为 mod_proxy_ajp 重写经过身份验证的 Apache2.2 用户

发布于 2024-10-21 13:18:26 字数 1066 浏览 7 评论 0原文

我有一个 Tomcat 通过 mod_proxy_ajp 连接到 Apache2.2 实例。 Apache 通过 mod_auth_kerb 进行身份验证,Tomcat 使用 request.getRemoteUser() 来获取经过身份验证的用户。

这基本上可行,但我想重写用户。但是,我设置的标头都不会影响 request.getRemoteUser() 返回的内容,我只将它们视为附加标头,我该怎么办?

   # Rewrite Magic: change REMOTE_USER to something Alfresco expects
    RewriteEngine On

    RewriteMap domain_map txt:/etc/apache2/rewrite-map.txt

    # Grab the REMOTE_USER apache environment variable for HTTP forwarding (requires sub-request!)
    RewriteCond %{LA-U:REMOTE_USER} (.*)@(.*)

    # change the format and replace the domain, e.g.: 
    # [email protected]  ==>  other.domain_user
    RewriteRule . - [E=RU:${domain_map:%2|%2}_%1]

    # copy processed user to HTTP headers
    RequestHeader set REMOTE_USER %{RU}e
    RequestHeader set HTTP_REMOTE_USER %{RU}e
    RequestHeader set AJP_REMOTE_USER %{RU}e
    RequestHeader set AJP_HTTP_REMOTE_USER %{RU}e

谢谢!

I have a Tomcat connected via mod_proxy_ajp to an Apache2.2 instance. Apache does the authentication via mod_auth_kerb, and Tomcat uses request.getRemoteUser() to get the authenticated user.

This basically works, but I want to rewrite the user. However, none of the headers I set affect what is returned by request.getRemoteUser(), I only see them as additional headers, what do I have to do?

   # Rewrite Magic: change REMOTE_USER to something Alfresco expects
    RewriteEngine On

    RewriteMap domain_map txt:/etc/apache2/rewrite-map.txt

    # Grab the REMOTE_USER apache environment variable for HTTP forwarding (requires sub-request!)
    RewriteCond %{LA-U:REMOTE_USER} (.*)@(.*)

    # change the format and replace the domain, e.g.: 
    # [email protected]  ==>  other.domain_user
    RewriteRule . - [E=RU:${domain_map:%2|%2}_%1]

    # copy processed user to HTTP headers
    RequestHeader set REMOTE_USER %{RU}e
    RequestHeader set HTTP_REMOTE_USER %{RU}e
    RequestHeader set AJP_REMOTE_USER %{RU}e
    RequestHeader set AJP_HTTP_REMOTE_USER %{RU}e

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

︶葆Ⅱㄣ 2024-10-28 13:18:26

我怀疑标头没有按照您期望的那样设置,并且它们到达 Tomcat 时为空。

我遇到过一些令人费解的处理顺序问题,导致 RequestHeader 忽略 RewriteRule 设置的环境变量。查看 https://stackoverflow.com/a/9303018/239408 是否有帮助

I suspect that the headers are not being set as you expect them to be set, and they are getting to Tomcat empty.

I have experienced some puzzling processing order issues that caused RequestHeader to ignore the environment variables set by a RewriteRule. Take a look at https://stackoverflow.com/a/9303018/239408 in case it helps

美男兮 2024-10-28 13:18:26

看来 getRemoteUser() 值不能被 Apache 标头指令覆盖,因为 AJP 协议处理程序从某些内部 Apache 结构获取用户名。我通过 http 标头发送用户名并修改 Java 代码来使用它而不是使用 getRemoteUser() 来解决这个问题。

It seems the getRemoteUser() value can not be overwritten by Apache header directives, as the AJP protocol handler gets the username from some internal Apache structure. I worked around this by sending the username via http header and modifying the Java code to use that instead of using getRemoteUser().

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文