On Tue, May 8, 2012 at 8:08 AM, Francesco Sordillo <f.sordillo@xxxxxxxxx> wrote: > > > Il 08/05/2012 12:45, Eric Covener ha scritto: > >> On Tue, May 8, 2012 at 6:14 AM, Francesco Sordillo<f.sordillo@xxxxxxxxx> >> wrote: > > >>> but, as I said before, REMOTE_USER is not in the attribute header! The >>> problem is that using a proxy, requests attribute are lost! > > >> >> Since you say it's lost -- In what environment is this attribute in >> JBOSS ever set? > > > It is not set in JBoss but via mod_shib in Apache. The same application runs > over OAS Application Server with Oracle HTTP Server, an Apache 1.3 > customized by Oracle with mod_oc4j that replace mod_proxy, and it works > properly. AFAICT that attribute is not spec. Try HTTPServletRequest#getRemoteUser() and tomcatAuthentication=false if you want the webservers auth to be trusted. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|