How to pass REMOTE_USER from Apache to JBoss as an environment variable when using mod_proxy_ajp

Solution Verified - Updated -

Issue

  • Do you know any trick to pass JBoss a request attribute containing the apache variable REMOTE_USER via mod_proxy?
  • We are using Apache httpd/mod_proxy_ajp with JBoss EAP and need to have REMOTE_USER passed from Apache httpd to JBoss as an environment variable. We have found this is possible using mod_jk and JkEnvVar (see http://tomcat.apache.org/connectors-doc/reference/apache.html) but there is no mention of how to do the same using mod_proxy/mod_proxy_ajp.

  • What we are not able to do is to retrieve REMOTE_USER via request attributes. In the application code we want to do the following:

    String username = (String) request.getAttribute("REMOTE_USER");

  • I know the REMOTE_USER information can be retrieved via the following ways:

    • Changing the application code to request.getRemoteUser() with tomcatAuthentication="false" set server.xml

    • Changing the application code to request.getHeader("REMOTE_USER") and using the following rewrite rule in httpd:

      RewriteCond %{LA-U:REMOTE_USER} (.*) 
RewriteRule .* - [E=MY_REMOTE_USER:%1] 
RequestHeader add REMOTE_USER %{MY_REMOTE_USER}e

    However we need to get the same information using the request attribute for application compatibility reasons.

  • How to configure to allow JBoss to bypass its authentication and correctly populate getRemoteUser and getUserPrincipal from authentication information on the front-end Apache?

Environment

  • Apache httpd
    • mod_proxy
  • JBoss Enterprise Web Server (EWS)
  • JBoss Enterprise Application Platform (EAP)
    • 4.x
    • 5.x
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content