How to get Tomcat "Role" from Apache user ("group")?
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Christopher_Koenigsberg
Posted On:   Wednesday, January 16, 2002 10:59 AM

I hope I am framing this question precisely enough... How can we use Apache basic authentication to pass a user with a desired "role" in to Tomcat? That is, what about configuring Apache's security mechanism and connecting it with Tomcat's security mechanism, after the basic configuration of the Warp connection betwixt Apache and Tomcat.... For instance take the Tomcat "manager" application. We can make it work (connect OK and be granted acess to the webapp with "manager" role, and Tomcat default "MemoryRealm") e.g. using tomcat-users.xml entry) if we connect directly to Tomcat (port 8180). That is, we enter a user with password and role "manager&qu   More>>

I hope I am framing this question precisely enough...



How can we use Apache basic authentication to pass a user with a desired "role" in to Tomcat?



That is, what about configuring Apache's security mechanism and connecting it with Tomcat's security mechanism, after the basic configuration of the Warp connection betwixt Apache and Tomcat....



For instance take the Tomcat "manager" application.



We can make it work (connect OK and be granted acess to the webapp with "manager" role, and Tomcat default "MemoryRealm") e.g. using tomcat-users.xml entry) if we connect directly to Tomcat (port 8180). That is, we enter a user with password and role "manager" in Tomcat's tomcat-users.xml and can log in directly to Tomcat's HTTP connector on port 8180.




But it does not work if we connect through Apache (port 80 passing "/manager" via mod_webapp.so). That is, if we configure Apache for Basic Authentication and assign a realm, username, password, group in Apache, even if we try and assign the same username in Apache as the desired Tomcat user with the "manager" role in Tomcat, it appears that Tomcat is not accepting the credentials of the user, from Apache over the Warp connector.



Coming in through the Apache port and Warp connector, Tomcat gives a servlet error because the servlet requires (and lacks) authorization e.g. "manager" role is not being satisfied by what Apache passes in.



So, how to map Apache basic authentication user fields, through the Warp connector, to Tomcat user fields, so one can sign in to Apache and be automatically authenticated to the webapp in Tomcat?




Or, is there no way to do this currently through Apache basic authentication? (that's what we are guessing)



I will dig in the source code since I know that is the only place where true answers can be found, but I haven't had the time for this yet as this is just a side issue...

   <<Less
About | Sitemap | Contact