Yep, I had come accross mod_auth_cookie, but its current status is questionable and people seem to have moved on to other things. I am just trying to find out what those "other things" are! Best practises etc. It would be nice to conduct a poll to find out what people are actually using. I am accepting that almost everyone else knows more than me........ Tony
On Tue, 17 Nov 2009 10:02 +0000, "Pid" <p...@pidster.com> wrote: > On 16/11/2009 22:07, André Warnier wrote: > > Anthony Jay wrote: > >> > >> My main issue now is about how the authentication works between Tomcat > >> and Apache. > > That's the only one I can readily answer. > > It is extremely simple with mod_jk. > > If the user is authenticated at the Apache level, mod_jk will pass this > > on to the Tomcat server via AJP. > > The only thing to do, is set the 'tomcatAuthentication="false"' > > attribute in Tomcat's AJP Connector, and Tomcat will just "believe" the > > user-id sent by Apache and mod_jk. > > I don't know if, or how, mod_proxy_ajp handles the same thing. > > > >> > >> In terms of authentication, which should I use, mod_auth_mysql and > >> mod_auth_dbm (or mod_auth_form in future or something else?) and why? > >> > > There are many many possibilities for this under Apache httpd. Just pick > > the one that you like best, on its own merits. > > They all basically in the end result in the HTTP request being > > "authenticated" at the Apache httpd level (iow to have a user-id), and > > that's what you want. > > > > What you then do with it under Tomcat is another story, but that is also > > your choice. > > > >> In terms of single sign on how can I make the user experience seamless > >> between static content-managed pages and jsp/servlets? Will mod_jk > >> handle sso? This does not seem clear to me in all the pages I read. If I > >> configure form based auth in a login.jsp page will this be relayed to > >> apache after a redirect? > > > > No, but why would it be ? > > Ah, if you want to do the authentication in Tomcat rather than in > > Apache, but still use it in Apache ? > > There are ways, but you'll need to write your own Apache (httpd) > > authentication module. You could then define a dummy servlet in Tomcat, > > which just echoes the authenticated user-id (as gotten via > > getRemoteUser() e.g.). Then in Apache httpd, you would make a > > "side-request" (oherwise known as a sub-request) to this Tomcat webapp > > to get the user-id, and use it to authenticate the current request in > > Apache. > > But that is a complicated scheme, probably only worth it if you find > > some Tomcat authentication method that does not exist in Apache httpd, > > which is unlikely. > > > >> > >> What is best practise and what should I be doing? If there is some hard > >> to find documentation out there with pointers and tips I would > >> appreciate a few links. > > > > To read in the Apache httpd docs : > > http://httpd.apache.org/docs/2.2/howto/auth.html > > > > Also, personally I would recommend having a look around here : > > http://cpan.uwinnipeg.ca/search?query=apache%3A%3Aauth&mode=dist > > This is the Perl library. Even if you do not intend to do anything with > > Perl, the documentation of many of these modules is a goldmine of > > information about how things work. > > > > Expert advice is appreciated. > > You just got it. > > ;-) > > There used to be a mod_auth_cookie module that had form auth > capabilities, but it wasn't ever in the main distro, it was listed in > the related modules site. > > I used a variant of it in a HTTPD 1.3 install many years ago, so I can't > vouch for its current status. GIYF. > > > p > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
