users@glassfish.java.net

Re: getRemoteUser from Web Application

From: <glassfish_at_javadesktop.org>
Date: Fri, 23 Oct 2009 15:52:03 PDT

For what it's worth, I've reproduced this using a simple cgi script, so this is definitely not specific to GlassFish. Here's what I have so far.
------
######
# GlassFish proxy
ProxyPreserveHost on

RewriteEngine on
RewriteLog /var/log/httpd/rewrite.log
RewriteLogLevel 9

RequestHeader Set Proxy-keysize 512
RequestHeader Set Proxy-ip %{REMOTE_ADDR}e
RequestHeader Set Host myserver.cornell.edu:443
RequestHeader set REMOTE_USER %{LA-U:REMOTE_USER}e

RewriteRule ^/HelloWeb$ /HelloWeb/ [R,L]
RewriteRule ^/HelloWeb/(.*) http://localhost:38080/HelloWeb/$1 [P,L,E=REMOTE_USER:%{LA-U:REMOTE_USER}]
<Location "/HelloWeb">
        order deny,allow
        deny from all
        AuthType KerberosV5
        AuthName "kerberos"
        Satisfy any
        require valid-user
</Location>
------

And, here's what I see in rewrite.log.
------
... [rid#8928268/initial] (2) init rewrite engine with requested uri /HelloWeb/UserServlet
... [rid#8928268/initial] (3) applying pattern '^/HelloWeb$' to uri '/HelloWeb/UserServlet'
... [rid#8928268/initial] (3) applying pattern '^/HelloWeb/(.*)' to uri '/HelloWeb/UserServlet'
... [rid#8928268/initial] (2) rewrite /HelloWeb/UserServlet -> http://localhost:38080/HelloWeb/UserServlet
... [rid#892a270/subreq] (2) init rewrite engine with requested uri /HelloWeb/UserServlet
... [rid#892a270/subreq] (1) pass through /HelloWeb/UserServlet
... [rid#8928268/initial] (5) lookahead: path=/HelloWeb/UserServlet var=REMOTE_USER -> val=
... [rid#8928268/initial] (5) setting env variable 'REMOTE_USER' to ''
... [rid#8928268/initial] (2) forcing proxy-throughput with http://localhost:38080/HelloWeb/UserServlet
... [rid#8928268/initial] (1) go-ahead with proxy request proxy:http://localhost:38080/HelloWeb/UserServlet [OK]
... [rid#8928268/initial] (2) init rewrite engine with requested uri /HelloWeb/UserServlet
... [rid#8928268/initial] (3) applying pattern '^/HelloWeb$' to uri '/HelloWeb/UserServlet'
... [rid#8928268/initial] (3) applying pattern '^/HelloWeb/(.*)' to uri '/HelloWeb/UserServlet'
... [rid#8928268/initial] (2) rewrite /HelloWeb/UserServlet -> http://localhost:38080/HelloWeb/UserServlet
... [rid#892a270/subreq] (2) init rewrite engine with requested uri /HelloWeb/UserServlet
... [rid#892a270/subreq] (1) pass through /HelloWeb/UserServlet
... [rid#8928268/initial] (5) lookahead: path=/HelloWeb/UserServlet var=REMOTE_USER -> val=dab66
... [rid#8928268/initial] (5) setting env variable 'REMOTE_USER' to 'dab66'
... [rid#8928268/initial] (2) forcing proxy-throughput with http://localhost:38080/HelloWeb/UserServlet
... [rid#8928268/initial] (1) go-ahead with proxy request proxy:http://localhost:38080/HelloWeb/UserServlet [OK]
------

However, when proxying through apache, neither my cgi script nor my web application see the REMOTE_USER (dab66).
[Message sent by forum member 'bougie' (dab66_at_cornell.edu)]

http://forums.java.net/jive/thread.jspa?messageID=369166
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.