Thanks, David. I swear I tried that on one of my attempts, but evidently I didn't save the file or didn't bounce the server or something. The tomcatAuthentication (not request.tomcatAuthentication) works fine. Interesting to note that the Tomcat security constraints do NOT work -- they immediately fail with a permission denied. However, I didn't need that anyway, I just wantde the user ID. The application will do its own thing based on the user ID.
Thanks again. Joe -----Original Message----- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 10:50 AM To: Tomcat Users List Subject: Re: Confused about getRemoteUser and Apache authentication I can fix one issue for you -- if you add the attribute tomcatAuthentication="false" to the connector element in server.xml, the remote user will start coming through from Apache httpd. Never tried to do security constraints in web.xml and use tomcatAuthentication="false" together. You could try it. My suspicion is it should work. --David Joe Pluta wrote: >I am trying to authenticate via Apache and use getRemoteUser in Tomcat. >I want to serve static pages via Apache and run a web application >through Tomcat. I am receiving a null for getRemoteUser in my simple >Spy servlet. I have read in different places where the AJP connector >requires the keyword "tomcatAuthentication" and other places where it >says "request.tomcatAuthentication". I'm not sure whether I the >security constraints define in the application's web.xml. I'm not even >sure if I have to use a Location to secure the application, although >that seemed to get me closest. In any case, I've tried lots of >combinations: > >1. tomcatAuthentication vs. request.tomcatAuthentication 2. Security >constraints in the application web.xml vs. no constraints > >I've tried the four combinations of the above along with others. >Supplying an authentication realm to the Location got me challenged >when I tried to launch the servlet. That's the closest I've gotten, >and changes to the other options above seem to make no difference. In >the mod_jk.log file, I see the user ID being passed to the connector. >I just don't see it in getRemoteUser in the servlet. Here are the last >lines of the request from the mod_jk.log: > >05 00 1E 42 61 73 69 63 20 53 6D 39 6C 49 46 42 - ...Basic.Sm9lIFB >73 64 58 52 68 4F 6D 46 77 59 57 4E 6F 5A 58 42 - sdXRhOmFwYWNoZXB >33 00 A0 08 00 01 30 00 03 00 09 4A 6F 65 20 50 - 3.....0....Joe.P 6C >75 74 61 00 04 00 05 42 61 73 69 63 00 FF 00 - luta....Basic... > >But the Spy servlet shows the remote user as null. (Interestingly, >getRemoteHost and getRemoteAddr return valid information.) > > >I'm out of ideas. Any help would be GREATLY appreciated. > >Joe --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
