Awesome! Thanks for letting me know.
Amy
On 2/16/2010 1:55 PM, Peter Cline wrote:
> Hi Amy,
> Works beautifully. Thanks so much for your help!
>
> Peter
>
> Amy Roh wrote:
>> Hi Peter,
>>
>> On 2/15/2010 12:09 PM, Peter Cline wrote:
>>> Hi all,
>>>
>>> I'm working on getting Glassfish v3 set up with a httpd reverse proxy,
>>> using mod_proxy_ajp. Setting up a simple listener, deploying existing
>>> wars, and enabling the JK switch makes the basic connection work
>>> flawlessly. No issues there.
>>>
>>> There is a problem, however. First, though, to explain: the flavor of
>>> authentication our institution is moving to [avoiding tangent here], for
>>> the time being, only supports an httpd plugin, hence the reverse proxy.
>>> The plugin protects paths, handles authentication for those paths, sets
>>> a few environment variables, including REMOTE_USER and AUTH_TYPE, and
>>> then passes this forward.
>>>
>>> The problem: applications running under glassfish are not getting any
>>> values in the REMOTE_USER and AUTH_TYPE fields. They're blank.
>>>
>>> We tested this first under tomcat, and at first, the same thing was
>>> happening. Those fields were being blanked. However, we needed to set a
>>> flag in the AJP listener string:
>>> -- tomcatAuthentication="false"
>>> After setting that flag, it lets the REMOTE_USER and AUTH_TYPE fields
>>> pass to the application.
>>>
>>> As mentioned, applications under glassfish get nothing from these
>>> fields. Digging around, I can't find anything even roughly equivalent to
>>> tomcat's auth="false" notion in glassfish, unless i'm completely missing
>>> something. So here come the questions, and please forgive any ignorance;
>>> the mechanics of environment passing through AJP are nothing but fuzzy
>>> to me:
>>> - Am I correct in assuming that glassfish is either ignoring or
>>> purposefully blanking these variables?
>>
>> Similar to Tomcat, GlassFish is using default values
>> (tomcatAuthentication="true") unless it's configured to use something
>> else.
>>
>> You can try configuring the jk connector using glassfish-jk.properties
>> file. After creating the glassfish-jk.properties file with
>> configuration changes, tomcatAuthentication="false" in this case, you
>> can set glassfish to use the new configuration by
>>
>> asadmin create-jvm-options
>> -Dcom.sun.enterprise.web.connector.enableJK.propertyFile=/path_to_configuration/glassfish-jk.properties
>>
>>
>> Amy
>>
>>> - If so, any way to ask it nicely not to do so? - Is this behavior
>>> limited to certain environment variables only, or is the entire
>>> environment blanked / reset when a call like this comes in through AJP?
>>> I could consider rewriting the contents of these to different variable
>>> names somewhere on the httpd side.
>>> - Any other thoughts?
>>>
>>> Thanks for any help/advice you can offer.
>>>
>>> Peter
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>