You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Francesco Sordillo <f....@cineca.it> on 2012/05/08 12:14:11 UTC
[users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Hi to all.
I'm running JBoss 5.1.2 with Apache 2.2 with mod_proxy_ajp and mod_shib
2.4 on RHEL 6.2 environment, so Shibboleth as SSO authentication.
Proxying Apache request to JBoss we are not able to retreive REMOTE_USER
via request attribute. An example of application code is:
String username = (String) request.getAttribute("REMOTE_USER");
but, as I said before, REMOTE_USER is not in the attribute header! The
problem is that using a proxy, requests attribute are lost!
By Google, some user suggests to configure this rewrite rule on Apache
###
RewriteCond %{LA-U:REMOTE_USER} (.*)
RewriteRule .* - [E=MY_REMOTE_USER:%1]
RequestHeader add REMOTE_USER %{MY_REMOTE_USER}e
###
but in this case "REMOTE_USER" is a Request Header and not a request
attribute.
Is there anyone that know how to proxy REMOTE_USER as request attribute
with mod_proxy_ajp?
Thanks a lot.
Francesco.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_fcgid + daemon implemented in C
Posted by Jeff Trawick <tr...@gmail.com>.
On Wed, May 9, 2012 at 9:41 AM, Henrik Strand <he...@axis.com> wrote:
> Hi,
>
> I want to use mod_fcgid (http://httpd.apache.org/mod_fcgid/) with a
> daemon implemented in C. Is there a lib available like the one from the
> FastCGI project (http://www.fastcgi.com/) to use for a fcgi_accept()
> function? Or do I have to implement one myself?
Use any FastCGI protocol library for your application. It does not
need to be specific to the web server implementation
(httpd+mod_fastcgi, httpd+mod_fcgid, nginx, etc.).
>
> Thanks in advance.
>
> Kind Regards,
> Henrik
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_fcgid + daemon implemented in C
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 5/9/2012 8:41 AM, Henrik Strand wrote:
>
> I want to use mod_fcgid (http://httpd.apache.org/mod_fcgid/) with a
> daemon implemented in C. Is there a lib available like the one from the
> FastCGI project (http://www.fastcgi.com/) to use for a fcgi_accept()
> function? Or do I have to implement one myself?
If you want to manage the pool of fcgi workers yourself, please take a moment to
look at mod_proxy_fcgi as a possible solution for processing the requests in lieu
of mod_fcgid. The former only streams requests/responses, while the later also
handles all of the process pool management. [And if we were clever and had time
on our hands, we would jettison the request pipeline from mod_fcgid in favor of
delegating that work to mod_proxy_fcgi ;-]
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] mod_fcgid + daemon implemented in C
Posted by Henrik Strand <he...@axis.com>.
Hi,
I want to use mod_fcgid (http://httpd.apache.org/mod_fcgid/) with a
daemon implemented in C. Is there a lib available like the one from the
FastCGI project (http://www.fastcgi.com/) to use for a fcgi_accept()
function? Or do I have to implement one myself?
Thanks in advance.
Kind Regards,
Henrik
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: [SOLVED][users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Posted by Francesco Sordillo <f....@cineca.it>.
Il 08/05/2012 15:38, Eric Covener ha scritto:
>> What that I need is something like "JkEnvVar" of mod_jk
>> http://tomcat.apache.org/connectors-doc/reference/apache.html
>> that forward REMOTE_USER as request property.
>
> "Environment variables whose names have the prefix AJP_ are forwarded
> to the origin server as AJP request attributes (with the AJP_ prefix
> removed from the name of the key)."
>
> Try copying it with setenvif.
Thanks Eric. Also JBoss.com support suggested me the same solution.
I added this rewrite rule
#####
RewriteCond %{LA-U:REMOTE_USER} (.*)
RewriteRule .* - [E=AJP_REMOTE_USER:%1]
#####
and it works!!!
Thanks a lot.
Regards.
Francesco.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Posted by Eric Covener <co...@gmail.com>.
> What that I need is something like "JkEnvVar" of mod_jk
> http://tomcat.apache.org/connectors-doc/reference/apache.html
> that forward REMOTE_USER as request property.
"Environment variables whose names have the prefix AJP_ are forwarded
to the origin server as AJP request attributes (with the AJP_ prefix
removed from the name of the key)."
Try copying it with setenvif.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Posted by Francesco Sordillo <f....@cineca.it>.
Il 08/05/2012 14:24, Eric Covener ha scritto:
> On Tue, May 8, 2012 at 8:08 AM, Francesco Sordillo<f....@cineca.it> wrote:
>>
>>
>> Il 08/05/2012 12:45, Eric Covener ha scritto:
>>
>>> On Tue, May 8, 2012 at 6:14 AM, Francesco Sordillo<f....@cineca.it>
>>> wrote:
>>
>>
>>>> but, as I said before, REMOTE_USER is not in the attribute header! The
>>>> problem is that using a proxy, requests attribute are lost!
>>
>>
>>>
>>> Since you say it's lost -- In what environment is this attribute in
>>> JBOSS ever set?
>>
>>
>> It is not set in JBoss but via mod_shib in Apache. The same application runs
>> over OAS Application Server with Oracle HTTP Server, an Apache 1.3
>> customized by Oracle with mod_oc4j that replace mod_proxy, and it works
>> properly.
>
> AFAICT that attribute is not spec. Try
> HTTPServletRequest#getRemoteUser() and tomcatAuthentication=false if
> you want the webservers auth to be trusted.
It is already set, but this doesn't solve the problem of the request
attribute.
What that I need is something like "JkEnvVar" of mod_jk
http://tomcat.apache.org/connectors-doc/reference/apache.html
that forward REMOTE_USER as request property.
F.
--
------------------------------------------------------
Francesco Sordillo
CINECA - System and Technologies Department
e-mail: f.sordillo@cineca.it
phone: (0039) 051 6171 874
-------------------------------------------------
CINECA - Inter University Computing Center
via Magnanelli 6/3
Casalecchio di Reno - 40033 - (BO)
www.cineca.it
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Posted by Eric Covener <co...@gmail.com>.
On Tue, May 8, 2012 at 8:08 AM, Francesco Sordillo <f....@cineca.it> wrote:
>
>
> Il 08/05/2012 12:45, Eric Covener ha scritto:
>
>> On Tue, May 8, 2012 at 6:14 AM, Francesco Sordillo<f....@cineca.it>
>> wrote:
>
>
>>> but, as I said before, REMOTE_USER is not in the attribute header! The
>>> problem is that using a proxy, requests attribute are lost!
>
>
>>
>> Since you say it's lost -- In what environment is this attribute in
>> JBOSS ever set?
>
>
> It is not set in JBoss but via mod_shib in Apache. The same application runs
> over OAS Application Server with Oracle HTTP Server, an Apache 1.3
> customized by Oracle with mod_oc4j that replace mod_proxy, and it works
> properly.
AFAICT that attribute is not spec. Try
HTTPServletRequest#getRemoteUser() and tomcatAuthentication=false if
you want the webservers auth to be trusted.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Posted by Francesco Sordillo <f....@cineca.it>.
Il 08/05/2012 12:45, Eric Covener ha scritto:
> On Tue, May 8, 2012 at 6:14 AM, Francesco Sordillo<f....@cineca.it> wrote:
>> but, as I said before, REMOTE_USER is not in the attribute header! The
>> problem is that using a proxy, requests attribute are lost!
>
> Since you say it's lost -- In what environment is this attribute in
> JBOSS ever set?
It is not set in JBoss but via mod_shib in Apache. The same application
runs over OAS Application Server with Oracle HTTP Server, an Apache 1.3
customized by Oracle with mod_oc4j that replace mod_proxy, and it works
properly.
F.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] REMOTE_USER mod_proxy_ajp JBoss
Posted by Eric Covener <co...@gmail.com>.
On Tue, May 8, 2012 at 6:14 AM, Francesco Sordillo <f....@cineca.it> wrote:
> Hi to all.
>
> I'm running JBoss 5.1.2 with Apache 2.2 with mod_proxy_ajp and mod_shib 2.4
> on RHEL 6.2 environment, so Shibboleth as SSO authentication.
> Proxying Apache request to JBoss we are not able to retreive REMOTE_USER via
> request attribute. An example of application code is:
>
> String username = (String) request.getAttribute("REMOTE_USER");
>
> but, as I said before, REMOTE_USER is not in the attribute header! The
> problem is that using a proxy, requests attribute are lost!
> By Google, some user suggests to configure this rewrite rule on Apache
>
> ###
> RewriteCond %{LA-U:REMOTE_USER} (.*)
> RewriteRule .* - [E=MY_REMOTE_USER:%1]
> RequestHeader add REMOTE_USER %{MY_REMOTE_USER}e
> ###
>
> but in this case "REMOTE_USER" is a Request Header and not a request
> attribute.
Since you say it's lost -- In what environment is this attribute in
JBOSS ever set?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org