Re: Basic Auth with Apache+Tomcat
Tim, If you're still considering a web single sign-on solution for Apache/Tomcat, take a look at Cams. It's much more cost-effective than SunOne Identity server, and gives you quite a bit of value add over Apache or Tomcat security: http://www.cafesoft.com/ Let us know your thoughts, Gary Tim O'Donnell wrote: Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Gary Gwin http://www.cafesoft.com * * * * The Cafesoft Access Management System, Cams, is security* * software that provides single sign-on authentication and* * centralized access control for Apache, Tomcat, and custom * * resources. * * * * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Jake Robb wrote: Seems to me that if Tomcat had that information, it would be in the Session variable, not the Request variable. See if maybe it's available via Session.getAttribute(). The variables (sometimes called cgi variables since CGI is what they are historically used with) sent by the user are sent in the HTTP request, which is why they are held in the HttpServletRequest object (not the HttpSession). String user = request.getRemoteUser(); Erik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
No. That is incorrect. session.getAttribute(REMOTE_USER) will most certainly not work. The HTTP protocol has no concept of sessions; sessions are a hack built on top of HTTP for the convenience of application developers. HTTP supports restricting access to server resources through authentication, and that authentication information arrives in the form of headers in an HTTP request. If you as an application developer want to store authentication information in your session object, you can do so; but the container will not. - Original Message - From: Jake Robb [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 15:22 Subject: Re: Basic Auth with Apache+Tomcat Seems to me that if Tomcat had that information, it would be in the Session variable, not the Request variable. See if maybe it's available via Session.getAttribute(). http://java.sun.com/products/servlet/2.2/javadoc/ (class name is HttpSession) -Jake - Original Message - From: Tim O'Donnell [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 5:15 PM Subject: Re: Basic Auth with Apache+Tomcat Jake, Thanks for your reply. You're absolutely right that Tomcat can do the auth instead of Apache (which I've done before; support for it in Tomcat is really great). However, I really need to do it in Apache instead, unfortunately. We're looking at implementing SunOne's Single Sign On solution (Identity Server), and it works via a plug-in to the web server -- Tomcat isn't an option. Any way to access a REMOTE_USER variable set in Apache from Tomcat? Thanks again for your time, and anyone else who can weigh in, Tim On 2/13/03 2:04 PM, Jake Robb [EMAIL PROTECTED] wrote: I'm quite sure you can have Tomcat do the auth instead of Apache, and then you'll have access to the variable. Try checking the configuration file (web.xml) of the built-in admin servlet. It should contain an example of exactly what you want to do. -Jake - Original Message - From: Tim O'Donnell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 5:00 PM Subject: Basic Auth with Apache+Tomcat Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Basic Auth with Apache+Tomcat
Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
I'm quite sure you can have Tomcat do the auth instead of Apache, and then you'll have access to the variable. Try checking the configuration file (web.xml) of the built-in admin servlet. It should contain an example of exactly what you want to do. -Jake - Original Message - From: Tim O'Donnell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 5:00 PM Subject: Basic Auth with Apache+Tomcat Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Jake, Thanks for your reply. You're absolutely right that Tomcat can do the auth instead of Apache (which I've done before; support for it in Tomcat is really great). However, I really need to do it in Apache instead, unfortunately. We're looking at implementing SunOne's Single Sign On solution (Identity Server), and it works via a plug-in to the web server -- Tomcat isn't an option. Any way to access a REMOTE_USER variable set in Apache from Tomcat? Thanks again for your time, and anyone else who can weigh in, Tim On 2/13/03 2:04 PM, Jake Robb [EMAIL PROTECTED] wrote: I'm quite sure you can have Tomcat do the auth instead of Apache, and then you'll have access to the variable. Try checking the configuration file (web.xml) of the built-in admin servlet. It should contain an example of exactly what you want to do. -Jake - Original Message - From: Tim O'Donnell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 5:00 PM Subject: Basic Auth with Apache+Tomcat Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Hello Tim, For recent Tomcat versions, you need to add the following to your jk2.properties file (even if you are using mod_jk and not jk2): request.tomcatAuthentication=false In older versions of Tomcat, for mod_jk, at the attribute tomcatAuthentication=false to your ajp connector in server.xml. Jake Thursday, February 13, 2003, 4:00:49 PM, you wrote: TOD Hi all, TOD I was hoping someone here could confirm a suspicion of mine, as I've been TOD unable to uncover a definitive answer searching other forums (web, javasoft TOD forum, mailing list archives). TOD I've setup Apache web server to perform basic auth against a webapp TOD directory in tomcat. I'm using the jk connector to forward certain contexts TOD and jsp requests to Tomcat. The authentication works as expected. However, TOD the REMOTE_USER (via request.getRemoteUser() method) environment variable TOD returns null when I try to access it from Tomcat. That variable, however, is TOD populated when I inspect it with the printenv cgi-script running in Apache. TOD Is this simply because Apache and Tomcat are two separate containers and TOD don't share that environment info? Or am I doing something wrong? TOD I suspect what I'm trying to do isn't possible, but I'd really appreciate TOD someone confirming this for me. TOD Thanks for your time, TOD Tim TOD - TOD To unsubscribe, e-mail: [EMAIL PROTECTED] TOD For additional commands, e-mail: [EMAIL PROTECTED] -- Best regards, Jacobmailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Seems to me that if Tomcat had that information, it would be in the Session variable, not the Request variable. See if maybe it's available via Session.getAttribute(). http://java.sun.com/products/servlet/2.2/javadoc/ (class name is HttpSession) -Jake - Original Message - From: Tim O'Donnell [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 5:15 PM Subject: Re: Basic Auth with Apache+Tomcat Jake, Thanks for your reply. You're absolutely right that Tomcat can do the auth instead of Apache (which I've done before; support for it in Tomcat is really great). However, I really need to do it in Apache instead, unfortunately. We're looking at implementing SunOne's Single Sign On solution (Identity Server), and it works via a plug-in to the web server -- Tomcat isn't an option. Any way to access a REMOTE_USER variable set in Apache from Tomcat? Thanks again for your time, and anyone else who can weigh in, Tim On 2/13/03 2:04 PM, Jake Robb [EMAIL PROTECTED] wrote: I'm quite sure you can have Tomcat do the auth instead of Apache, and then you'll have access to the variable. Try checking the configuration file (web.xml) of the built-in admin servlet. It should contain an example of exactly what you want to do. -Jake - Original Message - From: Tim O'Donnell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 13, 2003 5:00 PM Subject: Basic Auth with Apache+Tomcat Hi all, I was hoping someone here could confirm a suspicion of mine, as I've been unable to uncover a definitive answer searching other forums (web, javasoft forum, mailing list archives). I've setup Apache web server to perform basic auth against a webapp directory in tomcat. I'm using the jk connector to forward certain contexts and jsp requests to Tomcat. The authentication works as expected. However, the REMOTE_USER (via request.getRemoteUser() method) environment variable returns null when I try to access it from Tomcat. That variable, however, is populated when I inspect it with the printenv cgi-script running in Apache. Is this simply because Apache and Tomcat are two separate containers and don't share that environment info? Or am I doing something wrong? I suspect what I'm trying to do isn't possible, but I'd really appreciate someone confirming this for me. Thanks for your time, Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Hi Jake, Thanks for the reply. It worked! I'm using jk (not jk2 or mod_jk) and it didn't work when I added request.tomcatAuthentication=false to the jk2.properties file, but I tried adding it to my ajp connector in server.xml, per your second suggestion, and that did the trick! I'd never heard of that parameter before. I learn something new every day. =) Thanks again for your help, Tim On 2/13/03 2:18 PM, Jacob Kjome [EMAIL PROTECTED] wrote: Hello Tim, For recent Tomcat versions, you need to add the following to your jk2.properties file (even if you are using mod_jk and not jk2): request.tomcatAuthentication=false In older versions of Tomcat, for mod_jk, at the attribute tomcatAuthentication=false to your ajp connector in server.xml. Jake Thursday, February 13, 2003, 4:00:49 PM, you wrote: TOD Hi all, TOD I was hoping someone here could confirm a suspicion of mine, as I've been TOD unable to uncover a definitive answer searching other forums (web, javasoft TOD forum, mailing list archives). TOD I've setup Apache web server to perform basic auth against a webapp TOD directory in tomcat. I'm using the jk connector to forward certain contexts TOD and jsp requests to Tomcat. The authentication works as expected. However, TOD the REMOTE_USER (via request.getRemoteUser() method) environment variable TOD returns null when I try to access it from Tomcat. That variable, however, is TOD populated when I inspect it with the printenv cgi-script running in Apache. TOD Is this simply because Apache and Tomcat are two separate containers and TOD don't share that environment info? Or am I doing something wrong? TOD I suspect what I'm trying to do isn't possible, but I'd really appreciate TOD someone confirming this for me. TOD Thanks for your time, TOD Tim TOD - TOD To unsubscribe, e-mail: [EMAIL PROTECTED] TOD For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Basic Auth with Apache+Tomcat
Glad it worked for you. To clarify, mod_jk and jk are one-in-the-same. Also, you are probably using Tomcat-4.1.12 or earlier if the request.tomcatAuthentication=false in the jk2.properties file didn't work for you. If you upgrade to Tomcat-4.1.18+, you will find that the tomcatAthentication=false on your ajp connector in server.xml won't work anymore. You will have to do the former. Jake At 03:08 PM 2/13/2003 -0800, you wrote: Hi Jake, Thanks for the reply. It worked! I'm using jk (not jk2 or mod_jk) and it didn't work when I added request.tomcatAuthentication=false to the jk2.properties file, but I tried adding it to my ajp connector in server.xml, per your second suggestion, and that did the trick! I'd never heard of that parameter before. I learn something new every day. =) Thanks again for your help, Tim On 2/13/03 2:18 PM, Jacob Kjome [EMAIL PROTECTED] wrote: Hello Tim, For recent Tomcat versions, you need to add the following to your jk2.properties file (even if you are using mod_jk and not jk2): request.tomcatAuthentication=false In older versions of Tomcat, for mod_jk, at the attribute tomcatAuthentication=false to your ajp connector in server.xml. Jake Thursday, February 13, 2003, 4:00:49 PM, you wrote: TOD Hi all, TOD I was hoping someone here could confirm a suspicion of mine, as I've been TOD unable to uncover a definitive answer searching other forums (web, javasoft TOD forum, mailing list archives). TOD I've setup Apache web server to perform basic auth against a webapp TOD directory in tomcat. I'm using the jk connector to forward certain contexts TOD and jsp requests to Tomcat. The authentication works as expected. However, TOD the REMOTE_USER (via request.getRemoteUser() method) environment variable TOD returns null when I try to access it from Tomcat. That variable, however, is TOD populated when I inspect it with the printenv cgi-script running in Apache. TOD Is this simply because Apache and Tomcat are two separate containers and TOD don't share that environment info? Or am I doing something wrong? TOD I suspect what I'm trying to do isn't possible, but I'd really appreciate TOD someone confirming this for me. TOD Thanks for your time, TOD Tim TOD - TOD To unsubscribe, e-mail: [EMAIL PROTECTED] TOD For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]