REMOTE_USER is null to Tomcat
Greetings all, Please NOTE: I want to mention that what I'm about to describe is apparently a common problem. I have thoroughly searched the tomcat-user mailing list archives and the google. I have attempted the many, many suggestions put forth (which I will describe in more detail), and this is still not working properly. My environment --- RHEL 4.7 Apache httpd 2.0.52 mod_jk 1.2.27 Tomcat 5.0.28 (this version is required by a proprietary app we're using) The problem -- No matter what I try, I am unable to get Tomcat to see the value of the http variable REMOTE_USER. It is _always_ null to Tomcat. Everything else related to my Apache web server / mod_jk / Tomcat setup is working properly. I can view all /jsp-examples. I can use our proprietary web java app. What I have tried * For starters, I have confirmed using a perl script that REMOTE_USER is indeed being set (following a couple different authentication types - Basic and Shibboleth). * I have set JkLogLevel debug in httpd.conf, and confirmed (by tailing mod_jk.log) that mod_jk is passing REMOTE_USER and its value from Apache web server to Tomcat. * I have tried JkEnvVar REMOTE_USER in httpd.conf. * I have tried JkEnvVar REMOTE_USER fake, JkEnvVar REMOTE_USER bob, JkEnvVar REMOTE_USER %{REMOTE_USER}, etc., etc., etc., etc. in httpd.conf. * I have set both tomcatAuthentication=false and request.tomcatAuthentication=false in Tomcat's server.xml and in jk2.properties (and endless combinations of one or both in one or both places). I am out of ideas. None of the common fixes (that I've found anyway) are working. Does anyone have suggestions on how to fix this problem? -- Best regards - Ryu Fan // rfano...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: REMOTE_USER is null to Tomcat
if you're fronting with Apache 2.2 WebServer you need to rewrite the environment variable REMOTE_USER and place on request to TC to allow TC to use getRemoteUser() http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg9.html HTH Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Fri, 9 Jan 2009 14:55:36 -0600 From: rfano...@gmail.com To: users@tomcat.apache.org Subject: REMOTE_USER is null to Tomcat Greetings all, Please NOTE: I want to mention that what I'm about to describe is apparently a common problem. I have thoroughly searched the tomcat-user mailing list archives and the google. I have attempted the many, many suggestions put forth (which I will describe in more detail), and this is still not working properly. My environment --- RHEL 4.7 Apache httpd 2.0.52 mod_jk 1.2.27 Tomcat 5.0.28 (this version is required by a proprietary app we're using) The problem -- No matter what I try, I am unable to get Tomcat to see the value of the http variable REMOTE_USER. It is _always_ null to Tomcat. Everything else related to my Apache web server / mod_jk / Tomcat setup is working properly. I can view all /jsp-examples. I can use our proprietary web java app. What I have tried * For starters, I have confirmed using a perl script that REMOTE_USER is indeed being set (following a couple different authentication types - Basic and Shibboleth). * I have set JkLogLevel debug in httpd.conf, and confirmed (by tailing mod_jk.log) that mod_jk is passing REMOTE_USER and its value from Apache web server to Tomcat. * I have tried JkEnvVar REMOTE_USER in httpd.conf. * I have tried JkEnvVar REMOTE_USER fake, JkEnvVar REMOTE_USER bob, JkEnvVar REMOTE_USER %{REMOTE_USER}, etc., etc., etc., etc. in httpd.conf. * I have set both tomcatAuthentication=false and request.tomcatAuthentication=false in Tomcat's server.xml and in jk2.properties (and endless combinations of one or both in one or both places). I am out of ideas. None of the common fixes (that I've found anyway) are working. Does anyone have suggestions on how to fix this problem? -- Best regards - Ryu Fan // rfano...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Windows Liveā¢ HotmailĀ®: Chat. Store. Share. Do more with mail. http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_howitworks_012009
Re: REMOTE_USER is null to Tomcat
On Fri, Jan 9, 2009 at 7:36 PM, Martin Gainty mgai...@hotmail.com wrote: if you're fronting with Apache 2.2 WebServer you need to rewrite the environment variable REMOTE_USER and place on request to TC to allow TC to use getRemoteUser() http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg9.html HTH Martin Martin, thanks for the reply. I am running Apache httpd 2.0.52 (not 2.2). For the sake of posterity, I will post what the fix was. Maybe it will save someone from banging his head against the wall when he runs into the same problem. As it turns out, my problem was with my httpd.conf configuration. I had my authentication directives within a Directory object (i.e. the directory for the web application). When I went directly to said directory from a web browser, I was prompted for credentials. But if I went directly to a web page a couple subdirs deep in that directory, it let me in without authentication. Hmm... So, I put my authentication directives in a Location object instead, like so: -- Location /my_webapp AuthType shibboleth ShibRequireSession On require valid-user /Location -- Note that the JkMount directive is simply: -- JkMount /my_webapp/*.jsp ajp13 -- Voila. We are in business. This (along with the tomcatAuthentication=no change needed in server.xml) is working properly. My guess is the way I had it set up earlier did not show a value for REMOTE_USER because I was running a .jsp in a non-Shib / non-Basic / non-whatever-protected directory. -- Best regards - Ryu Fan // rfano...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org