-----Mensaje original----- De: Aleix Verg�s [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 22:52 Para: 'Ignacio J. Ortega' Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser returning null in recent versions of Tomcat
How can I send this to that box? This is my first contribution to the forum Aleix -----Mensaje original----- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 22:19 Para: 'Aleix Verg�s' Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser returning null in recent versions of Tomcat Aleix, te agradeceria que mandaras esto a tomcat-user tb.., asi los demas se enteran, tb.. gracias Ahhh y me alegro un taco que te funcione... tamos pa eso :) Saludos, Ignacio J. Ortega > -----Original Message----- > From: Aleix Verg�s [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 23, 2003 10:02 PM > To: Ignacio J. Ortega > Subject: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser > returning null in recent versions of Tomcat > > > Hi, > > Thank you very much for your help. Finally my configuration is > working properly. > > Regards > > Aleix > > -----Mensaje original----- > De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] > Enviado el: jueves, 23 de enero de 2003 16:22 > Para: 'Tomcat Users List' > CC: '[EMAIL PROTECTED]' > Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser > returning null in recent versions of Tomcat > > Aleix, > > > > > <security-constraint> > > <display-name>Example Security Constraint</display-name> > > <web-resource-collection> > > <web-resource-name>Protected Area</web-resource-name> > > <url-pattern>/*</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>tomcat</role-name> > > </auth-constraint> > > </security-constraint> > > <login-config> > > <auth-method>BASIC</auth-method> > > <realm-name>BASIC Authentication</realm-name> > > </login-config> > > <security-role> > > <role-name>tomcat</role-name> > > </security-role> > > > > > Oops, sorry senility is starting to bother me ;).. > > Well the problem is related to the fact that Apache doenst have a > roleslike info and of course not having them Tomcat cannot > know it from > him, so your security constraint ends not seeing the correct role for > that user, you need to have a correctly configured realm, using the > exact same names you get from apache, where tomcat can go to > ask for the > user's roles... the Realm type doesnt matter for our porpouse.. > > If configuring exactly the same user name to have the needed > roles in a > tomcat realm doesnt work, i think it's a bug in tc 4.1.18.. > > So to summarize: > > 1) Apache needs to be configured tro do the auth > 2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) > containing the same > exact usernames, with the associated roles, tha Apache will > transmit to > TC.. > 3) tomcatAuthentication=false, so tomcat will get the username from > Apache.. > > I know is a pain, but the lack of the roles concept in Apache makes it > cumbersome, as web.xml only uses role names for security > constraint not > usernames.. > > Saludos, > Ignacio J. Ortega > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
