On 20/10/2010 16:46, Oliver Wulff wrote: > > <img > src="http://zdownload.zurich.com/mailimages/ZHP_MailHeader.gif"; /> > > Hi there > > Different Realms are already provided by Tomcat to configure the > authentication. This allows the application developer to use the standard > Servlet API to retrieve security related informations like username and > whether the user belongs to a role or not. Further, you can configure > access restrictions based on roles in web.xml. > > When the whole authentication happens within a reverse proxy (mod_proxy of > apache server) how can I still benefit from container managed security in > tomcat? The password is not available anymore so that I could configure one > of the Realms. > > Is there any out of the box solution in Tomcat?
For the AJP connector: tomcatAuthentication=false http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
![http://zdownload.zurich.com/mailimages/ZHP_MailHeader.gif"](http://zdownload.zurich.com/mailimages/ZHP_MailHeader.gif"){kind=link}