Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

REMOTE_USER env variable not passed from apache to tomcat?

Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I'm having troubles with reading the REMOTE_USER variable in a servlet.
Here's some environment background: we have a set of jsp applications, served by tomcat 4.0.4 thru apache via mod_jk, which are protected by .htaccess. We have to use .htaccess files, as we are having the users authenticate using a Kerberos ID and password.
The following code used to return the username entered at the .htaccess prompt, when we were using Tomcat 3.2.2, but when we moved to 4.0.4, getRemoteUser returns null.

Now, I've read that I may need to create a realm in my server.xml, but that doesn't seem to be the way to go for my needs, as it's required that I use the .htaccess. Unless of course there's some sort of kerberos realm I can define...
Anyhow, if anyone has any suggestions as to what we might be doing wrong, it would certainly help. We've been banging our heads against this for two days now!
Saloon Keeper
Posts: 24330
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hmmmm. Sounds like a possible conflict between Apache user validation and J2EE user validation.
While it's possible that this is just a bug in the Apache-to-Tomcat pipeline, I think that in an "ideal" world, a J2EE app isn't supposed to be be dependent on outside help - their security system is expected to be self-contained. Otherwise portability suffers and it's even possible that the Apache server and Tomcat servers might conflict about what's allowed and what isn't. So most likely, to truly fix things, you're going to have to use the packages with a Kerberos security plugin rather than depend on Apache. The self-containedness aspect means that to make a truly portable WAR/EAR, you must also be serving up the HTML and multimedia files from Tomcat, BTW.
Why the change? Tomcat 4 implements a newer J2EE standard. Formerly, thanks to U.S. government restrictions on "munitions", encrpytion wasn't part of the Java standard package set.
Note that if "purity" would kill performance or require a major rewrite, the source code to Apache and the connector are available for the tweaking.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic