getting user info in a HTTP Server / Tomcat proxy configuration

[Bill Higgins <bi...@gmail.com>]

We currently have a proxy server that has both Apache HTTP Server and Tomcat
installed, with httpd acting as both a proxy for the local Tomcat
installation, and also for a number of downstream servers.  Currently we use
httpd Basic Auth on the proxy box and send the Basic Auth header downstream
to the other servers.

We would like to begin using Tomcat form based authentication on the proxy
box and somehow only send the user id on to downstream servers as a custom
HTTP header.  My question is this:

Is it possible for Apache HTTP Server to defer authentication to Tomcat
(which will use form based auth), and then ask Tomcat for (essentially) the
value of 'HttpServletRequest#getRemoteUser()' to send to the downstream
servers?

E.g. here's the desired behavior

1.  Unauthenticated user sends request to proxy box
2.  Apache HTTP Server determines that the request is intended for the local
Tomcat defers processing to Tomcat
3.  Tomcat determines that the requested URI is a protected resource and
therefore redirects the user to login page; user successfully logs on and
Tomcat redirects to originally requested page

(later)

1.  User authenticated in flow 1 now attempts to reach a URI that Apache
HTTP Server determines should be handled by a downstream server
2.  Apache server asks Tomcat for the authenticated user's username and adds
this information as a custom header on the request to downstream server (e.g.
X-Userid: JohnS)

-- 

- Bill