-----Mensaje original----- De: Aleix Verg�s [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 22:01 Para: 'Ignacio J. Ortega' Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser returning null in recent versions of Tomcat
Hi, Thank you very much for your help. Finally my configuration is working properly. Regards Aleix -----Mensaje original----- De: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 23 de enero de 2003 16:22 Para: 'Tomcat Users List' CC: '[EMAIL PROTECTED]' Asunto: RE: Re[2]: tomcatAuthentication="false" and getRemoteUser returning null in recent versions of Tomcat Aleix, > > <security-constraint> > <display-name>Example Security Constraint</display-name> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/*</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>tomcat</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>BASIC Authentication</realm-name> > </login-config> > <security-role> > <role-name>tomcat</role-name> > </security-role> > Oops, sorry senility is starting to bother me ;).. Well the problem is related to the fact that Apache doenst have a roleslike info and of course not having them Tomcat cannot know it from him, so your security constraint ends not seeing the correct role for that user, you need to have a correctly configured realm, using the exact same names you get from apache, where tomcat can go to ask for the user's roles... the Realm type doesnt matter for our porpouse.. If configuring exactly the same user name to have the needed roles in a tomcat realm doesnt work, i think it's a bug in tc 4.1.18.. So to summarize: 1) Apache needs to be configured tro do the auth 2) Tomcat needs a Realm ( JDBC,MEMORY or whatever ) containing the same exact usernames, with the associated roles, tha Apache will transmit to TC.. 3) tomcatAuthentication=false, so tomcat will get the username from Apache.. I know is a pain, but the lack of the roles concept in Apache makes it cumbersome, as web.xml only uses role names for security constraint not usernames.. Saludos, Ignacio J. Ortega -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
