Andre could you explain how mod_perl would handle routing capability to pass to tc instances?..could mod_perl accomplish the functionality of a load-balancer?
thanks Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Thu, 28 May 2009 00:33:35 +0200 > From: a...@ice-sa.com > To: users@tomcat.apache.org > Subject: Re: Has anyone created a WSDL for the Manager Application > > Mike Oliver wrote: > ... > Unless I misunderstand, > - the first part of your problem is to be able to login once, and then > have this login be valid for all separate Tomcat instances. > - the second part of the problem is then, for each Tomcat instance, to > be able to use manager-like functionalities to start/stop/load new > applications and whatnot. > > I'll tackle the first part, which amounts to an "enterprise-wide SSO issue". > Assuming that the same authenticated user-id can be used on all your > Tomcat instances, as one possible solution I would use the following setup : > > - an Apache httpd front-end, which does the authentication, using any > Apache-compatible way for ditto > - the Apache httpd front-end connects to Tomcat back-ends via the mod_jk > connector module (on the Apache side), and an AJP Connector (on the > Tomcat side) > - in the AJP <Connector> element on the Tomcat side, set the attribute : > tomcatAuthentication="false" > > This will cause Tomcat to accept the user-id as authenticated by the > httpd server (and passed on by mod_jk), and not redo the authentication > at the Tomcat level (while still verifying that this user-id effectively > belongs to a "Tomcat role" allowed to use the relevant functionality). > > > Now that the SSO issue is solved, my personal stab at the next issue > would involve writing a mod_perl add_on module for Apache httpd, which > would accept your "Tomcat management" commands, and distribute them to > your back-end Tomcats, using the /manager interface that other more > qualified people seem to suggest. Quite which front-end protocol this > httpd add-on module accepts from the client side is up to you. > > But that is of course because I am a mod_perl fan, and because for this > kind of problem, it seems to me like the most flexible tool. Other > people may have other suggestions. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_BR_life_in_synch_052009
