Hi all,
I'm working on getting Glassfish v3 set up with a httpd reverse proxy,
using mod_proxy_ajp. Setting up a simple listener, deploying existing
wars, and enabling the JK switch makes the basic connection work
flawlessly. No issues there.
There is a problem, however. First, though, to explain: the flavor of
authentication our institution is moving to [avoiding tangent here], for
the time being, only supports an httpd plugin, hence the reverse proxy.
The plugin protects paths, handles authentication for those paths, sets
a few environment variables, including REMOTE_USER and AUTH_TYPE, and
then passes this forward.
The problem: applications running under glassfish are not getting any
values in the REMOTE_USER and AUTH_TYPE fields. They're blank.
We tested this first under tomcat, and at first, the same thing was
happening. Those fields were being blanked. However, we needed to set
a flag in the AJP listener string:
-- tomcatAuthentication="false"
After setting that flag, it lets the REMOTE_USER and AUTH_TYPE fields
pass to the application.
As mentioned, applications under glassfish get nothing from these
fields. Digging around, I can't find anything even roughly equivalent
to tomcat's auth="false" notion in glassfish, unless i'm completely
missing something. So here come the questions, and please forgive any
ignorance; the mechanics of environment passing through AJP are nothing
but fuzzy to me:
- Am I correct in assuming that glassfish is either ignoring or
purposefully blanking these variables?
- If so, any way to ask it nicely not to do so?
- Is this behavior limited to certain environment variables only, or is
the entire environment blanked / reset when a call like this comes in
through AJP? I could consider rewriting the contents of these to
different variable names somewhere on the httpd side.
- Any other thoughts?
Thanks for any help/advice you can offer.
Peter