堆栈内存溢出
  简体   繁体   English

在代理到tomcat之前在apache中设置REMOTE_USER

[英]Set REMOTE_USER in apache before proxy to tomcat

 原文  2015-03-31 17:05:46       apache/ tomcat/ single-sign-on/ shibboleth

问题描述

Is there a way in apache to set REMOTE_USER to a particular value for certain URLS, prior to AJP-proxying the request to tomcat?在 AJP 将请求代理到 tomcat 之前,apache 是否有办法将 REMOTE_USER 设置为某些 URL 的特定值?

I have an SSO (Apache/mod_shib)-fronted tomcat application.我有一个 SSO (Apache/mod_shib)-fronted tomcat 应用程序。 Some of the URLs still need to be publicly-accessible.某些 URL 仍需要可公开访问。 I have shibboleth working for the protected part, but the public part still requires a username (can't change how the app works).我有 shibboleth 为受保护的部分工作,但公共部分仍然需要用户名(无法更改应用程序的工作方式)。

I can correctly identify the URLs that need to be public access and turn off shibboleth authentication for them.我可以正确识别需要公开访问的 URL 并为它们关闭 shibboleth 身份验证。 When I do so, there's now no user defined, so the system refuses to let me in.当我这样做时,现在没有用户定义,所以系统拒绝让我进入。

What I think I want to do is this:我想做的是:

IF URL matches pattern:
    turn off shibboleth
    force set REMOTE_USER="anonymous" //and maybe AJP_REMOTE_USER, too?!

I tried using FakeBasicAuth to achieve that last bit, but the user appears to be set after the proxy occurs.我尝试使用 FakeBasicAuth 来实现最后一点,但用户似乎是在代理发生后设置的。 Is there a way to do this?有没有办法做到这一点? Maybe there's a better way?也许有更好的方法?

A less desirable alternative would be to configure the tomcat application to use something besides REMOTE_USER and then try setting that value with mod_rewrite.一个不太理想的替代方法是将 tomcat 应用程序配置为使用除 REMOTE_USER 之外的其他内容,然后尝试使用 mod_rewrite 设置该值。 I'd rather not do that, because then the username won't show up in the tomcat access logs.我宁愿不这样做,因为这样用户名就不会出现在 tomcat 访问日志中。

2 个解决方案

解决方案1
 0  2015-10-19 12:45:20

Manipulating the REMOTE_USER env variable is very difficult and if you have the extra constraint to do it at the very beginning of the connection, I would try the mod_security .操作 REMOTE_USER env 变量非常困难,如果您在连接的一开始就有额外的约束来执行此操作,我会尝试使用mod_security

Unfortunately writing rules for mod_security is not the easiest thing in the world.不幸的是,为mod_security编写规则并不是世界上最简单的事情。

解决方案2
 0  2020-06-04 12:59:47

Example to populate header X-Remote-User with the content of REMOTE_USER variable after being authenticated and send that header to a backend proxy (apache 2.4.6).在经过身份验证后使用REMOTE_USER变量的内容填充标头X-Remote-User并将该标头发送到后端代理(apache 2.4.6)的示例。

# Example for Apache 2.4.6

<VirtualHost *:80>

RewriteEngine on
<Location />

    ###############################################
    # Your authentication logic here
    AuthType .......
    AuthName .......
    AuthBasicProvider .......
    .... etc
    Require valid-user
    ###############################################

    RewriteCond %{LA-U:REMOTE_USER} (.+)
    RewriteRule . - [E=RU:%1]
    RequestHeader set X-Remote-User %{RU}e

</Location>

    ProxyTimeout 300
    ProxyPass / http://localhost:81/
    ProxyPassReverse / http://localhost:81/

</VirtualHost>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过PHP在Apache中设置REMOTE_USER - Set REMOTE_USER in Apache via PHP Apache - 如何获取 REMOTE_USER 变量 - Apache - how to get REMOTE_USER variable Apache 重定向与 REMOTE_USER 变量不起作用 - Apache redirect with REMOTE_USER variable not working 使用php为apache日志设置REMOTE_USER - Setting REMOTE_USER for apache logs using php 如何在 HTTP 标头中设置 REMOTE_USER? - How do I set REMOTE_USER in a HTTP header? 如何在PHP中设置时使REMOTE_USER棒? - How to make REMOTE_USER stick when set in PHP? 如何将Apache REMOTE_USER从一台Apache服务器传递到另一台? - How to pass Apache REMOTE_USER from one Apache server to another? 如何使用proxypassreverse将remote_user变量从apache传递给apache - How to pass the remote_user variable from apache to apache using proxypassreverse 通过AJP将REMOTE_USER转发给tomcat(例如shibboleth) - Forward REMOTE_USER to tomcat via AJP (e.g. for shibboleth) 如何从Active Directory填充Apache Server中的REMOTE_USER(与SSO相关) - How to populate the REMOTE_USER in Apache Server from Active Directory (SSO related)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM