Thanks, no its not about single sign on, its about automation via web services.
I want the operations that are associated with /manager to be wrapped in WSDL/SOAP so I can automate via SOAP/BPEL the process of deploying new war files to multiple instances of Tomcat. If someone has done this with WSDL using Axis or hand coded it, that's what I am interested in, nothing else, if nobody has done it, fine, I will do it myself. Please don't offer any other solutions, not interested. Ollie awarnier wrote: > > Mike Oliver wrote: > ... > Unless I misunderstand, > - the first part of your problem is to be able to login once, and then > have this login be valid for all separate Tomcat instances. > - the second part of the problem is then, for each Tomcat instance, to > be able to use manager-like functionalities to start/stop/load new > applications and whatnot. > > I'll tackle the first part, which amounts to an "enterprise-wide SSO > issue". > Assuming that the same authenticated user-id can be used on all your > Tomcat instances, as one possible solution I would use the following setup > : > > - an Apache httpd front-end, which does the authentication, using any > Apache-compatible way for ditto > - the Apache httpd front-end connects to Tomcat back-ends via the mod_jk > connector module (on the Apache side), and an AJP Connector (on the > Tomcat side) > - in the AJP <Connector> element on the Tomcat side, set the attribute : > tomcatAuthentication="false" > > This will cause Tomcat to accept the user-id as authenticated by the > httpd server (and passed on by mod_jk), and not redo the authentication > at the Tomcat level (while still verifying that this user-id effectively > belongs to a "Tomcat role" allowed to use the relevant functionality). > > > Now that the SSO issue is solved, my personal stab at the next issue > would involve writing a mod_perl add_on module for Apache httpd, which > would accept your "Tomcat management" commands, and distribute them to > your back-end Tomcats, using the /manager interface that other more > qualified people seem to suggest. Quite which front-end protocol this > httpd add-on module accepts from the client side is up to you. > > But that is of course because I am a mod_perl fan, and because for this > kind of problem, it seems to me like the most flexible tool. Other > people may have other suggestions. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Has-anyone-created-a-WSDL-for-the-Manager-Application-tp23746190p23753112.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
