> https://host/HelloWorld/HelloWorld
>>
>> causes cosign to force authentication (iff I haven't already).
>> Then the request gets passed via mod_proxy_ajp
>> to tomcat (running on the same host on port 8009). HelloWorld
>> happily executes, but all the ways that I've coded that I thought
>> would receive the connection user... haven't.
>>
>> Since I'm very much a beginner Java person, I've tried googling
>> and FAQ'ing around but ended up following numerous dead ends.
>> I've read over the mod_proxy_ajp source and from ajp_header.c it
>> certainly seems like "user" is always provided to tomcat as long
>> as user is set for the connection (on the apache side).
>>
>> I'd really appreciate any tips on how to access this from a
>> servlet running under Tomcat. Or any tips that would enable me to
>> at least prove to myself that tomcat received it from
>> mod_proxy_ajp (like how to tinker with tomcat logging).
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: passing user variable from apache2.2 via mod_proxy_ajp to tomcat5.5?
Posted by Martin Gainty <mg...@hotmail.com>.
Hi Bill-
following
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
I *thought* ProxyPass was
ProxyPass /mirror/foo/ http://foo.com/
cause a local request for the
<http://wibble.org/mirror/foo/bar> to be internally converted into a proxy
request to
<http://foo.com/bar>.
so..
ProxyPass /HelloWorld http://locahost:8009/
causes a local request for the
http://HelloWorld/HelloWorld
will yield
http://localhost:8009/HelloWorld
ajp is configured by enabling the AJP13 connector in Tomcat
%CATALINA_HOME%/conf/server.xml on Port 8009
http://www.onjava.com/pub/a/onjava/2002/11/20/tomcat.html
HTH/
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: "Bill Doster" <bi...@umich.edu>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Cc: "Bill Doster" <bi...@umich.edu>
Sent: Wednesday, June 06, 2007 3:49 PM
Subject: passing user variable from apache2.2 via mod_proxy_ajp to
tomcat5.5?
> On FC6 (intel), I need to have tomcat servlets know the user associated
> with each ajp request.
>
> After authenticating (I'm using mod_cosign), when I load https://host/
> cgi-bin/hi (a shell script which outputs html-ized "Hello $REMOTE_USER"
> the web-page returned is "Hello <user>" for whatever user I authenticated
> as.
>
> I've got mod_proxy_ajp set-up to:
>
> ProxyPass /HelloWorld ajp://locahost:8009/HelloWorld
>
> Since I have the entire host set-up to be cosign-authenticated,
> accessing:
>
> https://host/HelloWorld/HelloWorld
>
> causes cosign to force authentication (iff I haven't already). Then the
> request gets passed via mod_proxy_ajp
> to tomcat (running on the same host on port 8009). HelloWorld happily
> executes, but all the ways that I've coded that I thought would receive
> the connection user... haven't.
>
> Since I'm very much a beginner Java person, I've tried googling and
> FAQ'ing around but ended up following numerous dead ends. I've read over
> the mod_proxy_ajp source and from ajp_header.c it certainly seems like
> "user" is always provided to tomcat as long as user is set for the
> connection (on the apache side).
>
> I'd really appreciate any tips on how to access this from a servlet
> running under Tomcat. Or any tips that would enable me to at least prove
> to myself that tomcat received it from mod_proxy_ajp (like how to tinker
> with tomcat logging).
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org