You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Neu <pe...@gmx.net> on 2007/04/19 16:07:47 UTC
HowTo forward user name from apache via mod_jk to tomcat
Hello,
I'm doing user authentication on the apache server and forward then to
tomcat. I know this is not the best way but I can't change it for now. :o(
Until recently that was all but now I need to pass the user name to the
tomcat server as well. Is there any way to do this?
For authentication I use mod_auth_pgsql.
Tomcat 5.5.9, apache 2.0.49, OS: SuSE ES9
Cheers,
Pete
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: HowTo forward user name from apache via mod_jk to tomcat
Posted by Rainer Jung <ra...@kippdata.de>.
Ah, OK, that completes the picture. I checked in tomcat code, that the
forwarded info is being used, but I saw, that only if some boolean flag
is not set. I didn't have the time to check where that flag comes from,
but your last post perfectly fits. So having that to false enables one
to read the user forwarded by mod_jk in the default servlet way without
using additional env vars.
David Smith wrote:
> I've fixed getting user info from apache by adding
> tomcatAuthentication="false" to the connector config in server.xml.
>
> --David
>
> Peter Neu wrote:
>> Hello,
>>
>> yeah, I thought of this too. But I only get a null value for
>> request.getRemoteUser(). Any idea what could be wrong? My mod_jk
>> version is mod_jk 1.2.19.
>>
>> Cheers,
>> Pete
>>
>>
>>
>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Christopher Schultz [mailto:chris@christopherschultz.net]
>>> Gesendet: Donnerstag, 19. April 2007 18:28
>>> An: Tomcat Users List
>>> Betreff: Re: HowTo forward user name from apache via mod_jk to tomcat
>>>
>> Rainer,
>>
>> Rainer Jung wrote:
>>>>> In this case, why not simply use (mini test jsp):
>>>>>
>>>>> User: <%=request.getRemoteUser()%>
>> Oh, hey, that's a lot better. No config or anything ;) I didn't realize
>> that REMOTE_USER was already being forwarded without further
>> configuration.
>>
>> Thanks for the clarification.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: HowTo forward user name from apache via mod_jk to tomcat
Posted by David Smith <dn...@cornell.edu>.
I've fixed getting user info from apache by adding
tomcatAuthentication="false" to the connector config in server.xml.
--David
Peter Neu wrote:
> Hello,
>
> yeah, I thought of this too. But I only get a null value for
> request.getRemoteUser(). Any idea what could be wrong? My mod_jk
> version is mod_jk 1.2.19.
>
> Cheers,
> Pete
>
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: Christopher Schultz [mailto:chris@christopherschultz.net]
>> Gesendet: Donnerstag, 19. April 2007 18:28
>> An: Tomcat Users List
>> Betreff: Re: HowTo forward user name from apache via mod_jk to tomcat
>>
> Rainer,
>
> Rainer Jung wrote:
> >>> In this case, why not simply use (mini test jsp):
> >>>
> >>> User: <%=request.getRemoteUser()%>
> Oh, hey, that's a lot better. No config or anything ;) I didn't realize
> that REMOTE_USER was already being forwarded without further
> configuration.
>
> Thanks for the clarification.
>
> -chris
>
>>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: HowTo forward user name from apache via mod_jk to tomcat
Posted by Peter Neu <pe...@gmx.net>.
Hello,
yeah, I thought of this too. But I only get a null value for
request.getRemoteUser(). Any idea what could be wrong? My mod_jk
version is mod_jk 1.2.19.
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: Christopher Schultz [mailto:chris@christopherschultz.net]
> Gesendet: Donnerstag, 19. April 2007 18:28
> An: Tomcat Users List
> Betreff: Re: HowTo forward user name from apache via mod_jk to tomcat
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rainer,
>
> Rainer Jung wrote:
> > In this case, why not simply use (mini test jsp):
> >
> > User: <%=request.getRemoteUser()%>
>
> Oh, hey, that's a lot better. No config or anything ;) I didn't realize
> that REMOTE_USER was already being forwarded without further
> configuration.
>
> Thanks for the clarification.
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGJ5if9CaO5/Lv0PARAuDBAJ9Ilu2xZ0YW4FVQU44GAqEE5ag2TwCgoNeJ
> eiNNp0sUwrpwkZyYdl9ZyPs=
> =jHP3
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: HowTo forward user name from apache via mod_jk to tomcat [solved]
Posted by Peter Neu <pe...@gmx.net>.
Ok got it. I did it with JkEnvVar. Works fine for me.
Cheers,
Pete
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HowTo forward user name from apache via mod_jk to tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rainer,
Rainer Jung wrote:
> In this case, why not simply use (mini test jsp):
>
> User: <%=request.getRemoteUser()%>
Oh, hey, that's a lot better. No config or anything ;) I didn't realize
that REMOTE_USER was already being forwarded without further configuration.
Thanks for the clarification.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGJ5if9CaO5/Lv0PARAuDBAJ9Ilu2xZ0YW4FVQU44GAqEE5ag2TwCgoNeJ
eiNNp0sUwrpwkZyYdl9ZyPs=
=jHP3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HowTo forward user name from apache via mod_jk to tomcat
Posted by Rainer Jung <ra...@kippdata.de>.
In this case, why not simply use (mini test jsp):
User: <%=request.getRemoteUser()%>
:)
Honestly: mod_jk forwards quote some information apache has to tomcat,
because mod_jk knows it's a reverse proxy situation. Besides the SSL
info mentioned on the apache page of mod_jk reference guide, there is
auth_type and remote_user. remote_user maps to request.getRemoteUser()
in the servlet API.
Of course you can extend this by forwarding arbitrary apache environment
variables via JkEnv to get them as request attributes on the tomcat
side, but for the remote_user this should be not necessary.
I hope this works for you (Peter).
Regards,
Rainer
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter,
>
> Peter Neu wrote:
>> I'm doing user authentication on the apache server and forward then to
>> tomcat. I know this is not the best way but I can't change it for now. :o(
>>
>> Until recently that was all but now I need to pass the user name to the
>> tomcat server as well. Is there any way to do this?
>
> You're looking for JkEnvVar. Check out the "Java/Tomcat/mod_jk
> Integration" section on this page (or just search for JkEnvVar):
>
> http://webauth.stanford.edu/manual/mod/mod_webauth.html
>
> This page is documentation for mod_webauth, but their config example
> should be appropriate for any type of auth module.
>
> To any mod_jk authors reading this, it might be helpful to flesh-out the
> description and examples for the use of JkEnvVar on
> http://tomcat.apache.org/connectors-doc/reference/apache.html. Maybe
> just another example (plus how to get that information from the request
> on the Java side) would be helpful.
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGJ4Lu9CaO5/Lv0PARApKtAJwOsFZnr5SZ6KWAaCYCR8PGw4JQRgCfQJ0k
> n3Z2oSPLeOu5RgrpubmMmIQ=
> =fde5
> -----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HowTo forward user name from apache via mod_jk to tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter,
Peter Neu wrote:
> I'm doing user authentication on the apache server and forward then to
> tomcat. I know this is not the best way but I can't change it for now. :o(
>
> Until recently that was all but now I need to pass the user name to the
> tomcat server as well. Is there any way to do this?
You're looking for JkEnvVar. Check out the "Java/Tomcat/mod_jk
Integration" section on this page (or just search for JkEnvVar):
http://webauth.stanford.edu/manual/mod/mod_webauth.html
This page is documentation for mod_webauth, but their config example
should be appropriate for any type of auth module.
To any mod_jk authors reading this, it might be helpful to flesh-out the
description and examples for the use of JkEnvVar on
http://tomcat.apache.org/connectors-doc/reference/apache.html. Maybe
just another example (plus how to get that information from the request
on the Java side) would be helpful.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGJ4Lu9CaO5/Lv0PARApKtAJwOsFZnr5SZ6KWAaCYCR8PGw4JQRgCfQJ0k
n3Z2oSPLeOu5RgrpubmMmIQ=
=fde5
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org