2012/3/23 <issa.goris...@ext.ec.europa.eu>: > Hi All, > > I have several web applications running on distinct tomcat instances. Apache > httpd is in front of all the tomcat instances, running as a reverse proxy. > Authentication is realized at the container side. Access log files are active > on the httpd side.
"at the container side" = in Tomcat? > > What I am missing in the httpd log files is the remote user information. I > know it is not available via mod_proxy. So I plan to switch to mod_jk. But it > is not available in mod_jk either. And I would like to contribute on this. I > know a possible work around would be to include the remote user information > in the response headers and log this via httpd; but I am not sure I can count > on the software owners to make the changes in a short time. > > If there is not difficulty in tomcat for grabbing the remote user, I would > like to add a new response message in AJP13. Just enable access logs (aka AccessLogValve) in Tomcat itself. It will print whatever user Tomcat authenticated. That works only if authentication is done by Tomcat. In many cases authentication is done by 3-rd party frameworks e.g. Spring Security, inside the web application itself. I think patching the connectors and mod_jk is not a good idea here. > The new response message would be as follow: > > AJP13_CONTAINER_REMOTE_USER := > prefix_code 7 > remote_user (string) > > > Any comments before I start working on this ? > > Thanks for your interest, > -- > Issa Gorissen > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
