RE: getRemoteUser() always returns null
Hi, Try setting tomcatAuthentication=false on the connector, or jk2.properties file Cheers, Allistair. -Original Message- From: Scott Heitkamp [mailto:[EMAIL PROTECTED] Sent: 21 June 2005 21:40 To: tomcat-user@jakarta.apache.org Subject: getRemoteUser() always returns null I'm currently using tomcat with the apache connector. I use apache to authenicate the user and then allow them to access certain servlets in tomcat. My problem is that when I call getRemoteUser in the servlet, it always returns null even though I was authenticated through apache. I'm assuming that it's because the request isn't sending the Authorization Header to tomcat. How do I get it? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser() always returns null
I'm currently using tomcat with the apache connector. I use apache to authenicate the user and then allow them to access certain servlets in tomcat. My problem is that when I call getRemoteUser in the servlet, it always returns null even though I was authenticated through apache. I'm assuming that it's because the request isn't sending the Authorization Header to tomcat. How do I get it? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
getRemoteUser() returns null !!!
Hi, I installed a Tomcat 5.0 behind a IIS 6.0 web server (which uses NTLM authentication). The application works fine but I can't get the user login with the getRemoteUser() method, I get null !!! Does someone know why? Do I have to configure something in Tomcat ? Thanks in advance. Fred. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
Re: getRemoteUser() returns null !!!
VAN DER MARLIERE FREDERIC wrote: The application works fine but I can't get the user login with the getRemoteUser() method, I get null !!! Does someone know why? Do I have to configure something in Tomcat ? Yes. Set tomcatAuthentication=false for AJP connector. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Usint getRemoteUser() method
Hi All, I am using Tomacat server. I want to authenticate a client making the request to this server. I have deployed my server on an Intranet and want to use Window's Domain Authentication. When i use request.getRemoteUser() method to get the user name it returns null. when i looked into its help, it says that this method returns null if the user is not authenticated. How can i authenticate this user? -- Thanks in Advance, Amrish - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Usint getRemoteUser() method
On Wed, 9 Mar 2005 22:04:17 +0530, Amrish Bharatiya [EMAIL PROTECTED] wrote: Hi All, I am using Tomacat server. I want to authenticate a client making the request to this server. I have deployed my server on an Intranet and want to use Window's Domain Authentication. When i use request.getRemoteUser() method to get the user name it returns null. when i looked into its help, it says that this method returns null if the user is not authenticated. How can i authenticate this user? http://jcifs.samba.org Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Usint getRemoteUser() method
Or easier is to use IIS and then turn tomcatAuthentication off. Read my blog at www.adcworks.com/blogs to see how to do this. IIS can pass your NTLM value to Tomcat happily without jCIFs. -Original Message- From: Jason Bainbridge [mailto:[EMAIL PROTECTED] Sent: 09 March 2005 16:39 To: Tomcat Users List; Amrish Bharatiya Subject: Re: Usint getRemoteUser() method On Wed, 9 Mar 2005 22:04:17 +0530, Amrish Bharatiya [EMAIL PROTECTED] wrote: Hi All, I am using Tomacat server. I want to authenticate a client making the request to this server. I have deployed my server on an Intranet and want to use Window's Domain Authentication. When i use request.getRemoteUser() method to get the user name it returns null. when i looked into its help, it says that this method returns null if the user is not authenticated. How can i authenticate this user? http://jcifs.samba.org Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Usint getRemoteUser() method
On Wed, 9 Mar 2005 16:46:08 -, Allistair Crossley [EMAIL PROTECTED] wrote: Or easier is to use IIS and then turn tomcatAuthentication off. Read my blog at www.adcworks.com/blogs to see how to do this. IIS can pass your NTLM value to Tomcat happily without jCIFs. I disagree, setting up IIS is un-ncessary evil and setting up jcifs is a LOT easier than all those hoops you need to jump through for IIS, just drop in the .jar file, add a few parameters to your web.xml and you're up and running. to go the IIS route you end up with another webserver to maintain and I'm guessing most people dealing with Tomcat aren't going to have IIS experience to begin with and then you have to get the connector working between IIS Jrun. A lot more work than just dropping in a .jar file and adding a few parameters to your web.xml. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Usint getRemoteUser() method
I disagree if you are not using Apache as a webserver, IIS - Tomcat via JK is very easy these days. Not only that, you can take advantage of IIS's point and click configuration and also get it serving out static resources nice and easily from Tomcat, all easily configurable. Plus it leverages existing Microsoft infrastructure and knowledge that exists in Windows-based organisations. If you're using Apache as a webserver, fair enough I agree with you, jCIFs is fine. Cheers, Allistair. -Original Message- From: Jason Bainbridge [mailto:[EMAIL PROTECTED] Sent: 09 March 2005 17:02 To: Allistair Crossley Cc: Tomcat Users List; Amrish Bharatiya Subject: Re: Usint getRemoteUser() method On Wed, 9 Mar 2005 16:46:08 -, Allistair Crossley [EMAIL PROTECTED] wrote: Or easier is to use IIS and then turn tomcatAuthentication off. Read my blog at www.adcworks.com/blogs to see how to do this. IIS can pass your NTLM value to Tomcat happily without jCIFs. I disagree, setting up IIS is un-ncessary evil and setting up jcifs is a LOT easier than all those hoops you need to jump through for IIS, just drop in the .jar file, add a few parameters to your web.xml and you're up and running. to go the IIS route you end up with another webserver to maintain and I'm guessing most people dealing with Tomcat aren't going to have IIS experience to begin with and then you have to get the connector working between IIS Jrun. A lot more work than just dropping in a .jar file and adding a few parameters to your web.xml. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.0.25 getRemoteUser()
I've been looking thru the archived messages and can't find a match to my problem I'm using Tomcat 5.0.25 to serve up a JSP site. I do not use Apache httpd as my front end. All authentication for Tomcat is thru tomcat and is set to BASIC. On my site is a frame page that I want to display varying pieces of information. Part of the information is a button to allow the sites users to log into the site. Once logged in, the frame page should display other information (like: Welcome User...) The problem I'm having is that the page that displays in the frame is not protected. Each time I call request.getRemoteUser() it returns null or -1. Doing a little experimenting, I found out that if I call request.getRemoteUser() from a protected page, it returns -1 before I log in and returns information after I log in. I was under the (mistaken) impression that request.getRemoteUser() should return the identity of the user once they have logged into the site or null / -1 before that time. I appear to be mistaken, OR Tomcat 5.0.25 is behaving in a manner I don't expect. Any thoughts or ideas? I would prefer to *not* implement my own forms based login - if possible (management mandate) Thanks! Bob - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk2 2.0.4 and getRemoteUser() problem
I am trying to get apache 2.0.49, tomcat 4.1.30 (or 5.0.19), mod_jk2 2.0.4 and getRemoteUser() to work. After going through the mail archives and bugzilla, I have tried the following: adding request.tomcatAuthentication=false to jk2.properties adding tomcatAuthentication=false to my connector in server.xml neither of these gave me a non-null remoteUser from HttpServletRequest. This is pretty easy to test because the Remote User from the snoop.jsp examples returns null. I do not have this problem with apache 1.3.x and mod_jk, but I would really like to use apache 2 and mod_jk2... Is there something I have missed in my configuration or is this a bug? Entries in bugzilla seem to think this was solved (entries from 2002 and 2003). Should I open a new bug? Thanks for any help, I've spent several days on this and am getting frustrated. Lloyd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk2 2.0.4 and getRemoteUser() problem
I found a workaround to this problem thanks to a user on another forum. I was doing auth in the Directory / directive, which is reasonable since I want my entire site password protected. Doing auth this way, getRemoteUser() returns a null. If I add auth to a Location /webapp directive (which should be redundant), getRemoteUser() returns the apache authenticated user id. Maybe I am misundertanding the apache httpd directives, but it seems Directory / only should work ok... It seems redundant and wrong to have to have auth information in Location /webapp as well as Directory / to get the apache authenticated user id, but it works. Apache 1.3.x and mod_jk did not have this problem, i.e. auth in Directory / alone gave me the correct return from getRemoteUser(). Lloyd On Wed, 2004-04-21 at 09:36, Lloyd H. Meinholz wrote: I am trying to get apache 2.0.49, tomcat 4.1.30 (or 5.0.19), mod_jk2 2.0.4 and getRemoteUser() to work. After going through the mail archives and bugzilla, I have tried the following: adding request.tomcatAuthentication=false to jk2.properties adding tomcatAuthentication=false to my connector in server.xml neither of these gave me a non-null remoteUser from HttpServletRequest. This is pretty easy to test because the Remote User from the snoop.jsp examples returns null. I do not have this problem with apache 1.3.x and mod_jk, but I would really like to use apache 2 and mod_jk2... Is there something I have missed in my configuration or is this a bug? Entries in bugzilla seem to think this was solved (entries from 2002 and 2003). Should I open a new bug? Thanks for any help, I've spent several days on this and am getting frustrated. Lloyd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser null
Still stumped. Just a little more info on this issue. Still suspect a configuration error, but haven't found it yet: Apache log == Access secure page as DirectoryIndex default ipAddr - - [08/Jan/2004:12:17:01 -0700] GET /Secure/ HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:12 -0700] GET /Secure/ HTTP/1.1 200 3950 ipAddr - - [08/Jan/2004:12:17:14 -0700] GET /Secure/css/Corp.css HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:14 -0700] GET /Secure/css/Corp.css HTTP/1.1 200 244 ipAddr - - [08/Jan/2004:12:17:14 -0700] GET /Img/GWLogos.gif HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:14 -0700] GET /Img/GWLogos.gif HTTP/1.1 200 5391 Access secure page with JSP name in URL, note that only the files from the folders below it return 401, which I suspect is why I am still prompted to authenticate ipAddr - - [08/Jan/2004:12:17:27 -0700] GET /Secure/SecurePage.jsp HTTP/1.1 200 3672 ipAddr - - [08/Jan/2004:12:17:27 -0700] GET /Secure/css/Corp.css HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:27 -0700] GET /Secure/css/Corp.css HTTP/1.1 304 - ipAddr - - [08/Jan/2004:12:17:27 -0700] GET /esgwImg/GWLogos.gif HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:27 -0700] GET /Img/GWLogos.gif HTTP/1.1 304 - From apache conf VirtualHost ipAddr:port ServerName DNSname ## shouldn't need DocumentRoot since using alias, but just in case DocumentRoot SYS:/intranet/webapps/secure ErrorLog SYS:/intranet/logs/errors.txt CustomLog SYS:/intranet/logs/access.txt common ## From this point on access requires encrypted authentication Alias /Secure SYS:/intranet/webapps/secure Directory SYS:/intranet/webapps/secure Options FollowSymLinks MultiViews DirectoryIndex SecurePage.jsp ## added to make make getRemoteUser() work Order deny,allow Allow from all AuthType Basic AuthName ES-GW N.R.M. Corporate Intranet AuthLDAPURL ldap://ServerName:389/O=DEV?uid AuthLDAPRemoteUserIsDN On require valid-user /Directory /VirtualHost [EMAIL PROTECTED] 01/05/04 04:22PM You have to tell Tomcat whether to get BASIC Auth remote user information from the connector (Apache) or from Tomcat itself. See the following for details... http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 Jake Quoting Howard Watson [EMAIL PROTECTED]: Additional Info: Enumerate HeaderNames === host : myServer:port user-agent : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 accept : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 accept-language : en-us,en;q=0.5 accept-encoding : gzip,deflate accept-charset : ISO-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive : 300 connection : keep-alive cookie : JSESSIONID=8E46392BD10C29E8DCF62E608D81DF5F authorization : Basic aG93YXJkdzphdXRoZW50aWNhdGVtZQ== cache-control : max-age=0 content-length : 0 = End Request Headers request.getAuthType() returns null request.getRemoteUser() returns null End Additional Info [EMAIL PROTECTED] 12/31/03 12:03PM Original message reformatted to match message posted at ApacheUser. Porting web application from Apache1.3/Tomcat3.3. Before stumbling on this partial fix all my JSPs and servlets returned getRemoteUser null. This fix works for JSPs but doesn't help much for servlets. Apache2.0.48 Tomcat4.1.29 mod_jk1.2.5 jvm1.4.1_02a Does anyone have any idea why a JSP referenced by name in a url would return getRemoteUser = null and the same JSP referenced through DirectoryIndex in Apache2 would return getRemoteUser = expected user name. Example: http://serverAddr/DisplayUser.jsp returns null In Apache conf DirectoryIndex DisplayUser.jsp http://serverAddr/ returns DisplayUser.jsp with user name - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser null
Added to the wrong message. It lacked a reply to Jake below. I've pasted in where it belongs. Howard [EMAIL PROTECTED] 01/08/04 01:52PM Still stumped. Just a little more info on this issue. Still suspect a configuration error, but haven't found it yet: Apache log == Access secure page as DirectoryIndex default ipAddr - - [08/Jan/2004:12:17:01 -0700] GET /Secure/ HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:12 -0700] GET /Secure/ HTTP/1.1 200 3950 ipAddr - - [08/Jan/2004:12:17:14 -0700] GET /Secure/css/Corp.css HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:14 -0700] GET /Secure/css/Corp.css HTTP/1.1 200 244 ipAddr - - [08/Jan/2004:12:17:14 -0700] GET /Img/GWLogos.gif HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:14 -0700] GET /Img/GWLogos.gif HTTP/1.1 200 5391 Access secure page with JSP name in URL, note that only the files from the folders below it return 401, which I suspect is why I am still prompted to authenticate ipAddr - - [08/Jan/2004:12:17:27 -0700] GET /Secure/SecurePage.jsp HTTP/1.1 200 3672 ipAddr - - [08/Jan/2004:12:17:27 -0700] GET /Secure/css/Corp.css HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:27 -0700] GET /Secure/css/Corp.css HTTP/1.1 304 - ipAddr - - [08/Jan/2004:12:17:27 -0700] GET /esgwImg/GWLogos.gif HTTP/1.1 401 502 ipAddr - cn=HowardW,ou=orgUnit,ou=orgUnit,o=org [08/Jan/2004:12:17:27 -0700] GET /Img/GWLogos.gif HTTP/1.1 304 - From apache conf VirtualHost ipAddr:port ServerName DNSname ## shouldn't need DocumentRoot since using alias, but just in case DocumentRoot SYS:/intranet/webapps/secure ErrorLog SYS:/intranet/logs/errors.txt CustomLog SYS:/intranet/logs/access.txt common ## From this point on access requires encrypted authentication Alias /Secure SYS:/intranet/webapps/secure Directory SYS:/intranet/webapps/secure Options FollowSymLinks MultiViews DirectoryIndex SecurePage.jsp ## added to make make getRemoteUser() work Order deny,allow Allow from all AuthType Basic AuthName ES-GW N.R.M. Corporate Intranet AuthLDAPURL ldap://ServerName:389/O=DEV?uid AuthLDAPRemoteUserIsDN On require valid-user /Directory /VirtualHost === Missing reply to Jake === Thanks. I've seen that. From server.xml == !-- configure intranet service -- Service name=Tomcat-esgwNet !-- Define a Coyote/JK2 AJP 1.3 Connector on port 56999 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=56999 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=56443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler tomcatAuthentication=false / Engine name=esgwNet defaultHost=myServer debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=intranet_log. suffix=.txt timestamp=true/ Host name=myServer debug=0 appBase=filePath/secure unpackWARs=true autoDeploy=true Context path=/Secure docBase=filePath/secure debug=0 reloadable=false /Context Context path=Clients docBase=filePath/clients debug=0 reloadable=false /Context /Host /Engine /Service [EMAIL PROTECTED] 01/05/04 04:22PM You have to tell Tomcat whether to get BASIC Auth remote user information from the connector (Apache) or from Tomcat itself. See the following for details... http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 Jake Quoting Howard Watson [EMAIL PROTECTED]: Additional Info: Enumerate HeaderNames === host : myServer:port user-agent : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 accept : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 accept-language : en-us,en;q=0.5 accept-encoding : gzip,deflate accept-charset : ISO-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive : 300 connection : keep-alive cookie : JSESSIONID=8E46392BD10C29E8DCF62E608D81DF5F authorization : Basic aG93YXJkdzphdXRoZW50aWNhdGVtZQ== cache-control : max-age=0 content-length : 0 = End Request Headers request.getAuthType() returns null request.getRemoteUser() returns null End Additional Info [EMAIL PROTECTED] 12/31/03 12:03PM Original message reformatted to match message posted at ApacheUser. Porting web application from Apache1.3/Tomcat3.3. Before stumbling on this partial fix all my JSPs and servlets returned getRemoteUser
Re: getRemoteUser null
Additional Info: Enumerate HeaderNames === host : myServer:port user-agent : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 accept : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 accept-language : en-us,en;q=0.5 accept-encoding : gzip,deflate accept-charset : ISO-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive : 300 connection : keep-alive cookie : JSESSIONID=8E46392BD10C29E8DCF62E608D81DF5F authorization : Basic aG93YXJkdzphdXRoZW50aWNhdGVtZQ== cache-control : max-age=0 content-length : 0 = End Request Headers request.getAuthType() returns null request.getRemoteUser() returns null End Additional Info [EMAIL PROTECTED] 12/31/03 12:03PM Original message reformatted to match message posted at ApacheUser. Porting web application from Apache1.3/Tomcat3.3. Before stumbling on this partial fix all my JSPs and servlets returned getRemoteUser null. This fix works for JSPs but doesn't help much for servlets. Apache2.0.48 Tomcat4.1.29 mod_jk1.2.5 jvm1.4.1_02a Does anyone have any idea why a JSP referenced by name in a url would return getRemoteUser = null and the same JSP referenced through DirectoryIndex in Apache2 would return getRemoteUser = expected user name. Example: http://serverAddr/DisplayUser.jsp returns null In Apache conf DirectoryIndex DisplayUser.jsp http://serverAddr/ returns DisplayUser.jsp with user name - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser null
You have to tell Tomcat whether to get BASIC Auth remote user information from the connector (Apache) or from Tomcat itself. See the following for details... http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 Jake Quoting Howard Watson [EMAIL PROTECTED]: Additional Info: Enumerate HeaderNames === host : myServer:port user-agent : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 accept : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 accept-language : en-us,en;q=0.5 accept-encoding : gzip,deflate accept-charset : ISO-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive : 300 connection : keep-alive cookie : JSESSIONID=8E46392BD10C29E8DCF62E608D81DF5F authorization : Basic aG93YXJkdzphdXRoZW50aWNhdGVtZQ== cache-control : max-age=0 content-length : 0 = End Request Headers request.getAuthType() returns null request.getRemoteUser() returns null End Additional Info [EMAIL PROTECTED] 12/31/03 12:03PM Original message reformatted to match message posted at ApacheUser. Porting web application from Apache1.3/Tomcat3.3. Before stumbling on this partial fix all my JSPs and servlets returned getRemoteUser null. This fix works for JSPs but doesn't help much for servlets. Apache2.0.48 Tomcat4.1.29 mod_jk1.2.5 jvm1.4.1_02a Does anyone have any idea why a JSP referenced by name in a url would return getRemoteUser = null and the same JSP referenced through DirectoryIndex in Apache2 would return getRemoteUser = expected user name. Example: http://serverAddr/DisplayUser.jsp returns null In Apache conf DirectoryIndex DisplayUser.jsp http://serverAddr/ returns DisplayUser.jsp with user name - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser null
Thanks. I've seen that. From server.xml == !-- configure intranet service -- Service name=Tomcat-esgwNet !-- Define a Coyote/JK2 AJP 1.3 Connector on port 56999 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=56999 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=56443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler tomcatAuthentication=false / Engine name=esgwNet defaultHost=myServer debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=intranet_log. suffix=.txt timestamp=true/ Host name=myServer debug=0 appBase=filePath/secure unpackWARs=true autoDeploy=true Context path=/Secure docBase=filePath/secure debug=0 reloadable=false /Context Context path=Clients docBase=filePath/clients debug=0 reloadable=false /Context /Host /Engine /Service [EMAIL PROTECTED] 01/05/04 04:22PM You have to tell Tomcat whether to get BASIC Auth remote user information from the connector (Apache) or from Tomcat itself. See the following for details... http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 Jake Quoting Howard Watson [EMAIL PROTECTED]: Additional Info: Enumerate HeaderNames === host : myServer:port user-agent : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 accept : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 accept-language : en-us,en;q=0.5 accept-encoding : gzip,deflate accept-charset : ISO-8859-1,utf-8;q=0.7,*;q=0.7 keep-alive : 300 connection : keep-alive cookie : JSESSIONID=8E46392BD10C29E8DCF62E608D81DF5F authorization : Basic aG93YXJkdzphdXRoZW50aWNhdGVtZQ== cache-control : max-age=0 content-length : 0 = End Request Headers request.getAuthType() returns null request.getRemoteUser() returns null End Additional Info [EMAIL PROTECTED] 12/31/03 12:03PM Original message reformatted to match message posted at ApacheUser. Porting web application from Apache1.3/Tomcat3.3. Before stumbling on this partial fix all my JSPs and servlets returned getRemoteUser null. This fix works for JSPs but doesn't help much for servlets. Apache2.0.48 Tomcat4.1.29 mod_jk1.2.5 jvm1.4.1_02a Does anyone have any idea why a JSP referenced by name in a url would return getRemoteUser = null and the same JSP referenced through DirectoryIndex in Apache2 would return getRemoteUser = expected user name. Example: http://serverAddr/DisplayUser.jsp returns null In Apache conf DirectoryIndex DisplayUser.jsp http://serverAddr/ returns DisplayUser.jsp with user name - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser null
Following are copies of two posts by me from the Novell Apache forum at http://developer-forums.novell.com/group/novell.devsup.webserver.apache2/readerNoFrame.tpt/@[EMAIL PROTECTED]@[EMAIL PROTECTED]@D-,[EMAIL PROTECTED]/@[EMAIL PROTECTED] By referencing a JSP as the default page to load by referencing it in DirectoryIndex in Apache2 and not including the filename in the request URL I can successfully retrieve getRemoteUser. However, if I include the JSP name in the request getRemoteUser returns null. Although, this works for JSP it doesn't help with servlets. Post1 http://webAddr:port/aliasName/SecurePage.jsp -- getRemoteUser returns null Made this change, I had DirectoryIndex rem'ed out. DirectoryIndex SecurePage.jsp http://webAddr:port/aliasName/ -- user name as advertised Even after authenticating if I link back and forth between the link including the filename and the one using the default the the one using the filename will return null. Post2 Couldn't think of a way to apply DirectoryIndex to servlet/userLogin. So I applied it to MainMenu.jsp, redirected from servlet/userLogin. MainMenu.jsp then saves it in the session. If anyone sees anything here that hints that I have maybe misconfigured something I'd like to know about it. Howard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser() and Basic Auth
Hello, Can anyone tell me why my getRemoteUser() call is coming back null when I turn Basic Authentication on in IIS? I know that IIS\the isapi redirector2 is sending the information, but it seems as though the RemoteUser() property of the Request is not being set. Is there something I need to do in order to turn that on? Here is the information that is being forwarded by the IIS\isapi redirector2 ( I ran netmon just to show that the filter was sending the info) to tomcat. It is followed by the information retrieved by the RequestDumperValve: 01B0 22 00 A0 03 00 0D 67 7A 69 70 2C 20 64 65 66 6C .gzip,.defl 01C0 61 74 65 00 A0 08 00 01 30 00 03 00 15 62 65 6E ate.0ben 01D0 74 6C 65 79 5C 72 6F 62 65 72 74 2E 70 72 69 65 tley\robert.prie 01E0 73 74 00 04 00 05 42 61 73 69 63 00 06 00 11 77 stBasicw 01F0 64 65 76 2D 70 72 69 65 73 74 31 3A 38 30 31 39 dev-priest1:8019 0200 00 FF .. from the RequestDumperValve: RequestDumperValve[Standalone]: header=accept=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* RequestDumperValve[Standalone]: header=accept-language=en-us RequestDumperValve[Standalone]: header=connection=Keep-Alive RequestDumperValve[Standalone]: header=host=localhost RequestDumperValve[Standalone]: header=user-agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) RequestDumperValve[Standalone]: header=authorization=Basic ... RequestDumperValve[Standalone]: header=if-modified-since=Thu, 27 Mar 2003 12:21:50 GMT RequestDumperValve[Standalone]: header=if-none-match=W/1020-104876771 RequestDumperValve[Standalone]: header=accept-encoding=gzip, deflate RequestDumperValve[Standalone]: header=content-length=0 RequestDumperValve[Standalone]: locale=en_US RequestDumperValve[Standalone]: method=GET RequestDumperValve[Standalone]: pathInfo=null RequestDumperValve[Standalone]: protocol=HTTP/1.1 RequestDumperValve[Standalone]:queryString=null RequestDumperValve[Standalone]: remoteAddr=127.0.0.1 RequestDumperValve[Standalone]: remoteHost=127.0.0.1 RequestDumperValve[Standalone]: remoteUser=null RequestDumperValve[Standalone]: requestedSessionId=null RequestDumperValve[Standalone]: scheme=http RequestDumperValve[Standalone]: serverName=localhost RequestDumperValve[Standalone]: serverPort=80 RequestDumperValve[Standalone]:servletPath=null RequestDumperValve[Standalone]: isSecure=false - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: getRemoteUser() and Basic Auth
Nevermind. I found the answer. Don't worry, I am slapping myself on the hand for not checking the archive first :) http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2 -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2003 4:46 PM To: '[EMAIL PROTECTED]' Subject: getRemoteUser() and Basic Auth Hello, Can anyone tell me why my getRemoteUser() call is coming back null when I turn Basic Authentication on in IIS? I know that IIS\the isapi redirector2 is sending the information, but it seems as though the RemoteUser() property of the Request is not being set. Is there something I need to do in order to turn that on? Here is the information that is being forwarded by the IIS\isapi redirector2 ( I ran netmon just to show that the filter was sending the info) to tomcat. It is followed by the information retrieved by the RequestDumperValve: 01B0 22 00 A0 03 00 0D 67 7A 69 70 2C 20 64 65 66 6C .gzip,.defl 01C0 61 74 65 00 A0 08 00 01 30 00 03 00 15 62 65 6E ate.0ben 01D0 74 6C 65 79 5C 72 6F 62 65 72 74 2E 70 72 69 65 tley\robert.prie 01E0 73 74 00 04 00 05 42 61 73 69 63 00 06 00 11 77 stBasicw 01F0 64 65 76 2D 70 72 69 65 73 74 31 3A 38 30 31 39 dev-priest1:8019 0200 00 FF .. from the RequestDumperValve: RequestDumperValve[Standalone]: header=accept=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */* RequestDumperValve[Standalone]: header=accept-language=en-us RequestDumperValve[Standalone]: header=connection=Keep-Alive RequestDumperValve[Standalone]: header=host=localhost RequestDumperValve[Standalone]: header=user-agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) RequestDumperValve[Standalone]: header=authorization=Basic ... RequestDumperValve[Standalone]: header=if-modified-since=Thu, 27 Mar 2003 12:21:50 GMT RequestDumperValve[Standalone]: header=if-none-match=W/1020-104876771 RequestDumperValve[Standalone]: header=accept-encoding=gzip, deflate RequestDumperValve[Standalone]: header=content-length=0 RequestDumperValve[Standalone]: locale=en_US RequestDumperValve[Standalone]: method=GET RequestDumperValve[Standalone]: pathInfo=null RequestDumperValve[Standalone]: protocol=HTTP/1.1 RequestDumperValve[Standalone]:queryString=null RequestDumperValve[Standalone]: remoteAddr=127.0.0.1 RequestDumperValve[Standalone]: remoteHost=127.0.0.1 RequestDumperValve[Standalone]: remoteUser=null RequestDumperValve[Standalone]: requestedSessionId=null RequestDumperValve[Standalone]: scheme=http RequestDumperValve[Standalone]: serverName=localhost RequestDumperValve[Standalone]: serverPort=80 RequestDumperValve[Standalone]:servletPath=null RequestDumperValve[Standalone]: isSecure=false - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: getRemoteUser()
Right, having fixed the problem with getRemoteUser, I'm now having the same problem with several other methods. The methods in question are: getPathInfo() getPathTranslated() getQueryString() request.getServletPath() Are there some more jk2.properties directives I need to set? I'm looking at the following page of the documentation, but it seems to be incomplete and I can;t find any details anywhere else about what all the request and mod_jk properties actually do. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configtccom.html Dave -Original Message- From: Jacob Kjome [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 4:04 PM To: Tomcat Users List Subject: Re: getRemoteUser() Add the following to jk2.properties request.tomcatAuthentication=false That tells Tomcat to take its authentication information from the jk or jk2 connector which gets it from Apache. Jake At 03:22 PM 8/12/2003 +0100, you wrote: I'm having some difficulty making the getRemoteUser() method work. It's possible I have missed the point of this method, but I'll explain what I'm trying to do anyway. I'm using mod_jk to map the url /lemons to a servlet which is running on Tomcat 1.4.27. I've got mod_jk set up okay and the mapping works fine: JkMount /lemons ajp13 I have then set up a Limit directive in my apache configuration for the url, thus: Location /lemons Limit GET PUT POST require user dave /Limit /Location This works as expected. If I go to this url I am prompted for a username and password. If I enter dave and the correct password then the request is passed through to my servlet. If I enter an incorrect username and password I get our server's authentication/authorization failed page and it doesn't get anywhere near the servlet. Within my servlet I then want to use getRemoteUser() method of the HttpServletRequest object to obtain the username which was supplied. Whenever I try this though, it always returns null. The request does contain an authorization header, but I can't seem to get a username out of it. Any ideas please? (If I need to RTFM, please point me in the right direction.) Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser()
I'm having some difficulty making the getRemoteUser() method work. It's possible I have missed the point of this method, but I'll explain what I'm trying to do anyway. I'm using mod_jk to map the url /lemons to a servlet which is running on Tomcat 1.4.27. I've got mod_jk set up okay and the mapping works fine: JkMount /lemons ajp13 I have then set up a Limit directive in my apache configuration for the url, thus: Location /lemons Limit GET PUT POST require user dave /Limit /Location This works as expected. If I go to this url I am prompted for a username and password. If I enter dave and the correct password then the request is passed through to my servlet. If I enter an incorrect username and password I get our server's authentication/authorization failed page and it doesn't get anywhere near the servlet. Within my servlet I then want to use getRemoteUser() method of the HttpServletRequest object to obtain the username which was supplied. Whenever I try this though, it always returns null. The request does contain an authorization header, but I can't seem to get a username out of it. Any ideas please? (If I need to RTFM, please point me in the right direction.) Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser()
Have you set up your Tomcat container managed security? http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * * http://www.ait-web.com * *** Johnson, David wrote: I'm having some difficulty making the getRemoteUser() method work. It's possible I have missed the point of this method, but I'll explain what I'm trying to do anyway. I'm using mod_jk to map the url /lemons to a servlet which is running on Tomcat 1.4.27. I've got mod_jk set up okay and the mapping works fine: JkMount /lemons ajp13 I have then set up a Limit directive in my apache configuration for the url, thus: Location /lemons Limit GET PUT POST require user dave /Limit /Location This works as expected. If I go to this url I am prompted for a username and password. If I enter dave and the correct password then the request is passed through to my servlet. If I enter an incorrect username and password I get our server's authentication/authorization failed page and it doesn't get anywhere near the servlet. Within my servlet I then want to use getRemoteUser() method of the HttpServletRequest object to obtain the username which was supplied. Whenever I try this though, it always returns null. The request does contain an authorization header, but I can't seem to get a username out of it. Any ideas please? (If I need to RTFM, please point me in the right direction.) Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: getRemoteUser()
Cool, that worked just fine. Many Thanks, Dave -Original Message- From: Jacob Kjome [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 4:04 PM To: Tomcat Users List Subject: Re: getRemoteUser() Add the following to jk2.properties request.tomcatAuthentication=false That tells Tomcat to take its authentication information from the jk or jk2 connector which gets it from Apache. Jake At 03:22 PM 8/12/2003 +0100, you wrote: I'm having some difficulty making the getRemoteUser() method work. It's possible I have missed the point of this method, but I'll explain what I'm trying to do anyway. I'm using mod_jk to map the url /lemons to a servlet which is running on Tomcat 1.4.27. I've got mod_jk set up okay and the mapping works fine: JkMount /lemons ajp13 I have then set up a Limit directive in my apache configuration for the url, thus: Location /lemons Limit GET PUT POST require user dave /Limit /Location This works as expected. If I go to this url I am prompted for a username and password. If I enter dave and the correct password then the request is passed through to my servlet. If I enter an incorrect username and password I get our server's authentication/authorization failed page and it doesn't get anywhere near the servlet. Within my servlet I then want to use getRemoteUser() method of the HttpServletRequest object to obtain the username which was supplied. Whenever I try this though, it always returns null. The request does contain an authorization header, but I can't seem to get a username out of it. Any ideas please? (If I need to RTFM, please point me in the right direction.) Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser()
Add the following to jk2.properties request.tomcatAuthentication=false That tells Tomcat to take its authentication information from the jk or jk2 connector which gets it from Apache. Jake At 03:22 PM 8/12/2003 +0100, you wrote: I'm having some difficulty making the getRemoteUser() method work. It's possible I have missed the point of this method, but I'll explain what I'm trying to do anyway. I'm using mod_jk to map the url /lemons to a servlet which is running on Tomcat 1.4.27. I've got mod_jk set up okay and the mapping works fine: JkMount /lemons ajp13 I have then set up a Limit directive in my apache configuration for the url, thus: Location /lemons Limit GET PUT POST require user dave /Limit /Location This works as expected. If I go to this url I am prompted for a username and password. If I enter dave and the correct password then the request is passed through to my servlet. If I enter an incorrect username and password I get our server's authentication/authorization failed page and it doesn't get anywhere near the servlet. Within my servlet I then want to use getRemoteUser() method of the HttpServletRequest object to obtain the username which was supplied. Whenever I try this though, it always returns null. The request does contain an authorization header, but I can't seem to get a username out of it. Any ideas please? (If I need to RTFM, please point me in the right direction.) Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser = null
I'm having the same problem that it seems many of you have had. I'm using tomcat 4.1.24 and apache with the JkCoyote connector. I've set tomcatAuthentication=false in jk2.properties. Yet, getRemoteUser is still returning null. Would someone who's gotten this working mind posting the relevant portions of your config files (web.xml, server.xml, jk2.properties). Are you using .htaccess also or anything special in the apache config files? Thanks, Jennifer
Re: getRemoteUser = null
On Wed, 25 Jun 2003 18:42, Jason Riley wrote: I'm having the same problem that it seems many of you have had. I'm using tomcat 4.1.24 and apache with the JkCoyote connector. I've set tomcatAuthentication=false in jk2.properties. Yet, getRemoteUser is still returning null. Would someone who's gotten this working mind posting the relevant portions of your config files (web.xml, server.xml, jk2.properties). Are you using .htaccess also or anything special in the apache config files? What sort of authentication are you using then? Regards, -- Jason Bainbridge http://jblinux.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser = null
I'm trying to use BASIC authentication with Tomcat. My web.xml has security-constraint login-config, etc. in it. This does cause the login dialog to appear. But when I enter a user/password, the dialog box is just presented again. I believe this is because the remote user in the request is still set to null, so Tomcat throws it back out for authentication again. The user/password are in the tomcat-users.conf file for now although the plan is to move to LDAP. I've tried setting tomcatAuthentication to both true and false and nothing changes. Thanks, Jennifer - Original Message - From: Jason Bainbridge [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 20:35 Subject: Re: getRemoteUser = null On Wed, 25 Jun 2003 18:42, Jason Riley wrote: I'm having the same problem that it seems many of you have had. I'm using tomcat 4.1.24 and apache with the JkCoyote connector. I've set tomcatAuthentication=false in jk2.properties. Yet, getRemoteUser is still returning null. Would someone who's gotten this working mind posting the relevant portions of your config files (web.xml, server.xml, jk2.properties). Are you using .htaccess also or anything special in the apache config files? What sort of authentication are you using then? Regards, -- Jason Bainbridge http://jblinux.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRemoteUser is returning null
AFAICT, getRemoteUser() returns a user name only if that user name has been sent via HTTP. Not with certificates. For certificates, see my post 1 minute ago. Antonio Fiol seera naveen wrote: Hi, When I try to retrieve request.getRemoteUser() in Tomcat 4.1.24, it is returning null. I am not using any of Realms, but I am having my own logging mechanism. (checking usernames/passwords against LDAP manually). Why is this behaving like this? Am I doing something wrong? Also, can any body tell me what exactly is Digital key authentication.(because we use certificates for authentication. Does this means authenticating users against LDAP also?) Any help would be greatly appreciated. Thanks in advance.. naveen Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser() is null SSL Authentication
Hi, When I try to retrieve request.getRemoteUser() in Tomcat 4.1.24, it is returning null. I am not using any of Realms, but I am having my own logging mechanism. (checking usernames/passwords against LDAP manually). Why is this behaving like this? Is it a known problem? Also, can any body tell me what exactly is Digital key authentication.(because we use certificates for authentication. Does this means authenticating users against LDAP also?) Any help would be greatly appreciated. Thanks in advance.. naveen Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser is returning null
Hi, When I try to retrieve request.getRemoteUser() in Tomcat 4.1.24, it is returning null. I am not using any of Realms, but I am having my own logging mechanism. (checking usernames/passwords against LDAP manually). Why is this behaving like this? Am I doing something wrong? Also, can any body tell me what exactly is Digital key authentication.(because we use certificates for authentication. Does this means authenticating users against LDAP also?) Any help would be greatly appreciated. Thanks in advance.. naveen Send free SMS using the Yahoo! Messenger. Go to http://in.mobile.yahoo.com/new/pc/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null Finally found the problem. I started with JK, and added the /examples section from the auto-generated mod_jk.conf to my httpd.conf: Alias /examples C:/... Directory C:/... ... /Directory When I switched to JK2, I removed all the JkMounts and kept using the above. After hours of watching bytes pass by between httpd and Tomcat, hacking on the source, and general tweaking, it gradually dawned on me that I should scrap the above and use Location /examples ... /Location and getRemoteUser() started working straight away. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
Peter, where do you search? :) better to search where the info is ... http://marc.theaimsgroup.com/?w=2r=1s=tomcatAuthenticationq=t elaborating on b): jk2 is the internal name for 2 things: 1) a new native connector arch based on jk but enterely new.. 2) the new Coyote based ajp13 connector, that is the java code that manages ajp13 connections.. and it's compatible with native jk and jk2.. that is this new connector replace the ajp13connector you found in 4.0.6 server.xml jk2.properties it's a cfg file for Coyote/jk2.. here it's a explanation of the subtles for this 3 different things, jk native, jk2 native, and Coyote/jk2 connector for tomcat.., http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/doc/ Saludos, Ignacio J. Ortega -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 1:22 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null a) My apologies. I certainly try to send plain text, but Outlook has a mind of its own, however tiny it may be. I think I've now beaten it into submission. b) I'll give it a try. From what I've seen mentioned of jk2, it's not ready for production use, not as tested and reliable as jk, etc, so I've haven't tried it. I also presumed that jk and jk2 being different things, that a jk2.properties file wouldn't modify a jk configuration. c) I've searched for tomcatAuthentication, but I didn't realise that putting it in the properties file (as opposed to specifying it in server.xml) would make a difference.(Not to mention that searching the archive is currently returning 0 results.) Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Ignacio J. Ortega [ mailto:[EMAIL PROTECTED] Sent: Wednesday, 12 March 2003 1:56 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null Peter, a) Dont send HTML messages to this list, Read http://jakarta.apache.org/site/mail.html. b) jk2.properties it's used for the coyote connector jk configuration ( aka jk2 java part), not matter which native connector (jk,jk2) you use.. c) The recipe of i gave to you has been proved to death, by many people, search archives for tomcatAuthentication.. Saludos, Ignacio J. Ortega -Original Message- From: Mayne, Peter [ mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 2:27 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add ... to jk2.properties jk2, even though I'm using jk? Anyway, I tried it and it still didn't work. Thanks anyway. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Ignacio J. Ortega [ mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 March 2003 12:21 PM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add request.tomcatAuthentication=false to jk2.properties Saludos, Ignacio J. Ortega -Original Message- From: Filip Hanik [ mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 1:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [ mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null I've built jk2 2.0.2 against Apache 2.0.44, run it with Tomcat 4.1.18, and still get exactly the same results: everything seems to work except for getRemoteUser() still returning null. There is an entry [error] mod_jk child init 1 0 in the Apache log when it starts. I have no idea what this means, even after looking at the source. workers2.properties (chmeee is the hostname): [shm] file=${serverRoot}/logs/shm.file size=1048576 [channel.socket:chmeee:8009] port=8009 host=chmeee #info=Ajp13 forwarding over socket tomcatId=chmeee:8009 [ajp13:chmeee:8009] channel=channel.socket:chmeee:8009 # Map the Tomcat examples webapp to the Web server uri space [uri:/examples/*] worker=ajp13:chmeee:8009 #info=Map the whole webapp # define the worker [status:status] # Uri mapping [uri:/jkstatus/*] worker=status:status jk2.properties: shm.file=/oss/Apache-2.0.44/logs/shm.file request.tomcatAuthentication=false #request.tomcatAuthentication=true (I've tried it with both true and false. I expected the correct setting to be false, but http://marc.theaimsgroup.com/?l=tomcat-user=104322962412519=2 says true. Tomcat connector: Connector className=org.apache.coyote.tomcat4.CoyoteConnector tomcatAuthentication=false acceptCount=10 bufferSize=2048 connectionTimeout=0 debug=9 disableUploadTimeout=false enableLookups=true maxProcessors=75 minProcessors=5 port=8009 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler proxyPort=0 redirectPort=8443 scheme=http secure=false tcpNoDelay=true useURIValidationHack=false Factory className=org.apache.catalina.net.DefaultServerSocketFactory/ /Connector What do I try next? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
Hi, I've just installed tomcat4.1.18 with IIS and jk2 and it works fine. I was having problems with the getRemoteUser(), and it works fine when using jk2. I posted the steps to install onto my website http://www.reynir.net/tomcat/tomcat_IIS_service_jk2.html There may be some bugs in these docs, but this installation works for me so maybe it could help someone. [EMAIL PROTECTED] -Original Message- From: Robert Biernat [mailto:[EMAIL PROTECTED] Sent: 11. mars 2003 00:26 To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null I sent a message earlier with a similiar problem however I'm using IIS 5.0 and the ISAPI redirector, and not using Apache with SSL certificates. It appears the combination of the CoyoteConnector and the JkCoyoteHandler is where the bugs lies. I switched off the CoyoteConnector, and reverted back to the old Ajp13Connector, added the attribute tomcatAuthentication=false and it worked fine. However I've been having stability problems with the Ajp13Connector (Tomcat runs out of threads) and want to upgrade to the new CoyoteConnector as soon as possible. At this stage this bug is all that is holding me back from deployment of 4.1.18 to production. Rob -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 March 2003 11:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
Peter, a) Dont send HTML messages to this list, Read http://jakarta.apache.org/site/mail.html. b) jk2.properties it's used for the coyote connector jk configuration ( aka jk2 java part), not matter which native connector (jk,jk2) you use.. c) The recipe of i gave to you has been proved to death, by many people, search archives for tomcatAuthentication.. Saludos, Ignacio J. Ortega -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 2:27 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add ... to jk2.properties jk2, even though I'm using jk? Anyway, I tried it and it still didn't work. Thanks anyway. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 March 2003 12:21 PM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add request.tomcatAuthentication=false to jk2.properties Saludos, Ignacio J. Ortega -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 1:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null I've reverted to Tomcat 4.0.6, I'm using mod_jk that I've built myself against Apache 2.0.44, and I'm using Ajp13Connector, but getRemoteUser() still doesn't work, and I'm tearing my hair out. Server.xml contains (in part): Server port=8005 shutdown=SHUTDOWN debug=0 !-- jk -- Listener className=org.apache.ajp.tomcat4.config.ApacheConfig modJk=C:/oss/Apache-2.0.44/modules/mod_jk-2.0.44.dll workersConfig=c:/oss/jakarta-tomcat-4.0.6/conf/jk/workers.properties jkLog=c:/oss/jakarta-tomcat-4.0.6/logs/mod_jk.log / ... !-- Define the default virtual host -- Host name=localhost debug=0 appBase=webapps unpackWARs=true !-- jk -- Listener className=org.apache.ajp.tomcat4.config.ApacheConfig append=true forwardAll=true modJk=c:/oss/Apache-2.0.44/modules/mod_jk-2.0.44.dll workersConfig=c:/oss/jakarta-tomcat-4.0.6/conf/jk/workers.properties jkLog=c:/oss/jakarta-tomcat-4.0.6/logs/mod_jk.log / !-- Define an AJP 1.3 Connector on port 8009 -- Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=9 tomcatAuthentication=false/ workers.properties: worker.list=ajp13 worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8009 httpd.conf contains (in part): JkWorkersFile c:/oss/jakarta-tomcat-4.0.6/conf/jk/workers.properties JkLogFile c:/oss/jakarta-tomcat-4.0.6/logs/mod_jk.log JkLogLevel emerg JkExtractSSL On VirtualHost _default_:443 Alias /examples C:/oss/jakarta-tomcat-4.0.6/webapps/examples Directory C:/oss/jakarta-tomcat-4.0.6/webapps/examples Options Indexes FollowSymLinks DirectoryIndex index.html index.htm index.jsp SSLOptions +StdEnvVars +FakeBasicAuth AuthType Basic AuthName This realm AuthUserFile conf/passwd Require valid-user /Directory JkMount /examples ajp13 JkMount /examples/* ajp13 JkMount /examples/jsp/security/protected/j_security_check ajp13 JkMount /examples/snoop ajp13 JkMount /examples/servlet/* ajp13 JkMount /examples/CompressionTest ajp13 JkMount /examples/*.jsp ajp13 JkMount /examples/servletToJsp ajp13 JkMount /examples/SendMailServlet ajp13 /VirtualHost and finally, the connector log: 2003-03-11 23:42:30 Ajp13Processor[8009][4] [Ajp13] receiveNextRequest() 2003-03-11 23:42:30 Ajp13Processor[8009][4] [Ajp13] receive() 2003-03-11 23:42:31 Ajp13Processor[8009][4] [Ajp13] Received 4 589 18 2003-03-11 23:42:31 Ajp13Processor[8009][4] [Ajp13] receive: total read = 589 2003-03-11 23:42:31 Ajp13Processor[8009][4] [Ajp13] Received 2 JK_AJP13_FORWARD_REQUEST 2003-03-11 23:42:31 Ajp13Processor[8009][4] [Ajp13] [RequestHandler] decodeRequest() 2003-03-11 23:42:31 Ajp13Processor[8009][4] [Ajp13] [RequestHandler] === BaseRequest === method = GET protocol = HTTP/1.1 requestURI = /examples/jsp/snp/snoop.jsp remoteAddr = 192.168.254.1 remoteHost = null serverName = chmeee serverPort = 443 remoteUser = null authType = null queryString = null scheme = https secure = true contentLength = 0 contentType = null attributes = {} headers = === MimeHeaders === host = chmeee user-agent = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 accept = application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1 accept-language = en-us, en;q=0.50 accept-encoding = gzip, deflate, compress;q=0.9 accept-charset = ISO-8859-1, utf-8;q=0.66, *;q=0.66 keep-alive = 300 connection = keep-alive referer = https://chmeee/examples/jsp/ cookie = JSESSIONID=3832DD83EC747E4E4023C3E20054BBEA cache-control = max-age=0 content-length = 0 cookies = === Cookies === Cookie JSESSIONID=3832DD83EC747E4E4023C3E20054BBEA ; 0 null null jvmRoute = null What am I doing wrong? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null a) My apologies. I certainly try to send plain text, but Outlook has a mind of its own, however tiny it may be. I think I've now beaten it into submission. b) I'll give it a try. From what I've seen mentioned of jk2, it's not ready for production use, not as tested and reliable as jk, etc, so I've haven't tried it. I also presumed that jk and jk2 being different things, that a jk2.properties file wouldn't modify a jk configuration. c) I've searched for tomcatAuthentication, but I didn't realise that putting it in the properties file (as opposed to specifying it in server.xml) would make a difference.(Not to mention that searching the archive is currently returning 0 results.) Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 12 March 2003 1:56 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null Peter, a) Dont send HTML messages to this list, Read http://jakarta.apache.org/site/mail.html. b) jk2.properties it's used for the coyote connector jk configuration ( aka jk2 java part), not matter which native connector (jk,jk2) you use.. c) The recipe of i gave to you has been proved to death, by many people, search archives for tomcatAuthentication.. Saludos, Ignacio J. Ortega -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 11, 2003 2:27 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add ... to jk2.properties jk2, even though I'm using jk? Anyway, I tried it and it still didn't work. Thanks anyway. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 March 2003 12:21 PM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add request.tomcatAuthentication=false to jk2.properties Saludos, Ignacio J. Ortega -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 11, 2003 1:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED]] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have
JK + client authentication: getRemoteUser() returns null
Title: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
I sent a message earlier with a similiar problem however I'm using IIS 5.0 and the ISAPI redirector, and not using Apache with SSL certificates. It appears the combination of the CoyoteConnector and the JkCoyoteHandler is where the bugs lies. I switched off the CoyoteConnector, and reverted back to the old Ajp13Connector, added the attribute tomcatAuthentication=false and it worked fine. However I've been having stability problems with the Ajp13Connector (Tomcat runs out of threads) and want to upgrade to the new CoyoteConnector as soon as possible. At this stage this bug is all that is holding me back from deployment of 4.1.18 to production. Rob -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 March 2003 11:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
add request.tomcatAuthentication=false to jk2.properties Saludos, Ignacio J. Ortega -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 1:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null Thanks to both of you. I suppose I won't be holding my breath. :-\ I'll try using the Ajp13Connector. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Robert Biernat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 March 2003 11:26 AM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 March 2003 11:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null add ... to jk2.properties jk2, even though I'm using jk? Anyway, I tried it and it still didn't work. Thanks anyway. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 March 2003 12:21 PM To: 'Tomcat Users List' Subject: RE: JK + client authentication: getRemoteUser() returns null add request.tomcatAuthentication=false to jk2.properties Saludos, Ignacio J. Ortega -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 11, 2003 1:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip -Original Message- From: Mayne, Peter [mailto:[EMAIL PROTECTED]] Sent: Monday, March 10, 2003 4:01 PM To: Tomcat Users List Subject: JK + client authentication: getRemoteUser() returns null I'm using Windows XP Apache 2.0.44 OpenSSL 0.9.7a mod_jk-2.0.43.dll Tomcat 4.1.18 I've followed the instructions at http://www.johnturner.com/howto/winxp-howto.html to set up Apache and Tomcat using JK, with authentication using client certificates. Everything seems to be working fine, except request.getRemoteUser() is returning null. (The REMOTE_USER is shown from a CGI script, so authentication is working.) The only reference I can find to this problem is in /tomcat-docs/config/jk.html: setting the tomcatAuthentication attribute when using org.apache.ajp.tomcat4.Ajp13Connector, but since this connector doesn't appear in my server.xml, it doesn't seem to be relevant. (It does seem to be relevant for Tomcat 4.0.6, but I'd rather not have to try dropping back to there.) Before I post voluminous config files, am I missing something obvious? Thanks. PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion
RE: JK + client authentication: getRemoteUser() returns null
Title: RE: JK + client authentication: getRemoteUser() returns null I just looked through the 4.1.21-beta release notes: it doesn't appear to be fixed there either. Who do we have to bribe around here? :-) PJDM -- Peter Mayne Technology Consultant Spherion Technology Solutions Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 T: 61 2 62689727 F: 61 2 62689777 -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 11 March 2003 11:12 AM To: Tomcat Users List Subject: RE: JK + client authentication: getRemoteUser() returns null you are correct, there is a bug filed for this, Bugzilla Bug 11563 not sure anyone is dealing with it though, Filip The information contained in this email and any attachments to it: (a) may be confidential and if you are not the intended recipient, any interference with, use, disclosure or copying of this material is unauthorised and prohibited; and (b) may contain personal information of the recipient and/or the sender as defined under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to collect, hold and use such information and any personal information contained in a response to this email, for any reasonable purpose in the ordinary course of Spherion's business, including forwarding this email internally or disclosing it to a third party. All personal information collected by Spherion will be handled in accordance with Spherion's Privacy Policy. If you have received this email in error, please notify the sender and delete it. (c) you agree not to employ or arrange employment for any candidate(s) supplied in this email and any attachments without first entering into a contractual agreement with Spherion. You further agree not to divulge any information contained in this document to any person(s) or entities without the express permission of Spherion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRemoteUser() not working in 4.1.18 using Coyote AJP13 Connector and IIS
Hi, Currently using Tomcat 4.1.12/Coyote AJP 13 connector with IIS 5.0 and the 1.2.2 JK2 ISAPI redirector. Have recently upgradeded to Tomcat 4.1.18, and it appears the call to request.getRemoteUser is no longer functioning correctly. It is returining a null or empty value, whereas in 4.1.12, it would return the username IIS authenticated. Is this a known issue when moving to 4.1.18, or is it simply a misconfiguration of the CoyoteConnector. I have looked around and havent been able to find any option that may turn this feature back on. I remember in the older AJP connectors, there was an option called tomcatAuthentication, which had to be set to false. I tried this option on the CoyoteConnector but it appears to not have any affect. Thanks Rob
Tomcat 4.1.18 - IIS - JK2 - getRemoteUser() returns Null
Hi I'm using : Tomcat 4.1.18 IIS 5.1. (running on XP) JK2 (isapi_redirector2.dll) Jdk 1.4.1_1 I tried to set request.tomcatAuthentication=false In my jk2.properties. For some reason IIS does not authenticate the user, and when I ask for the user (on the first request) in a jsp document, with request.getRemoteUser() it returns null. Can anyone point me in the correct direction here ? I sent an email just before weekend, at that time I was trying to use the isapi_redirect(but not isapi_redirector2). I had similar problems at that time, and I was hoping configuring the new jk2 would solve that... Thanx - [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.1.18 - IIS - JK2 - getRemoteUser() returns Null
Hi, I've seem to have resolved this problem my self. It seems like it's due to the fact I was locking a subdirectory under IIS but not the whole host. If I lock the host I get the domainname\username from getRemoteUser(). Thanx anyways. -reynir -Original Message- From: Reynir Hübner Sent: 27. janúar 2003 14:06 To: Tomcat Users List Subject: Tomcat 4.1.18 - IIS - JK2 - getRemoteUser() returns Null Hi I'm using : Tomcat 4.1.18 IIS 5.1. (running on XP) JK2 (isapi_redirector2.dll) Jdk 1.4.1_1 I tried to set request.tomcatAuthentication=false In my jk2.properties. For some reason IIS does not authenticate the user, and when I ask for the user (on the first request) in a jsp document, with request.getRemoteUser() it returns null. Can anyone point me in the correct direction here ? I sent an email just before weekend, at that time I was trying to use the isapi_redirect(but not isapi_redirector2). I had similar problems at that time, and I was hoping configuring the new jk2 would solve that... Thanx - [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Aleix, Hi, In the mail I wrote incorrectly the tomcatAuthentication sentence, but I wrote it correctly in the jk2.properties file. Think of it too ;), but discarded to ask for :) thanks for the clarification.. My authentication in Apache is made throw a users file that can be declared in httpd.conf in Apache. Then in the same file, I have the sentences to connect to Tomcat, and it works fine because I can call all my servlets without problems. Maybe I'm forgetting something. I assume that without tomcat using only apache you can see the BAsic Auth dialog pops up.. Sorry to insist but the behaviour one can observe, when the 2 servers (tomcat apache ) are throwing his auth independently, is other, one see Apache throwing his auth dialogs, but later Tomcat refuses to enter in the protected area, so you can end seeing 2 auth dialogs poping up.. but to see only the tomcat one is really strange.. seems as Apache not correctly configured from here.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Aleix, security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role Oops, sorry senility is starting to bother me ;).. Well the problem is related to the fact that Apache doenst have a roleslike info and of course not having them Tomcat cannot know it from him, so your security constraint ends not seeing the correct role for that user, you need to have a correctly configured realm, using the exact same names you get from apache, where tomcat can go to ask for the user's roles... the Realm type doesnt matter for our porpouse.. If configuring exactly the same user name to have the needed roles in a tomcat realm doesnt work, i think it's a bug in tc 4.1.18.. So to summarize: 1) Apache needs to be configured tro do the auth 2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) containing the same exact usernames, with the associated roles, tha Apache will transmit to TC.. 3) tomcatAuthentication=false, so tomcat will get the username from Apache.. I know is a pain, but the lack of the roles concept in Apache makes it cumbersome, as web.xml only uses role names for security constraint not usernames.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
I actually had to comment out my security-constraint's to make it so Tomcat would not ask for authentication to make it not request it. If there is a workaround where that stuff is just ignored in the case of tomcatAuthentication=false and invoked in the case of tomcatAuthentication=true, that would be excellent because then I wouldn't have such a dependency on Apache to provide for the username and password. I certainly need to have Apache fronting it in production, but for testing, it would be nice to go straight at Tomcat rather than through Apache without having to modify my web.xml file. Please let me know if you find such a feature set in Tomcat. thanks, Jake At 08:17 AM 1/23/2003 +0100, you wrote: Hi, In the mail I wrote incorrectly the tomcatAuthentication sentence, but I wrote it correctly in the jk2.properties file. My authentication in Apache is made throw a users file that can be declared in httpd.conf in Apache. Then in the same file, I have the sentences to connect to Tomcat, and it works fine because I can call all my servlets without problems. Maybe I'm forgetting something. Thank you Aleix -Mensaje original- De: Jacob Kjome [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 5:24 Para: Tomcat Users List Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Notice that you misspelled tomcatAuthentication. You wrote: request.tomcatAuthenticatoin=false It should be request.tomcatAuthentication=false Jake At 12:58 AM 1/23/2003 +0100, you wrote: Ok, Sorry about the laguage. My Apache version is 2.0.43 and Tomcat 4.1.18. I have a servlets path with the web.xml file with the authentication configuration in this way: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role And in my jk2.properties file I have this entry: request.tomcatAuthenticatoin=false. But, tomcat asks me for the login! My users are authenticated throw Apache, and I want to use this logins with my servlets. Thank you Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 0:36 Para: 'Tomcat Users List' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, Hola Ignacio, He estado probando exactamente lo que vosotrois comentais, pero Tomcat me sigue pidiendo que entre login i password. Alguna idea? No entiendo bien, estas seguro de que quien pide el password es tomcat y no el servidor de http? Un poco de informacion sobre tu configuracion ayudaria un tanto, IIS? Apache? version tomcat? etc etc Y mejor en ingles en adelante.. asi se entera todo el mundo.. Gracias Aleix Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RV: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
-Mensaje original- De: Aleix Vergés [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 22:52 Para: 'Ignacio J. Ortega' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat How can I send this to that box? This is my first contribution to the forum Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 22:19 Para: 'Aleix Vergés' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, te agradeceria que mandaras esto a tomcat-user tb.., asi los demas se enteran, tb.. gracias Ahhh y me alegro un taco que te funcione... tamos pa eso :) Saludos, Ignacio J. Ortega -Original Message- From: Aleix Vergés [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 10:02 PM To: Ignacio J. Ortega Subject: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Hi, Thank you very much for your help. Finally my configuration is working properly. Regards Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 16:22 Para: 'Tomcat Users List' CC: '[EMAIL PROTECTED]' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role Oops, sorry senility is starting to bother me ;).. Well the problem is related to the fact that Apache doenst have a roleslike info and of course not having them Tomcat cannot know it from him, so your security constraint ends not seeing the correct role for that user, you need to have a correctly configured realm, using the exact same names you get from apache, where tomcat can go to ask for the user's roles... the Realm type doesnt matter for our porpouse.. If configuring exactly the same user name to have the needed roles in a tomcat realm doesnt work, i think it's a bug in tc 4.1.18.. So to summarize: 1) Apache needs to be configured tro do the auth 2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) containing the same exact usernames, with the associated roles, tha Apache will transmit to TC.. 3) tomcatAuthentication=false, so tomcat will get the username from Apache.. I know is a pain, but the lack of the roles concept in Apache makes it cumbersome, as web.xml only uses role names for security constraint not usernames.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RV: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
-Mensaje original- De: Aleix Vergés [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 22:01 Para: 'Ignacio J. Ortega' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Hi, Thank you very much for your help. Finally my configuration is working properly. Regards Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 16:22 Para: 'Tomcat Users List' CC: '[EMAIL PROTECTED]' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role Oops, sorry senility is starting to bother me ;).. Well the problem is related to the fact that Apache doenst have a roleslike info and of course not having them Tomcat cannot know it from him, so your security constraint ends not seeing the correct role for that user, you need to have a correctly configured realm, using the exact same names you get from apache, where tomcat can go to ask for the user's roles... the Realm type doesnt matter for our porpouse.. If configuring exactly the same user name to have the needed roles in a tomcat realm doesnt work, i think it's a bug in tc 4.1.18.. So to summarize: 1) Apache needs to be configured tro do the auth 2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) containing the same exact usernames, with the associated roles, tha Apache will transmit to TC.. 3) tomcatAuthentication=false, so tomcat will get the username from Apache.. I know is a pain, but the lack of the roles concept in Apache makes it cumbersome, as web.xml only uses role names for security constraint not usernames.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Jacob, However, I've tested both Tomcat-4.1.18 and Tomcat-4.1.19 and both seem to ignore the tomcatAuthentication=false. add request.tomcatAuthentication=true to jk2.properties, it should work this way.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Thanks Ignacio, Works perfectly in Tomcat-4.1.19even with mod_jk, although it is a little confusing to have the config relating to mod_jk in jk2.properties but, oh well, It works :-) BTW, I used request.tomcatAuthentication=false not request.tomcatAuthentication=true Just wanted to clarify for the benefit of those who are trying to take the authentication from Apache for getRemoteUser(). thanks again! Jake Jacob, However, I've tested both Tomcat-4.1.18 and Tomcat-4.1.19 and both seem to ignore the tomcatAuthentication=false. add request.tomcatAuthentication=true to jk2.properties, it should work this way.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Jacob, BTW, I used request.tomcatAuthentication=false not request.tomcatAuthentication=true Ooops, sorry, of course if you want tomcatAuthentication=false, you need to put request.tomcatAuthentication=false not true :, next time i will edit my CutPaste first i promise ..;) Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Hola Ignacio, He estado probando exactamente lo que vosotrois comentais, pero Tomcat me sigue pidiendo que entre login i password. Alguna idea? Gracias Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: miércoles, 22 de enero de 2003 19:20 Para: 'Tomcat Users List'; 'Jacob Kjome' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Jacob, BTW, I used request.tomcatAuthentication=false not request.tomcatAuthentication=true Ooops, sorry, of course if you want tomcatAuthentication=false, you need to put request.tomcatAuthentication=false not true :, next time i will edit my CutPaste first i promise ..;) Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Aleix, Hola Ignacio, He estado probando exactamente lo que vosotrois comentais, pero Tomcat me sigue pidiendo que entre login i password. Alguna idea? No entiendo bien, estas seguro de que quien pide el password es tomcat y no el servidor de http? Un poco de informacion sobre tu configuracion ayudaria un tanto, IIS? Apache? version tomcat? etc etc Y mejor en ingles en adelante.. asi se entera todo el mundo.. Gracias Aleix Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Ok, Sorry about the laguage. My Apache version is 2.0.43 and Tomcat 4.1.18. I have a servlets path with the web.xml file with the authentication configuration in this way: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role And in my jk2.properties file I have this entry: request.tomcatAuthenticatoin=false. But, tomcat asks me for the login! My users are authenticated throw Apache, and I want to use this logins with my servlets. Thank you Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 0:36 Para: 'Tomcat Users List' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, Hola Ignacio, He estado probando exactamente lo que vosotrois comentais, pero Tomcat me sigue pidiendo que entre login i password. Alguna idea? No entiendo bien, estas seguro de que quien pide el password es tomcat y no el servidor de http? Un poco de informacion sobre tu configuracion ayudaria un tanto, IIS? Apache? version tomcat? etc etc Y mejor en ingles en adelante.. asi se entera todo el mundo.. Gracias Aleix Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Aleix, Ok, Sorry about the laguage. Conoces el chiste del taxista de Nueva york? ;) My Apache version is 2.0.43 and Tomcat 4.1.18. I have a servlets path with the web.xml file with the authentication configuration in this way: I suppouse you have configured apache to do the security, dont you? I dont know very well Apache config but i think this is done be tweaking .htaccess files.. Sorry for the dumbest question, but i must ask first :) But, tomcat asks me for the login! My users are authenticated throw Apache, and I want to use this logins with my servlets. Ithink there is a misconception here, to make apache ask for a user and pass is an apache thing, the only thing tomcatAuthentication does is to ignore or use any auth done by the Http server at tomcat level, what this means? You need to config apache first and after that, make tomcat use it.. Tomcat will not command apache to do any auth based on web.xml constraints.. If not the case, i think i'll need to see some logs, the access.log from apache, error.log etc, and the tomcat related ones, not very sure which tomcat logs contains auth info, but putting debug='99' at the context level and authenticator in server.xml will help.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Notice that you misspelled tomcatAuthentication. You wrote: request.tomcatAuthenticatoin=false It should be request.tomcatAuthentication=false Jake At 12:58 AM 1/23/2003 +0100, you wrote: Ok, Sorry about the laguage. My Apache version is 2.0.43 and Tomcat 4.1.18. I have a servlets path with the web.xml file with the authentication configuration in this way: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role And in my jk2.properties file I have this entry: request.tomcatAuthenticatoin=false. But, tomcat asks me for the login! My users are authenticated throw Apache, and I want to use this logins with my servlets. Thank you Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 0:36 Para: 'Tomcat Users List' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, Hola Ignacio, He estado probando exactamente lo que vosotrois comentais, pero Tomcat me sigue pidiendo que entre login i password. Alguna idea? No entiendo bien, estas seguro de que quien pide el password es tomcat y no el servidor de http? Un poco de informacion sobre tu configuracion ayudaria un tanto, IIS? Apache? version tomcat? etc etc Y mejor en ingles en adelante.. asi se entera todo el mundo.. Gracias Aleix Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Hi, In the mail I wrote incorrectly the tomcatAuthentication sentence, but I wrote it correctly in the jk2.properties file. My authentication in Apache is made throw a users file that can be declared in httpd.conf in Apache. Then in the same file, I have the sentences to connect to Tomcat, and it works fine because I can call all my servlets without problems. Maybe I'm forgetting something. Thank you Aleix -Mensaje original- De: Jacob Kjome [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 5:24 Para: Tomcat Users List Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Notice that you misspelled tomcatAuthentication. You wrote: request.tomcatAuthenticatoin=false It should be request.tomcatAuthentication=false Jake At 12:58 AM 1/23/2003 +0100, you wrote: Ok, Sorry about the laguage. My Apache version is 2.0.43 and Tomcat 4.1.18. I have a servlets path with the web.xml file with the authentication configuration in this way: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBASIC Authentication/realm-name /login-config security-role role-nametomcat/role-name /security-role And in my jk2.properties file I have this entry: request.tomcatAuthenticatoin=false. But, tomcat asks me for the login! My users are authenticated throw Apache, and I want to use this logins with my servlets. Thank you Aleix -Mensaje original- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 0:36 Para: 'Tomcat Users List' Asunto: RE: Re[2]: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Aleix, Hola Ignacio, He estado probando exactamente lo que vosotrois comentais, pero Tomcat me sigue pidiendo que entre login i password. Alguna idea? No entiendo bien, estas seguro de que quien pide el password es tomcat y no el servidor de http? Un poco de informacion sobre tu configuracion ayudaria un tanto, IIS? Apache? version tomcat? etc etc Y mejor en ingles en adelante.. asi se entera todo el mundo.. Gracias Aleix Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Hi, I've found an issue with the CoyteConnector that I'm not sure is a bug. In versions of Tomcat previous to Tomcat-4.1.11, the CoyteConnector didn't support the tomcatAuthentication=false which is needed to make a call to getRemoteUser() take the authentication information obtained originally via Apache (or other webserver) front end. As of Tomcat-4.1.11 and through, at least Tomcat-4.1.12, adding tomcatAuthentication=false to the CoyoteConnector works to enable said behavior. However, I've tested both Tomcat-4.1.18 and Tomcat-4.1.19 and both seem to ignore the tomcatAuthentication=false. Based on what Remy says bug 14069 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14069 ), the CoyoteConnector config does not contain any configuration for tomcatAuthentication=false. He suggests putting said config in jk2.properties rather than on the CoyoteConnector config. However, in bug 12196 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 ) Denny Dexter states that this doesn't work for him. Furthermore, I am using mod_jk, not jk2. So, if the CoyoteConnector no longer supports tomcatAuthentication=false, what is the working replacement for it in the configuration for either/both mod_jk and jk2? Jake -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Hi, You are right. I've test same versions and i have no good results. It ignores the tomcatAuthentication entry. Aleix -Mensaje original- De: Jacob Kjome [mailto:[EMAIL PROTECTED]] Enviado el: martes, 21 de enero de 2003 22:01 Para: Tomcat Users List Asunto: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat Hi, I've found an issue with the CoyteConnector that I'm not sure is a bug. In versions of Tomcat previous to Tomcat-4.1.11, the CoyteConnector didn't support the tomcatAuthentication=false which is needed to make a call to getRemoteUser() take the authentication information obtained originally via Apache (or other webserver) front end. As of Tomcat-4.1.11 and through, at least Tomcat-4.1.12, adding tomcatAuthentication=false to the CoyoteConnector works to enable said behavior. However, I've tested both Tomcat-4.1.18 and Tomcat-4.1.19 and both seem to ignore the tomcatAuthentication=false. Based on what Remy says bug 14069 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14069 ), the CoyoteConnector config does not contain any configuration for tomcatAuthentication=false. He suggests putting said config in jk2.properties rather than on the CoyoteConnector config. However, in bug 12196 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 ) Denny Dexter states that this doesn't work for him. Furthermore, I am using mod_jk, not jk2. So, if the CoyoteConnector no longer supports tomcatAuthentication=false, what is the working replacement for it in the configuration for either/both mod_jk and jk2? Jake -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: tomcatAuthentication=false and getRemoteUser returning null in recent versions of Tomcat
Personally, I don't use it, but I believe that it is working in at least 4.1.18. If you are using the CoyoteConnector, then the best place to set the option is in jk2.properties. It really doesn't matter if you are using Jk2 on the native side or not: The java code still works off of this file. I believe that there are some changes to allow the CoyoteConnector to see settings in server.xml, but I don't want to dig through the logs to find out which version they showed up in. Jacob Kjome [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I've found an issue with the CoyteConnector that I'm not sure is a bug. In versions of Tomcat previous to Tomcat-4.1.11, the CoyteConnector didn't support the tomcatAuthentication=false which is needed to make a call to getRemoteUser() take the authentication information obtained originally via Apache (or other webserver) front end. As of Tomcat-4.1.11 and through, at least Tomcat-4.1.12, adding tomcatAuthentication=false to the CoyoteConnector works to enable said behavior. However, I've tested both Tomcat-4.1.18 and Tomcat-4.1.19 and both seem to ignore the tomcatAuthentication=false. Based on what Remy says bug 14069 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14069 ), the CoyoteConnector config does not contain any configuration for tomcatAuthentication=false. He suggests putting said config in jk2.properties rather than on the CoyoteConnector config. However, in bug 12196 ( http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196 ) Denny Dexter states that this doesn't work for him. Furthermore, I am using mod_jk, not jk2. So, if the CoyoteConnector no longer supports tomcatAuthentication=false, what is the working replacement for it in the configuration for either/both mod_jk and jk2? Jake -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
HELP! getRemoteUser()/getUserPrincipal() returns Null
Hi All, I am running Tomcat 4.1.12 and using Struts 1.0 framework. I am doing form based authentication and unable to get the logged in user name in my servlet code. I have tried both request.getRemoteUser() and request.getUserPrincipal() and they return 'null'. Please help. Any suggestions or pointers are greatly appreciated. I have searched the archives and not found any solution so far. Thanks, DP __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
HELP! getRemoteUser()/getUserPrincipal() returns Null
Hi, I am running Tomcat 4.1.12 and using Struts 1.0 framework. I am doing form based authentication and unable to get the logged in user name in my servlet code. I have tried both request.getRemoteUser() and request.getUserPrincipal() and they return 'null'. Please help. Any suggestions or pointers are greatly appreciated. I have searched the archives and not found any solution so far. Thanks, DP __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
getRemoteUser()
I was under the impression that getRemoteUser() was fixed as of 4.1.11. I've upgraded to 4.1.12 but still no luck. It always returns null. We use apache/ssl with mod_jk. Any suggestions? Thanks Dennis -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser()
Hello Dennis, Did you add tomcatAuthentication=false to the Coyote ajp3 connector? here's what mine looks like: !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false tomcatAuthentication=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ Jake Tuesday, September 24, 2002, 1:59:14 PM, you wrote: DM I was under the impression that getRemoteUser() was fixed as of 4.1.11. DM I've upgraded to 4.1.12 but still no luck. It always returns null. We DM use apache/ssl with mod_jk. DM Any suggestions? DM Thanks DM Dennis DM -- DM To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] DM For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser()
I'm still using the older ajp connector because I haven't had time to upgrade the apache side of things. Does the same apply to that connector? I'll fiddle with it. Thanks for the input. Dennis My xml: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0/ On Tue, 2002-09-24 at 13:00, Jacob Kjome wrote: Hello Dennis, Did you add tomcatAuthentication=false to the Coyote ajp3 connector? here's what mine looks like: !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false tomcatAuthentication=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ Jake Tuesday, September 24, 2002, 1:59:14 PM, you wrote: DM I was under the impression that getRemoteUser() was fixed as of 4.1.11. DM I've upgraded to 4.1.12 but still no luck. It always returns null. We DM use apache/ssl with mod_jk. DM Any suggestions? DM Thanks DM Dennis DM -- DM To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] DM For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser()
Just to answer this for anyone else interested. Yes, the tomcatAuthentication in the older ajp connector worked as well. All good, thanks for the input. -Dennis On Tue, 2002-09-24 at 13:09, Dennis Muhlestein wrote: I'm still using the older ajp connector because I haven't had time to upgrade the apache side of things. Does the same apply to that connector? I'll fiddle with it. Thanks for the input. Dennis My xml: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0/ On Tue, 2002-09-24 at 13:00, Jacob Kjome wrote: Hello Dennis, Did you add tomcatAuthentication=false to the Coyote ajp3 connector? here's what mine looks like: !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false tomcatAuthentication=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ Jake Tuesday, September 24, 2002, 1:59:14 PM, you wrote: DM I was under the impression that getRemoteUser() was fixed as of 4.1.11. DM I've upgraded to 4.1.12 but still no luck. It always returns null. We DM use apache/ssl with mod_jk. DM Any suggestions? DM Thanks DM Dennis DM -- DM To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] DM For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser() reset to null after authenticated user hits an unauthorized page
Craig R. McClanahan [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On Fri, 16 Aug 2002, Scott Dayberry wrote: Date: Fri, 16 Aug 2002 11:11:53 -0600 From: Scott Dayberry [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: getRemoteUser() reset to null after authenticated user hits an unauthorized page Thanks for your response. I was hoping it wasn't a bug in 3.2.3, but rather a configuration problem, or that a workaround existed. :*) Does this bug exist in 3.3.1? I haven't got a clue ... I've never used 3.3 for anything. I'm sure others here can speak to that. You've never wanted to run Tomcat under J2ME on you toaster? ;-) getRemoteUser() works as expected under 3.3.1. I've been reluctant to upgrade to Tomcat 4 due to potential installation and compatibility issues with Apache 1.3.X, mod_jk.so, on both Solaris 2.6 and 2.8. Is this combination a clean upgrade on both OS's? Likewise, you're better off asking some of the other folks who use the web connectors, but my impression is that it should work well for you. As much as I hate to admit it, Craig is probably right. The Java side of the 4.x connectors are compatible with the 3.x binary Apache modules. In theory you can install your favorite version of 4.0.x without changing anything on the Apache side, and install 4.1.x with only slight changes on the Tomcat side. Craig -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 10:30 AM To: Tomcat Users List Subject: Re: getRemoteUser() reset to null after authenticated user hits an unauthorized page On Fri, 16 Aug 2002, Scott Dayberry wrote: Date: Fri, 16 Aug 2002 09:31:38 -0600 From: Scott Dayberry [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: getRemoteUser() reset to null after authenticated user hits an unauthorized page I am using form-based authentication under Tomcat 3.2.3. I have 3 security-constraint sections in web.xml for 3 different user roles. If an already authenticated user selects a page to which he is not authorized, he is redirected to the form-error-page (I thought this should be a 403-Forbidden error instead), and his authentication is invalidated. (A getRemoteUser() call returning null at this point verifies this). The implication of this, is that he can no longer select any pages that he IS authorized for, and must re-login. Is this a known bug with Tomcat 3.2.3, expected behavior, or is there a configuration setting I am missing? Sounds like a bug in 3.2.3 (which is pretty ancient, by the way). I think 3.2.3 also failed to return getRemoteUser() correctly when you successfully log on, and then navigate to a URL not protected by a security constraint. Tomcat 4.0 and 4.1 handle that situation correctly. Thanks in advance, Scott Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
getRemoteUser() reset to null after authenticated user hits anunauthorized page
I am using form-based authentication under Tomcat 3.2.3. I have 3 security-constraint sections in web.xml for 3 different user roles. If an already authenticated user selects a page to which he is not authorized, he is redirected to the form-error-page (I thought this should be a 403-Forbidden error instead), and his authentication is invalidated. (A getRemoteUser() call returning null at this point verifies this). The implication of this, is that he can no longer select any pages that he IS authorized for, and must re-login. Is this a known bug with Tomcat 3.2.3, expected behavior, or is there a configuration setting I am missing? Thanks in advance, Scott -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser() reset to null after authenticated user hits anunauthorized page
On Fri, 16 Aug 2002, Scott Dayberry wrote: Date: Fri, 16 Aug 2002 09:31:38 -0600 From: Scott Dayberry [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: getRemoteUser() reset to null after authenticated user hits an unauthorized page I am using form-based authentication under Tomcat 3.2.3. I have 3 security-constraint sections in web.xml for 3 different user roles. If an already authenticated user selects a page to which he is not authorized, he is redirected to the form-error-page (I thought this should be a 403-Forbidden error instead), and his authentication is invalidated. (A getRemoteUser() call returning null at this point verifies this). The implication of this, is that he can no longer select any pages that he IS authorized for, and must re-login. Is this a known bug with Tomcat 3.2.3, expected behavior, or is there a configuration setting I am missing? Sounds like a bug in 3.2.3 (which is pretty ancient, by the way). I think 3.2.3 also failed to return getRemoteUser() correctly when you successfully log on, and then navigate to a URL not protected by a security constraint. Tomcat 4.0 and 4.1 handle that situation correctly. Thanks in advance, Scott Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: getRemoteUser() reset to null after authenticated user hits anunauthorized page
Thanks for your response. I was hoping it wasn't a bug in 3.2.3, but rather a configuration problem, or that a workaround existed. :*) Does this bug exist in 3.3.1? I've been reluctant to upgrade to Tomcat 4 due to potential installation and compatibility issues with Apache 1.3.X, mod_jk.so, on both Solaris 2.6 and 2.8. Is this combination a clean upgrade on both OS's? -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 10:30 AM To: Tomcat Users List Subject: Re: getRemoteUser() reset to null after authenticated user hits an unauthorized page On Fri, 16 Aug 2002, Scott Dayberry wrote: Date: Fri, 16 Aug 2002 09:31:38 -0600 From: Scott Dayberry [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: getRemoteUser() reset to null after authenticated user hits an unauthorized page I am using form-based authentication under Tomcat 3.2.3. I have 3 security-constraint sections in web.xml for 3 different user roles. If an already authenticated user selects a page to which he is not authorized, he is redirected to the form-error-page (I thought this should be a 403-Forbidden error instead), and his authentication is invalidated. (A getRemoteUser() call returning null at this point verifies this). The implication of this, is that he can no longer select any pages that he IS authorized for, and must re-login. Is this a known bug with Tomcat 3.2.3, expected behavior, or is there a configuration setting I am missing? Sounds like a bug in 3.2.3 (which is pretty ancient, by the way). I think 3.2.3 also failed to return getRemoteUser() correctly when you successfully log on, and then navigate to a URL not protected by a security constraint. Tomcat 4.0 and 4.1 handle that situation correctly. Thanks in advance, Scott Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: getRemoteUser() reset to null after authenticated user hits anunauthorized page
On Fri, 16 Aug 2002, Scott Dayberry wrote: Date: Fri, 16 Aug 2002 11:11:53 -0600 From: Scott Dayberry [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: getRemoteUser() reset to null after authenticated user hits an unauthorized page Thanks for your response. I was hoping it wasn't a bug in 3.2.3, but rather a configuration problem, or that a workaround existed. :*) Does this bug exist in 3.3.1? I haven't got a clue ... I've never used 3.3 for anything. I'm sure others here can speak to that. I've been reluctant to upgrade to Tomcat 4 due to potential installation and compatibility issues with Apache 1.3.X, mod_jk.so, on both Solaris 2.6 and 2.8. Is this combination a clean upgrade on both OS's? Likewise, you're better off asking some of the other folks who use the web connectors, but my impression is that it should work well for you. Craig -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 10:30 AM To: Tomcat Users List Subject: Re: getRemoteUser() reset to null after authenticated user hits an unauthorized page On Fri, 16 Aug 2002, Scott Dayberry wrote: Date: Fri, 16 Aug 2002 09:31:38 -0600 From: Scott Dayberry [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: getRemoteUser() reset to null after authenticated user hits an unauthorized page I am using form-based authentication under Tomcat 3.2.3. I have 3 security-constraint sections in web.xml for 3 different user roles. If an already authenticated user selects a page to which he is not authorized, he is redirected to the form-error-page (I thought this should be a 403-Forbidden error instead), and his authentication is invalidated. (A getRemoteUser() call returning null at this point verifies this). The implication of this, is that he can no longer select any pages that he IS authorized for, and must re-login. Is this a known bug with Tomcat 3.2.3, expected behavior, or is there a configuration setting I am missing? Sounds like a bug in 3.2.3 (which is pretty ancient, by the way). I think 3.2.3 also failed to return getRemoteUser() correctly when you successfully log on, and then navigate to a URL not protected by a security constraint. Tomcat 4.0 and 4.1 handle that situation correctly. Thanks in advance, Scott Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
getRemoteUser in Tomcat 3.3.1 does not work
Hi, I am trying to get the remote user under tomcat 3.3.1 and apache 1.3.12 on NT4 and Win2k. The authentification is done by apache and the ntlm module. If I try getRemoteUser() I only get a null value. I tryed NTLM and BASIC authentification - nothing works. I tryed various mod_jk.dll Versions - nothing helps. I tryed Tomcat 3.2.3 - everything works fine. Whats the problem with tomcat 3.3.1? Is this a bug or bevavior by design? cu Andreas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: getRemoteUser in Tomcat 3.3.1 does not work
hi, whats the size of your mod_jk.dll.. Is it 120 kb..?.. just confirm me.. bye, Murugan -Original Message- From: Andreas Lehmann [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 3:13 PM To: 'Tomcat Users List' Subject: getRemoteUser in Tomcat 3.3.1 does not work Hi, I am trying to get the remote user under tomcat 3.3.1 and apache 1.3.12 on NT4 and Win2k. The authentification is done by apache and the ntlm module. If I try getRemoteUser() I only get a null value. I tryed NTLM and BASIC authentification - nothing works. I tryed various mod_jk.dll Versions - nothing helps. I tryed Tomcat 3.2.3 - everything works fine. Whats the problem with tomcat 3.3.1? Is this a bug or bevavior by design? cu Andreas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: getRemoteUser in Tomcat 3.3.1 does not work
I tried the 120kB Version and the 116kB Version - nothing works. BTW what about version-numbers in mod_jk?? I think it would be a great idea... -Ursprüngliche Nachricht- Von:Telesis Support - Bangalore [SMTP:[EMAIL PROTECTED]] Gesendet am:Freitag, 12. Juli 2002 11:58 An: Tomcat Users List Betreff:RE: getRemoteUser in Tomcat 3.3.1 does not work hi, whats the size of your mod_jk.dll.. Is it 120 kb..?.. just confirm me.. bye, Murugan -Original Message- From: Andreas Lehmann [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 3:13 PM To: 'Tomcat Users List' Subject: getRemoteUser in Tomcat 3.3.1 does not work Hi, I am trying to get the remote user under tomcat 3.3.1 and apache 1.3.12 on NT4 and Win2k. The authentification is done by apache and the ntlm module. If I try getRemoteUser() I only get a null value. I tryed NTLM and BASIC authentification - nothing works. I tryed various mod_jk.dll Versions - nothing helps. I tryed Tomcat 3.2.3 - everything works fine. Whats the problem with tomcat 3.3.1? Is this a bug or bevavior by design? cu Andreas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser in Tomcat 3.3.1 does not work
Mine has 120 kB and is for Apache 1.3.26. Nick Telesis Support - Bangalore wrote: hi, whats the size of your mod_jk.dll.. Is it 120 kb..?.. just confirm me.. bye, Murugan -Original Message- From: Andreas Lehmann [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 3:13 PM To: 'Tomcat Users List' Subject: getRemoteUser in Tomcat 3.3.1 does not work Hi, I am trying to get the remote user under tomcat 3.3.1 and apache 1.3.12 on NT4 and Win2k. The authentification is done by apache and the ntlm module. If I try getRemoteUser() I only get a null value. I tryed NTLM and BASIC authentification - nothing works. I tryed various mod_jk.dll Versions - nothing helps. I tryed Tomcat 3.2.3 - everything works fine. Whats the problem with tomcat 3.3.1? Is this a bug or bevavior by design? cu Andreas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Nikolas A. Rathert Fraunhofer Institute for Computer Graphics e-Learning Knowledge Management Fraunhoferstrasse 5 D-64283 Darmstadt Germany Fon +49 6151 155 552 Fax +49 6151 155 569 email: [EMAIL PROTECTED] www: http://www.igd.fhg.de -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: getRemoteUser in Tomcat 3.3.1 does not work
To use Apache's authentication, you must update the Ajp13Connector to set tomcatAuthentication false in your server.xml (it defaults true), i.e.: Ajp13Connector port=8009 tomcatAuthentication=false / There is a little bit of documentation concerning this in the server.xml, above the Ajp13Connector element. You can find a little more documentation here: http://jakarta.apache.org/tomcat/tomcat-3.3-doc/serverxml.html#Ajp13Connector Once tomcatAuthentication is set false, any security constraints in web.xml files will no longer work. This probably won't impact your web applications, but the security examples will stop functioning. Cheers, Larry -Original Message- From: Andreas Lehmann [mailto:[EMAIL PROTECTED]] Sent: Friday, July 12, 2002 5:43 AM To: 'Tomcat Users List' Subject: getRemoteUser in Tomcat 3.3.1 does not work Hi, I am trying to get the remote user under tomcat 3.3.1 and apache 1.3.12 on NT4 and Win2k. The authentification is done by apache and the ntlm module. If I try getRemoteUser() I only get a null value. I tryed NTLM and BASIC authentification - nothing works. I tryed various mod_jk.dll Versions - nothing helps. I tryed Tomcat 3.2.3 - everything works fine. Whats the problem with tomcat 3.3.1? Is this a bug or bevavior by design? cu Andreas -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
mod_jk / getRemoteUser()
Hello all, Problem getting apache httpd-server login name from a Servlet: I'm having a cocoon-in-Tomcat-in-Apache Installation where - my Apache httpServer is equipped with a user authentication by htpasswd -c $APACHE_HOME/passwd/password username (seems to work properly - my apache access_log shows usernames) and - the httpd-Tomcat connection is via mod_jk (seems to work properly) - I'm doing a regular HTTP/1.1 Request Now I try to resolve the (httpd-)username inside my Servlet by calling ((HttpRequest)request).getRemoteUser(); That returns NULL ! (actually my cocoon core.log says explicitely so: REMOTE USER: null) - Why ? In other words: Am I right, assuming that my Apache httpd-server cuts off the username from the Request before passing it to Tomcat and how can I teach it (or mod_jk) to refrain from doing so ? Thanks for reading this, greetings - Fritz -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: mod_jk / getRemoteUser()
Hello Fritz, You need to set tomcatAuthentication=false on your ajp13 connector config in server.xml (if not present, it defaults to true)... Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ Jake Wednesday, May 15, 2002, 8:28:18 AM, you wrote: FLG Hello all, FLG Problem getting apache httpd-server login name from a Servlet: FLG I'm having a cocoon-in-Tomcat-in-Apache Installation where FLG - my Apache httpServer is equipped with a user authentication by FLG htpasswd -c $APACHE_HOME/passwd/password username FLG(seems to work properly - my apache access_log shows usernames) FLG and FLG - the httpd-Tomcat connection is via mod_jk FLG(seems to work properly) FLG - I'm doing a regular HTTP/1.1 Request FLG Now I try to resolve the (httpd-)username inside my Servlet by calling FLG ((HttpRequest)request).getRemoteUser(); FLG That returns NULL ! FLG (actually my cocoon core.log says explicitely so: REMOTE USER: null) FLG - Why ? FLG In other words: FLG Am I right, assuming that my Apache httpd-server cuts off the username FLG from the Request before passing it to Tomcat and FLG how can I teach it (or mod_jk) to refrain from doing so ? FLG Thanks for reading this, greetings - Fritz FLG -- FLG To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] FLG For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
getRemoteUser() problem
I am using Apache 1.3.24 and tomcat 4.0.4 beta2 and mod_webapp (fairly recent code snapshot) on Solaris 8. I am doing Basic Authentication from Apache to a LDAP server. I cannot get the Remote User from HttpServletRequest. I went through the archives and found a workaround by unencoding the Authorization header. Is this problem in tomcat or mod_webapp? Is this going to be fixed? Am I doing something wrong? Thanks for any pointers, Lloyd -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser() problem
Hello Lloyd, On your Connector tag in Server.xml, you need to have tomcatAuthentication=false. It defaults to true. If true, getRemoteUser() will give you a null value. When false, you will get the remote user from Apache. For example: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ Jake Thursday, May 09, 2002, 2:43:35 PM, you wrote: LHM I am using Apache 1.3.24 and tomcat 4.0.4 beta2 and mod_webapp (fairly LHM recent code snapshot) on Solaris 8. I am doing Basic Authentication from LHM Apache to a LDAP server. I cannot get the Remote User from LHM HttpServletRequest. I went through the archives and found a workaround LHM by unencoding the Authorization header. Is this problem in tomcat or LHM mod_webapp? Is this going to be fixed? Am I doing something wrong? LHM Thanks for any pointers, LHM Lloyd LHM -- LHM To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] LHM For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser() problem
I'm using the WarpConnector and the tomcatAuthentication flag didn't seem to do anything for me. Was is supposed to? Is mod_webapp supposed to support getRemoteUser()? This is a pretty important function for me... Thanks for the pointer, maybe this will force me to try one of the other connectors. Lloyd Jacob Kjome wrote: Hello Lloyd, On your Connector tag in Server.xml, you need to have tomcatAuthentication=false. It defaults to true. If true, getRemoteUser() will give you a null value. When false, you will get the remote user from Apache. For example: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ Jake Thursday, May 09, 2002, 2:43:35 PM, you wrote: LHM I am using Apache 1.3.24 and tomcat 4.0.4 beta2 and mod_webapp (fairly LHM recent code snapshot) on Solaris 8. I am doing Basic Authentication from LHM Apache to a LDAP server. I cannot get the Remote User from LHM HttpServletRequest. I went through the archives and found a workaround LHM by unencoding the Authorization header. Is this problem in tomcat or LHM mod_webapp? Is this going to be fixed? Am I doing something wrong? LHM Thanks for any pointers, LHM Lloyd LHM -- LHM To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] LHM For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: getRemoteUser(), getAuthType() returning empty string insteadof NULL?
Ignacio J. Ortega wrote: Did you tried with tomcatAuthentication=true? This way works for me .. Still fails the same way. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: getRemoteUser(), getAuthType() returning empty string insteadof NULL?
James Garrison wrote: Ignacio J. Ortega wrote: Did you tried with tomcatAuthentication=true? This way works for me .. I'm willing to look through the Tomcat code to try and debug this. Can you suggest where to start? -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: jueves 25 de abril de 2002 18:52 I'm willing to look through the Tomcat code to try and debug this. Can you suggest where to start? http://cvs.apache.org/viewcvs/~checkout~/jakarta-tomcat-connectors/jk/ja va/org/apache/ajp/tomcat4/Ajp13Request.java Saludos , Ignacio J. Ortega -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: getRemoteUser(), getAuthType() returning empty string insteadof NULL?
Ignacio J. Ortega wrote: De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: jueves 25 de abril de 2002 18:52 I'm willing to look through the Tomcat code to try and debug this. Can you suggest where to start? http://cvs.apache.org/viewcvs/~checkout~/jakarta-tomcat-connectors/jk/ja va/org/apache/ajp/tomcat4/Ajp13Request.java Look at the diff between 1.7 and 1.8. In 1.7 the test starting at line 112 is: if ((remoteUser != null) (!(remoteUser.equals( In 1.8, this has been wrapped in the test for getTomcatAuthentication(), but the comparison with the empty string has been omitted. The net result is as follows: 1.7 - If the remote user is null OR blank, setUserPrincipal(null) is called 1.8 - setUserPrincipal(null) is called only if remote user is null. If remote user is blank, setUserPrincipal() is called instead. This explains EXACTLY the behavior we are seeing. I think all that has to happen is to add back the [ (!(remoteUser.equals())) ] clause to the test at line 112. What do you think? -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
What do you think? From the code if you used tomcatAuthentication=true you will get the expected behavior, that is Tomcat will not see any auth done in IIS ( was it or any valid name ), so your test case should work as expected, what i dont understand, why you see when tomcatAuthentication=true, my dont, so something is broken in your test because from the code it's clear that you will get a nul set principal if tA=true, so i suspect you are not trying with the correct version of this Ajp13Request.java, Please try with a nigthly from jakarta-tomcat-connectors or 4.0.4 b2.. Yeccckkk , just observed the tags in that version, and it not has the 4_0_3 one, only 4.0.4 b2 and others, so i'm sure this code it's not on 4.0.3 only in 4.0.4 b2.. :) mistery resolved Saludos , Ignacio J. Ortega -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
I tested nightly build 4.0.425 and the problem with getRemoteUser() == '' is fixed there. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Lawlor, Frank [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 2:16 PM To: 'Tomcat Users List' Subject: RE: getRemoteUser(), getAuthType() returning empty string instead of NULL? The problem (in Tomcat) IS that getRemoteUser() doesn't return null. Tomcat does not support multiple logins. If you look at the code you will see that it does a getRemoteUser() and if not null and not authenticated by Tomcat, it bails. I tried it on 4.0.3, as someone suggested, and it still fails with the same problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Jason MacLane [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 5:31 AM To: Tomcat Users List Subject: Re: getRemoteUser(), getAuthType() returning empty string instead of NULL? Did someone find a solution ? We are stuck on the same problem. In fact, the problem is not really that the getRemoteUser() returns an empty string instead of a null string : Normally, when a user is already authenticated but is trying to access to a ressource for which he is not in a valid role, the server should open the login box a second time ; so even if getRemoteUser() returns and that Tomcat considers it's the user name, it should open the login box and not send a 403 error code. In fact, when I test the same web application on Tomcat 3.3, it works (I mean I can identify myself on the login box) but with Tomcat 4 it directly rejects me... Every piece of info would help... Regards. Scenario: (1) Browser - http://TomcatHTTPServer:8080 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (2) Browser - https://TomcatHTTPServer:8443 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (3) Browser - https://IISServer:443(BASIC Auth) - ISAPI - AJP13 getRemoteUser() returns authenticated user name, getAuthType() returns Basic, as expected (4) Browser - http://IISServer:80(NO Auth) - ISAPI - AJP13 getRemoteUser() and getAuthType() return (Empty String) This is NOT as expected, and causes Tomcat to reject the request because it thinks the request is already authenticated but doesn't match the requested page's realm. Is this: a) Working as specified? b) A bug in the ISAPI filter? c) A bug in Tomcat? d) Something else? Thanks in advance. -- James Garrison Athens Group, Inc. mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 Ignacio J. Ortega wrote: De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 18:48 Needed more information, which Tomcat version?, post the connector or interceptor line for ajp13 prsent in your server.xml file.. The Tomcat version is 4.0.2. Here's the Connector definition: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ The results are the same with tomcatAuthentication=true and also when the tomcatAuthentication parameter is omitted. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: getRemoteUser(), getAuthType() returning empty string instead of NULL?
Did someone find a solution ? We are stuck on the same problem. In fact, the problem is not really that the getRemoteUser() returns an empty string instead of a null string : Normally, when a user is already authenticated but is trying to access to a ressource for which he is not in a valid role, the server should open the login box a second time ; so even if getRemoteUser() returns and that Tomcat considers it's the user name, it should open the login box and not send a 403 error code. In fact, when I test the same web application on Tomcat 3.3, it works (I mean I can identify myself on the login box) but with Tomcat 4 it directly rejects me... Every piece of info would help... Regards. Scenario: (1) Browser - http://TomcatHTTPServer:8080 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (2) Browser - https://TomcatHTTPServer:8443 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (3) Browser - https://IISServer:443(BASIC Auth) - ISAPI - AJP13 getRemoteUser() returns authenticated user name, getAuthType() returns Basic, as expected (4) Browser - http://IISServer:80(NO Auth) - ISAPI - AJP13 getRemoteUser() and getAuthType() return (Empty String) This is NOT as expected, and causes Tomcat to reject the request because it thinks the request is already authenticated but doesn't match the requested page's realm. Is this: a) Working as specified? b) A bug in the ISAPI filter? c) A bug in Tomcat? d) Something else? Thanks in advance. -- James Garrison Athens Group, Inc. mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 Ignacio J. Ortega wrote: De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 18:48 Needed more information, which Tomcat version?, post the connector or interceptor line for ajp13 prsent in your server.xml file.. The Tomcat version is 4.0.2. Here's the Connector definition: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ The results are the same with tomcatAuthentication=true and also when the tomcatAuthentication parameter is omitted. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 19:53 The Tomcat version is 4.0.2. Here's the Connector definition: Try the latest 4.0.3 , this should have this problem solved.. Saludos , Ignacio J. Ortega -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
The problem (in Tomcat) IS that getRemoteUser() doesn't return null. Tomcat does not support multiple logins. If you look at the code you will see that it does a getRemoteUser() and if not null and not authenticated by Tomcat, it bails. I tried it on 4.0.3, as someone suggested, and it still fails with the same problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Jason MacLane [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 5:31 AM To: Tomcat Users List Subject: Re: getRemoteUser(), getAuthType() returning empty string instead of NULL? Did someone find a solution ? We are stuck on the same problem. In fact, the problem is not really that the getRemoteUser() returns an empty string instead of a null string : Normally, when a user is already authenticated but is trying to access to a ressource for which he is not in a valid role, the server should open the login box a second time ; so even if getRemoteUser() returns and that Tomcat considers it's the user name, it should open the login box and not send a 403 error code. In fact, when I test the same web application on Tomcat 3.3, it works (I mean I can identify myself on the login box) but with Tomcat 4 it directly rejects me... Every piece of info would help... Regards. Scenario: (1) Browser - http://TomcatHTTPServer:8080 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (2) Browser - https://TomcatHTTPServer:8443 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (3) Browser - https://IISServer:443(BASIC Auth) - ISAPI - AJP13 getRemoteUser() returns authenticated user name, getAuthType() returns Basic, as expected (4) Browser - http://IISServer:80(NO Auth) - ISAPI - AJP13 getRemoteUser() and getAuthType() return (Empty String) This is NOT as expected, and causes Tomcat to reject the request because it thinks the request is already authenticated but doesn't match the requested page's realm. Is this: a) Working as specified? b) A bug in the ISAPI filter? c) A bug in Tomcat? d) Something else? Thanks in advance. -- James Garrison Athens Group, Inc. mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 Ignacio J. Ortega wrote: De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 18:48 Needed more information, which Tomcat version?, post the connector or interceptor line for ajp13 prsent in your server.xml file.. The Tomcat version is 4.0.2. Here's the Connector definition: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ The results are the same with tomcatAuthentication=true and also when the tomcatAuthentication parameter is omitted. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
look in the JBOSS forums http://www.jboss.org/forums/forum.jsp?forum=50 I believe i've seen something on this... -Original Message- From: Zachary Kuhn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 2:42 PM To: Tomcat Users List Subject: RE: getRemoteUser(), getAuthType() returning empty string instead of NULL? I've looked through the archives, no luck. Here is the problem. After installing the JBoss-2.4.4_Tomcat-4.0.1 package install, the tomcat server throws the following exception. When i go to http://www.cscoders.com:8080/. [INFO,EmbeddedCatalinaServiceSX] StandardHost[localhost]: MAPPING configuration error for request URI [ERROR,EmbeddedCatalinaServiceSX] HttpProcessor[8080][4] process.invoke java.lang.NullPointerException at org.apache.catalina.valves.ErrorDispatcherValve.status(ErrorDispatcherValve. java:280) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java: 1011) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106 ) at java.lang.Thread.run(Thread.java:484) I have the following env vars set up CATALINA_HOME=/var/java/JBoss-2.4.4_Tomcat-4.0.1/catalina CLASSPATH=/usr/java/jdk1.3.1_01:/usr/java/jdk1.3.1_01/lib/tools.jar:./ JAVA_HOME=/usr/java/jdk1.3.1_01 JBOSS_DIST=/var/java/JBoss-2.4.4_Tomcat-4.0.1/jboss JDK_HOME=/usr/java/jdk1.3.1_01 in apache httpd conf i have LoadModule webapp_module modules/mod_webapp.so -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: getRemoteUser(), getAuthType() returning empty string insteadof NULL?
Ignacio J. Ortega wrote: Try the latest 4.0.3 , this should have this problem solved.. Installed 4.0.3, problem still present. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
Did you tried with tomcatAuthentication=true? This way works for me .. Saludos , Ignacio J. Ortega -Mensaje original- De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: miércoles 24 de abril de 2002 21:45 Para: Tomcat Users List Asunto: Re: getRemoteUser(), getAuthType() returning empty string instead of NULL? Ignacio J. Ortega wrote: Try the latest 4.0.3 , this should have this problem solved.. Installed 4.0.3, problem still present. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
getRemoteUser(), getAuthType() returning empty string instead ofNULL?
Scenario: (1) Browser - http://TomcatHTTPServer:8080 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (2) Browser - https://TomcatHTTPServer:8443 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (3) Browser - https://IISServer:443(BASIC Auth) - ISAPI - AJP13 getRemoteUser() returns authenticated user name, getAuthType() returns Basic, as expected (4) Browser - http://IISServer:80(NO Auth) - ISAPI - AJP13 getRemoteUser() and getAuthType() return (Empty String) This is NOT as expected, and causes Tomcat to reject the request because it thinks the request is already authenticated but doesn't match the requested page's realm. Is this: a) Working as specified? b) A bug in the ISAPI filter? c) A bug in Tomcat? d) Something else? Thanks in advance. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 18:48 Needed more information, which Tomcat version?, post the connector or interceptor line for ajp13 prsent in your server.xml file.. Saludos , Ignacio J. Ortega -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]