On Tue, May 8, 2012 at 8:08 AM, Francesco Sordillo <[email protected]> wrote: > > > Il 08/05/2012 12:45, Eric Covener ha scritto: > >> On Tue, May 8, 2012 at 6:14 AM, Francesco Sordillo<[email protected]> >> wrote: > > >>> but, as I said before, REMOTE_USER is not in the attribute header! The >>> problem is that using a proxy, requests attribute are lost! > > >> >> Since you say it's lost -- In what environment is this attribute in >> JBOSS ever set? > > > It is not set in JBoss but via mod_shib in Apache. The same application runs > over OAS Application Server with Oracle HTTP Server, an Apache 1.3 > customized by Oracle with mod_oc4j that replace mod_proxy, and it works > properly.
AFAICT that attribute is not spec. Try HTTPServletRequest#getRemoteUser() and tomcatAuthentication=false if you want the webservers auth to be trusted. -- Eric Covener [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
