Closed apishta closed 3 years ago
Hey,
Yes it is possible. Whatever the module you use for authentication (files, databases, ...), it does not require to restart Apache if you add users. All you have to do then is to get the folder (PATH_INFO) from the requested URL and compare it with the current authenticated user (REMOTE_USER).
Hi Anthony,
Thnx for your quick answer.
I don't have access to REMOTE_USER, actually, it is empty, because I don't use jwt-login-handler. I am using the JWT created by the external application.
Would be possible to make the following:
parse a folder name from PATH_INFO and compare it with the username from JWT
Require jwt-claim user=folder_name
?
Thank you very much.
The REMOTE_USER is set whatever you use the jwt-login-handler or not. After the signature check, the REMOTE_USER is extracted from the token claims (using AuthJWTAttributeUsername).
Did you finally succeed ?
I did not have time to work on this yet. Probably I will do it in the next weeks. Thanks for asking.
The REMOTE_USER is set whatever you use the jwt-login-handler or not. After the signature check, the REMOTE_USER is extracted from the token claims (using AuthJWTAttributeUsername).
How can the client get REMOTE_USER ? I don't see that value returned. Only the json token is returned and some headers like Content-Type and Content-Length.
It probably has to do with apache Header module but I could not getting it to work .
The REMOTE_USER is usually not intended to the client but the to the backend application. The app may decode it and expose a service to get data. If you need so, you can probably set a header in the response with the REMOTE_USER.
The following code allow you to add the header in the request. For the response, you could try the same way with the "Header" directive.
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set X-Remote-User "%{RU}e" env=RU
Did everyone succeed to get the REMOTE_USER ?
I have decided to extend WebdavServlet on tomcat. That solution was a more suitable solution for my project.
Hi,
Is it possible to implement authorization in the following way:
Thnx, Istvan