AJPv13 Authentication

Created by SarahA, last updated by Richard Stephens on Jul 13, 2012 1 minute read

AJP authentication expects requests to be pre-authenticated via an external server before arriving at FishEye.

Typically, this would be a web server (e.g. Apache) configured to perform password and role checking for a given URL. If successful, the server forwards the request to the FishEye server via the AJPv13 protocol.

FishEye Configuration

For FishEye to use AJP authentication, the following two values must be configured:

The AJP Bind Address must be set per FishEye instance. See also Server Settings.
The user's Auth Type must be set to 'ajp'.

Apache Configuration

mod_proxy_ajp

To configure Apache Httpd to forward all requests to /fisheye to a Fisheye instance with an AJP Bind address of localhost:8009, on the same machine, ensure that the proxy_ajp_module apache module is enabled, and add these lines to the VirtualHost you wish to serve FishEye through:

ProxyPass /fisheye/ ajp://localhost:8009/fisheye/ nocanon

mod_jk

To configure Apache Httpd so that all requests to Apache Httpd for the path /fisheye are forwarded to a FishEye instance on the same machine with an AJP Bind Address of localhost:8009.

Add these lines to your apache configuration:

LoadModule jk_module modules/mod_jk.so

JkWorkersFile /path/to/workers.properties
JkLogFile /var/log/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /fisheye/* worker1

JkOptions +ForwardURICompatUnparsed

Then create a file under /path/to/workers.properties and add:

worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009

4 Comments

Anonymous
Jun 08, 2009
tomcat/jakarta mods are old. newer versions of apache come with mod_proxy_ajp.
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass / ajp://localhost:8050/
Done.
Anonymous
Feb 10, 2011
Hi,

I have installed Fisheye on my server. Users who are successfullt pre-authenticated (authenticated on work machine) are redirected to fisheye (crucible) when they access the server url using AJP13 connectivity.

Almost all links are working fine except when specific actions are performed. For example: when user tries to abandon a review "Null Pointer Exception" is received and when user tries to add an attachment "Missing required parameter 'reviewRenderTime'." is received.

In the logs, I see the following error:

WARN [Thread-7 ] fisheye.app com.cenqua.crucible.hibernate.DefaultDBControl-stop - Shutdown in progress
2011-02-09 17:16:50,141 WARN [btpool0-5 ] fisheye.app com.cenqua.crucible.hibernate.TxHelper-rollbackTxIfNotCommited - Rolled back transaction
2011-02-09 17:16:50,157 ERROR [btpool0-5 ] org.mortbay.log org.mortbay.log.Slf4jLog-warn - /json/cru/CR-3/changeStateAjax
java.lang.NullPointerException

If I hit the crucible server directly using http://hostname:8060 everything works fine.

The ajp13 is configured in the following way:

JkWorkersFile "G:/Apache Data/AJP13/config/workers.properties"
JkLogFile "G:/Apache Data/AJP13/logs/mod_jk.log"
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /* worker1

I have been trying to fix this problem to no avail. Any help would be highly appreciated.

Thanks!
Anonymous
May 09, 2011
AJP does not appear to work with 2.5.4 and Apache 2.2.3 - it seems to have to do with problems with Jetty.

I had this config:
ProxyPass /fecru ajp://localhost:8009/fecru ProxyPassReverse /fecru ajp://localhost:8009/fecru
and had lots of problems after the upgrade to 2.5.4.

After changing my config to this, everything works fine:
ProxyPass /fecru http://localhost:8060/fecru ProxyPassReverse /fecru http://localhost:8060/fecru
Jamie Echlin
Jul 26, 2011
You need to have the possibility of both ajp13 and LDAP. Ajp13 works fine but all you get is the user name.