> That's more feasible, but it also has a different set of issues:
>
> * Configuring the current generation of web connectors causes 90% of the
> user gripes about Tomcat. Anyone who needs evidence should subscribe
> to TOMCAT-USER and start answering all the questions about configuring.
Well, confguring Apache isn't as easy as downloading tomcat.zip and
running a script.
I am quite familiar with mod_jk, and I spent almost a week getting it
working on NES and IIS ( long ago - I woulnd't try again ).
And even if I used Apache for years, I still need to check the docs, and
I haven't updated to 2.0 yet.
There are ideas to simplify mod_jk config, and to improve docs - but we're
a volunteer-based organization.
> * The design assumption of the current generation of web connectors
> is that Apache will serve the static content. Unless the sysadmin
> is VERY careful in their configuration, this leads to violations of the
> servlet spec when static content is protected by a security constraint
> (2.2 and 2.3) or when filters should be invoked on static content (2.3).
>
> These problems are fixable -- but it's just a lot more work than simply
> porting a connector.
+1
Just to clear a confusion here:
mod_jk can be configured to send all requests for a particular webapp to
tomcat, and that makes it 100% compliant ( from this point of view ), and
quite easy to set up. ( with the price of performance ).
Filters are in the same category with servlets and JSPs - they most be
handled by tomcat, nothing special here.
Security constraints is a big, difficult subject. Of course, it is
possible to send all constrainted requests to tomcat - but that doesn't
solve the real problem, integration with Apache's auth mechanisms.
If a site is using a certain apache module for authentication, we can't
ask them to change that with the tomcat-based authentication. We may use a
tomcat module that is similar ( like JDBC, or LDAP or passwd-file auth ),
but that's again a partial solution.
Of course, if anyone knows a good solution for that - it would be great to
hear about it, and discuss it on the list ( there are few people around
who may provide some feedback, including me ).
Costin
