堆栈内存溢出
  简体   繁体   English

具有基本身份验证的Apache和Tomcat反向代理:Tomcat可以接收用户名吗?

[英]Apache & Tomcat reverse proxy with basic authentication: Can Tomcat receive the username?

 原文  2015-08-12 18:01:07       apache/ tomcat/ reverse-proxy

问题描述

I've successfully configured Apache to listen over SSL/443 and proxy Tomcat listening on HTTP/8080. 我已经成功配置了Apache以侦听SSL / 443和代理Tomcat侦听HTTP / 8080。 I have also set up basic authentication in Apache. 我还在Apache中设置了基本身份验证。

Once the user connects to my Tomcat servlet, will the HttpServletRequest.getRemoteUser() be populated or null. 一旦用户连接到我的Tomcat servlet,将填充HttpServletRequest.getRemoteUser()或将其设置为null。 If null, how might I get the remote user? 如果为null,我如何获得远程用户?

2 个解决方案

解决方案1
 0  2015-08-12 18:38:54

The simplest solution may be to use mod_proxy_ajp , which in addition to proxying requests also transfers a variety of metadata to Tomcat, including authentication information such as REMOTE_USER . 最简单的解决方案可能是使用mod_proxy_ajp ,除了代理请求外,它还会将各种元数据传输到Tomcat,其中包括诸如REMOTE_USER身份验证信息。

These docs for Alfresco discuss this configuration, which includes changes on both the Tomcat side (so that it knows to trust the forwarded authentication) and the Apache side. 这些 Alfresco的文档讨论了这种配置,其中包括Tomcat方面(以便它知道信任转发的身份验证)和Apache方面的更改。

If you're using a generic http proxy like mod_proxy , you would need to arrange for Apache to add the value of REMOTE_USER to the request (possibly as an X- header), and then arrange for your Tomcat application to recognize and trust that header (and you would obviously need to arrange for your front-end proxy to strip that header from any incoming requests). 如果您使用的是像mod_proxy这样的通用http代理,则需要安排Apache将REMOTE_USER的值添加到请求中(可能是X-头),然后安排Tomcat应用程序识别并信任该头(显然,您将需要安排您的前端代理从所有传入请求中删除该标头)。

I don't know how you would do this on the tomcat side, but this post seems to have some suggestions. 我不知道您如何在雄猫方面做到这一点,但是这篇文章似乎有一些建议。

解决方案2
 0  2016-05-27 00:25:26

I needed to add 我需要添加 

<Location />
    Order allow,deny
    Allow from all
    RequestHeader unset Authorization
</Location>

to the wrapping location, the RequestHeader being the specialty that fixed it. 到包装位置,RequestHeader是固定它的专业。

I found this (again) via http://codeblow.com/questions/remove-fundamental-authentication-header-with-apache-mod-proxy/ - don't know where I originally found it last year, it was a last measure for some security issue. 我(再次)通过http://codeblow.com/questions/remove-fundamental-authentication-header-with-apache-mod-proxy/找到了 -不知道我去年最初在哪里找到它,这是最后一次解决某些安全问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 Tomcat 的 Apache https 反向代理 - Apache https reverse proxy with Tomcat 具有基本身份验证的Apache反向代理 - Apache reverse proxy with basic authentication 将Apache配置为反向代理和基于https的tomcat - Configure Apache as reverse proxy and tomcat over https 带有Apache http服务器的Tomcat App反向代理 - Tomcat App Reverse Proxy with Apache http server 使用https将Apache配置为Tomcat的反向代理 - Configuring Apache as reverse proxy to Tomcat using https 可以将Tomcat配置为Apache的代理吗? - Can Tomcat be configured as the proxy for apache? 反向代理的Apache基本身份验证问题 - Apache basic authentication issue with reverse proxy Jaas 基本身份验证 tomcat 7 - Jaas Basic Authentication tomcat 7 Tomcat 9连接器如何侦听Win的127.0.0.1反向代理。 具有私有ServerName的Apache 2.4 - How can Tomcat 9 Connector listening 127.0.0.1 reverse proxy to Win. Apache 2.4 with private ServerName 使用AJP与Tomcat 302重定向的Apache反向代理 - Apache reverse proxy using AJP with Tomcat 302 redirects
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM