REMOTE_USER is null to Tomcat
Greetings all,
Please NOTE: I want to mention that what I'm about to describe is
apparently a common problem. I have thoroughly searched the
tomcat-user mailing list archives and the google. I have attempted the
many, many suggestions put forth (which I will describe in more
detail), and this is still not working properly.
My environment
---
RHEL 4.7
Apache httpd 2.0.52
mod_jk 1.2.27
Tomcat 5.0.28 (this version is required by a proprietary app we're using)
The problem
--
No matter what I try, I am unable to get Tomcat to see the value of
the http variable REMOTE_USER. It is _always_ null to Tomcat.
Everything else related to my Apache web server / mod_jk / Tomcat
setup is working properly. I can view all /jsp-examples. I can use our
proprietary web java app.
What I have tried
* For starters, I have confirmed using a perl script that REMOTE_USER
is indeed being set (following a couple different authentication types
- Basic and Shibboleth).
* I have set JkLogLevel debug in httpd.conf, and confirmed (by tailing
mod_jk.log) that mod_jk is passing REMOTE_USER and its value from
Apache web server to Tomcat.
* I have tried JkEnvVar REMOTE_USER in httpd.conf.
* I have tried JkEnvVar REMOTE_USER fake, JkEnvVar REMOTE_USER
bob, JkEnvVar REMOTE_USER %{REMOTE_USER}, etc., etc., etc., etc. in
httpd.conf.
* I have set both tomcatAuthentication=false and
request.tomcatAuthentication=false in Tomcat's server.xml and in
jk2.properties (and endless combinations of one or both in one or both
places).
I am out of ideas. None of the common fixes (that I've found anyway)
are working. Does anyone have suggestions on how to fix this problem?
--
Best regards -
Ryu Fan // rfano...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: REMOTE_USER is null to Tomcat
if you're fronting with Apache 2.2 WebServer you need to rewrite the
environment variable REMOTE_USER and place on request to TC to allow TC to use
getRemoteUser()
http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg9.html
HTH
Martin
__
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business
of Sender. This transmission is of a confidential nature and Sender does not
endorse distribution to any party other than intended recipient. Sender does
not necessarily endorse content contained within this transmission.
Date: Fri, 9 Jan 2009 14:55:36 -0600
From: rfano...@gmail.com
To: users@tomcat.apache.org
Subject: REMOTE_USER is null to Tomcat
Greetings all,
Please NOTE: I want to mention that what I'm about to describe is
apparently a common problem. I have thoroughly searched the
tomcat-user mailing list archives and the google. I have attempted the
many, many suggestions put forth (which I will describe in more
detail), and this is still not working properly.
My environment
---
RHEL 4.7
Apache httpd 2.0.52
mod_jk 1.2.27
Tomcat 5.0.28 (this version is required by a proprietary app we're using)
The problem
--
No matter what I try, I am unable to get Tomcat to see the value of
the http variable REMOTE_USER. It is _always_ null to Tomcat.
Everything else related to my Apache web server / mod_jk / Tomcat
setup is working properly. I can view all /jsp-examples. I can use our
proprietary web java app.
What I have tried
* For starters, I have confirmed using a perl script that REMOTE_USER
is indeed being set (following a couple different authentication types
- Basic and Shibboleth).
* I have set JkLogLevel debug in httpd.conf, and confirmed (by tailing
mod_jk.log) that mod_jk is passing REMOTE_USER and its value from
Apache web server to Tomcat.
* I have tried JkEnvVar REMOTE_USER in httpd.conf.
* I have tried JkEnvVar REMOTE_USER fake, JkEnvVar REMOTE_USER
bob, JkEnvVar REMOTE_USER %{REMOTE_USER}, etc., etc., etc., etc. in
httpd.conf.
* I have set both tomcatAuthentication=false and
request.tomcatAuthentication=false in Tomcat's server.xml and in
jk2.properties (and endless combinations of one or both in one or both
places).
I am out of ideas. None of the common fixes (that I've found anyway)
are working. Does anyone have suggestions on how to fix this problem?
--
Best regards -
Ryu Fan // rfano...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
_
Windows Liveā¢ HotmailĀ®: Chat. Store. Share. Do more with mail.
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_howitworks_012009
Re: REMOTE_USER is null to Tomcat
On Fri, Jan 9, 2009 at 7:36 PM, Martin Gainty mgai...@hotmail.com wrote: if you're fronting with Apache 2.2 WebServer you need to rewrite the environment variable REMOTE_USER and place on request to TC to allow TC to use getRemoteUser() http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg9.html HTH Martin Martin, thanks for the reply. I am running Apache httpd 2.0.52 (not 2.2). For the sake of posterity, I will post what the fix was. Maybe it will save someone from banging his head against the wall when he runs into the same problem. As it turns out, my problem was with my httpd.conf configuration. I had my authentication directives within a Directory object (i.e. the directory for the web application). When I went directly to said directory from a web browser, I was prompted for credentials. But if I went directly to a web page a couple subdirs deep in that directory, it let me in without authentication. Hmm... So, I put my authentication directives in a Location object instead, like so: -- Location /my_webapp AuthType shibboleth ShibRequireSession On require valid-user /Location -- Note that the JkMount directive is simply: -- JkMount /my_webapp/*.jsp ajp13 -- Voila. We are in business. This (along with the tomcatAuthentication=no change needed in server.xml) is working properly. My guess is the way I had it set up earlier did not show a value for REMOTE_USER because I was running a .jsp in a non-Shib / non-Basic / non-whatever-protected directory. -- Best regards - Ryu Fan // rfano...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
