问题
I have encountered a weird problem when working with Shibboleth authentication running on Apache and when Tomcat7 running on the back end, Apache sends everything through mod_proxy_ajp. And so it does with parameters from Shibboleth.
In the documentation it is explicitly stated that AJP sends only attributes with prefix attributePrefix="AJP_" and that a developer should not take shortcuts and enable sending auth attributes through HTTP headers: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking
I try to retrieve attributes using
HttpServletRequest req = (HttpServletRequest) FacesContext.getCurrentInstance()
.getExternalContext().getRequest();
Enumeration<String> e = req.getAttributeNames();
But no matter what I try, no Shibboleth attributes ever show up.
回答1:
After two hours of trying to find out what I was doing wrong. I tried to retrieve attribute by name using.
req.getAttribute("uid");
And for some reason that works. Even though the "uid" isn't listed in getAttributeNames();
It smells like a bug, or mistimed communication somewhere between AJP and Spring or JSF...
来源:https://stackoverflow.com/questions/18164141/retrieving-shibboleth-attributes-from-ajp-connector-request