grouper-users - RE: [grouper-users] REMOTE_USER and grouper-ws
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Scott Koranda <>, "" <>
- Subject: RE: [grouper-users] REMOTE_USER and grouper-ws
- Date: Thu, 29 Oct 2009 00:42:42 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
I just added support for this in 1.5.0.
I believe what you need to do if you don't want to wait for 1.5.0 is:
1. Create an authenticator class:
package edu.myschol.grouper.security;
import javax.servlet.http.HttpServletRequest;
import edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication;
/**
* remote user authentication
*/
public class WsGrouperRemoteUserAuthentication implements
WsCustomAuthentication {
/**
*
* @see
edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication#retrieveLoggedInSubjectId(javax.servlet.http.HttpServletRequest)
*/
public String retrieveLoggedInSubjectId(HttpServletRequest
httpServletRequest)
throws RuntimeException {
return httpServletRequest.getRemoteUser();
}
}
NOTE: if it is blank, it might be here:
return httpServletRequest.getAttribute("REMOTE_USER");
2. Compile and put that in a jar in lib dir or in the classes dir
3. Put the classname in the grouper-ws.properties:
ws.security.non-rampart.authentication.class =
edu.myschol.grouper.security.WsGrouperRemoteUserAuthentication
If you need help compiling and making the jar, let me know.
Regards,
Chris
> -----Original Message-----
> From: Scott Koranda
> [mailto:]
> Sent: Thursday, October 29, 2009 12:17 AM
> To:
>
> Subject: [grouper-users] REMOTE_USER and grouper-ws
>
> Hi,
>
> Right now authentication to grouper-ws is being done via
> hand-editing of the file tomcat-users.xml with entries like
> this:
>
> <role rolename="grouper_user"/>
> <user username="jota" password="whatever" roles="grouper_user"/>
> <user username="jobr" password="whatever" roles="grouper_user"/>
> <user username="eldo" password="whatever" roles="grouper_user"/>
>
> I would prefer to have grouper-ws "see" REMOTE_USER in the
> same way that the Grouper UI "sees" REMOTE_USER.
>
> What changes do I need to make to my grouper-ws and Tomcat
> configuration in order for REMOTE_USER to be used for
> authentication (note that we are using Apache httpd to
> front/proxy for Tomcat via AJP)?
>
> I apologize if the the details are staring at me from
>
> https://spaces.internet2.edu/display/GrouperWG/Authentication
>
> but I have not been able to discern from that page precisely
> what to do.
>
> Thanks,
>
> Scott
- REMOTE_USER and grouper-ws, Scott Koranda, 10/29/2009
- RE: [grouper-users] REMOTE_USER and grouper-ws, Chris Hyzer, 10/29/2009
- Re: [grouper-users] REMOTE_USER and grouper-ws, Scott Koranda, 10/30/2009
- RE: [grouper-users] REMOTE_USER and grouper-ws, Chris Hyzer, 10/30/2009
- Re: [grouper-users] REMOTE_USER and grouper-ws, Scott Koranda, 10/30/2009
- RE: [grouper-users] REMOTE_USER and grouper-ws, Chris Hyzer, 10/29/2009
Archive powered by MHonArc 2.6.16.