-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 André,
On 3/31/15 3:41 PM, André Warnier wrote: > I have a question of my own. ??! > Tomcat 6.x/7.x/8.x. > > Until now, we have been using mostly the Apache httpd mod_jk > connector to Tomcat. And we have been using the Tomcat AJP > Connector's 'tomcatAuthentication="false"' setting, to "propagate" > the authenticated user from httpd to Tomcat. > > Now we have a case where we must use the Apache httpd > mod_proxy_ajp connector instead of mod_jk, and I want to make sure > that the working of the AJP Connector's attribute > "tomcatAuthentication" remains the same in that context. Does it ? Not automatically IIRC. > And do we have to specify anything special in the httpd > configuration for mod_proxy_ajp to make it so, or is the > authenticated user always passed to Tomcat by default, as seems to > be implied here : > > http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html Attributes > ?remote_user 0x03 String mod_jk sends the user's authentication information over in the REMOTE_USER field, so you'd just make sure that the REMOTE_USER field is being sent using mod_proxy_ajp. I'm not exactly sure what the incantation is for telling mod_proxy_ajp to send that field. You could try to see if you get a REMOTE_USER without any additional configuration on the httpd side. Note that REMOTE_USER will not show up if you call request.getAttributeNames -- you have to explicitly call request.getAttribute("REMOTE_USER") if you want to get it back. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVGwfqAAoJEBzwKT+lPKRYTwcP/RDwPWMERF0YjORyx82RRtS1 R9+e2k14U53nbn2qKZN8Nj0xqj5jvy/atGG2sfAvOFg12flfnai1adx8WdYteGG7 rraqa8NEVZ1tgfz8h0dhWbqiVSl79jhH8USCQGLHDL0bcDJgHnTvRhtlILxjGkNg dyM2mUKxHZ9EMW0gdEjmgm1jYULiswMAFtbTQTdj79ZjDVkF0ozuzWeXlPeHPIwG Ttrj+P5RqKj/rALSMrtybSF1ixXq2Y27zRtMPHVNXf0YHu+2/MJAVOLCKdQF88UX NZ3Di3PTDEkdAyPEibff/x3f0vL7Ti6U5qXRFGsYqufREwaa4n9t/VgBlcBR10K3 CQ+AX8N61CLNUExREwdxt0JjvlrQqY2U58GSJ8aq7z3i1pJtITVwJw9ceI3DRJfD j9zhpA1sZQu7U2rAn2kNXzVXoZcV7Koi3WUj9muJ9kArbXhUhGooFuS03eO9nC0n enfayky2L/wYCf9i4eIgqD/63+vFTpgfHMXBH+J6v5h03RbPnogUyAqWIsEOkEul Q/AI9W2f/a48WH2Mn413mkrPQ5Xp+jSaXS7VITtaDyNamOecnlCeyXbWy5JWGDZ+ PIw/eNhlD57Nd2GoPSkPPxhy3xSAH1alfB4xrOzD9N4b7begbXbLe1k5s2JoNrOV DkzxK9ETwCe034VchADg =BfpL -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org