Hi Peter,
On 2/15/2010 12:09 PM, Peter Cline wrote:
> Hi all,
>
> I'm working on getting Glassfish v3 set up with a httpd reverse proxy,
> using mod_proxy_ajp. Setting up a simple listener, deploying existing
> wars, and enabling the JK switch makes the basic connection work
> flawlessly. No issues there.
>
> There is a problem, however. First, though, to explain: the flavor of
> authentication our institution is moving to [avoiding tangent here], for
> the time being, only supports an httpd plugin, hence the reverse proxy.
> The plugin protects paths, handles authentication for those paths, sets
> a few environment variables, including REMOTE_USER and AUTH_TYPE, and
> then passes this forward.
>
> The problem: applications running under glassfish are not getting any
> values in the REMOTE_USER and AUTH_TYPE fields. They're blank.
>
> We tested this first under tomcat, and at first, the same thing was
> happening. Those fields were being blanked. However, we needed to set a
> flag in the AJP listener string:
> -- tomcatAuthentication="false"
> After setting that flag, it lets the REMOTE_USER and AUTH_TYPE fields
> pass to the application.
>
> As mentioned, applications under glassfish get nothing from these
> fields. Digging around, I can't find anything even roughly equivalent to
> tomcat's auth="false" notion in glassfish, unless i'm completely missing
> something. So here come the questions, and please forgive any ignorance;
> the mechanics of environment passing through AJP are nothing but fuzzy
> to me:
> - Am I correct in assuming that glassfish is either ignoring or
> purposefully blanking these variables?
Similar to Tomcat, GlassFish is using default values
(tomcatAuthentication="true") unless it's configured to use something else.
You can try configuring the jk connector using glassfish-jk.properties
file. After creating the glassfish-jk.properties file with
configuration changes, tomcatAuthentication="false" in this case, you
can set glassfish to use the new configuration by
asadmin create-jvm-options
-Dcom.sun.enterprise.web.connector.enableJK.propertyFile=/path_to_configuration/glassfish-jk.properties
Amy
> - If so, any way to ask it nicely not to do so? - Is this behavior
> limited to certain environment variables only, or is the entire
> environment blanked / reset when a call like this comes in through AJP?
> I could consider rewriting the contents of these to different variable
> names somewhere on the httpd side.
> - Any other thoughts?
>
> Thanks for any help/advice you can offer.
>
> Peter
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>