>
> You're talking about having to change your app, but you've only
> described having to make modifications to a Tomcat internal support class.
>
> You seem to be saying that Tomcat has a compliancy issue - IMO the
> problem with leaving that unchallenged is that it breeds
> misunderstanding that
On 17/06/2010 15:08, Marc Boorshtein wrote:
>>> Hi.
>>> I must say that, with my limited knowledge of the Tomcat internals taken
>>> into consideration, I tend to agree with Marc in this case, if he is
>>> right in claiming that the Tomcat Realm mixes authentication with
>>> authorization and does
>> Hi.
>> I must say that, with my limited knowledge of the Tomcat internals taken
>> into consideration, I tend to agree with Marc in this case, if he is
>> right in claiming that the Tomcat Realm mixes authentication with
>> authorization and does not allow to separate the two.
>
> Well, he said
On Thu, Jun 17, 2010 at 9:11 AM, Mark Thomas wrote:
> On 17/06/2010 13:26, André Warnier wrote:
>> I must say that, with my limited knowledge of the Tomcat internals taken
>> into consideration, I tend to agree with Marc in this case, if he is
>> right in claiming that the Tomcat Realm mixes authe
On 17/06/2010 13:26, André Warnier wrote:
> Pid wrote:
>> On 17/06/2010 12:34, Marc Boorshtein wrote:
> I'm not looking to start a holy war here, but is there anything
> incorrect in what I said? Tomcat is a servlet container, the servlet
Yes.
You made a sweeping statement a
On 17/06/2010 13:26, André Warnier wrote:
> I must say that, with my limited knowledge of the Tomcat internals taken
> into consideration, I tend to agree with Marc in this case, if he is
> right in claiming that the Tomcat Realm mixes authentication with
> authorization and does not allow to separ
Pid wrote:
On 17/06/2010 12:34, Marc Boorshtein wrote:
I'm not looking to start a holy war here, but is there anything
incorrect in what I said? Tomcat is a servlet container, the servlet
Yes.
You made a sweeping statement about container managed security which
implied that things should just
On 17/06/2010 12:34, Marc Boorshtein wrote:
>>>
>>> I'm not looking to start a holy war here, but is there anything
>>> incorrect in what I said? Tomcat is a servlet container, the servlet
>>
>> Yes.
>>
>> You made a sweeping statement about container managed security which
>> implied that things
>>
>> I'm not looking to start a holy war here, but is there anything
>> incorrect in what I said? Tomcat is a servlet container, the servlet
>
> Yes.
>
> You made a sweeping statement about container managed security which
> implied that things should just work. Someone has to make them work.
>
On 17/06/2010 02:41, Marc Boorshtein wrote:
>>>
>>> The problem with the Realm system is its designed with the assumption
>>> that tomcat is doing the authentication which is not a valid
>>> assumption in an environment where the authentication is seperated
>>> from authorization. The entire point
>>
>> The problem with the Realm system is its designed with the assumption
>> that tomcat is doing the authentication which is not a valid
>> assumption in an environment where the authentication is seperated
>> from authorization. The entire point of container security is that as
>> a coder I do
On 16/06/2010 18:27, Marc Boorshtein wrote:
>>
>> To look at this from a very strict point of view, the whole area is already
>> a bit stretched. Tomcat has this notion of "roles" (because the Servlet
>> Spec has this same notion). But if you look at common authentication
>> schemes, like NTLM or
>
> To look at this from a very strict point of view, the whole area is already
> a bit stretched. Tomcat has this notion of "roles" (because the Servlet
> Spec has this same notion). But if you look at common authentication
> schemes, like NTLM or LDAP, they do not have this notion. It is possi
Marc Boorshtein wrote:
OK, come context first:
What I'm trying to do is integrate a Commercial Off The Shelf (COTS)
application that relies on container security into a Web Access
Manager (WAM). In a typical WAM deployment there are AAA is broken up
into multiple layers:
Web Server - Authentic
Sent from my iPhone
On Jun 16, 2010, at 11:12 AM, David kerber wrote:
On 6/16/2010 10:58 AM, Marc Boorshtein wrote:
...
That being said, the sequence of events should be:
1. Web server authenticates the user (works)
2. Pass the context to Tomcat (works)
3. Tomcat calls the realm to ret
On 6/16/2010 10:58 AM, Marc Boorshtein wrote:
...
That being said, the sequence of events should be:
1. Web server authenticates the user (works)
2. Pass the context to Tomcat (works)
3. Tomcat calls the realm to retrieve the user information and set
the context (doesn't presently occur)
#3
OK, come context first:
What I'm trying to do is integrate a Commercial Off The Shelf (COTS)
application that relies on container security into a Web Access
Manager (WAM). In a typical WAM deployment there are AAA is broken up
into multiple layers:
Web Server - Authentication (via the WAM) and c
Marc Boorshtein wrote:
You should not need to do that, it should be automatic.
Just make sure that in the Tomcat for AJP (in server.xml), you
set the attribute
tomcatAuthentication="false"
If the request is authenticated by Apache, mod_jk will (always) pass it
internally to Tomcat, along with t
>
> You should not need to do that, it should be automatic.
> Just make sure that in the Tomcat for AJP (in server.xml), you
> set the attribute
> tomcatAuthentication="false"
>
> If the request is authenticated by Apache, mod_jk will (always) pass it
> internally to Tomcat, along with the request
Also, it is *really really really* helpful, when you post a question, that you would
specify the precise versions of software you are talking about.
Like :
Apache httpd version : 2.2.3
Tomcat version : 5.5.21
mod_jk version : 1.2.18
.. the documentation .. : the documentation page at :
http://to
Marc Boorshtein wrote:
All,
I'm trying to setup apache in front of tomcat and have apache do the
authentication for access and pass the user's context back to tomcat.
I've seen documentation that says that I should set the JK_REMOTE_USER
environment variable but it doesn't seem to be working.
21 matches
Mail list logo
