Re: Container managed security and Proxy support

Oliver Wulff Wed, 20 Oct 2010 09:02:44 -0700

Thanks. To recap, I configure AJP13 with tomcatAuthentication equals to
false but I still need the login-config and security-constraints in the
web.xml...


Where can I let tomcat know to which roles a user belongs to?

Thanks
Oliver




                                                                       
             Pid                                                       
             <p...@pidster.com>                                         
                                                                        An
             20.10.2010 17:52           Tomcat Users List              
                                        <users@tomcat.apache.org>      
                                                                     Kopie
              Bitte antworten                                          
                    an                                               Thema
               "Tomcat Users            Re: Container managed security and
                   List"                Proxy support                  
             <us...@tomcat.apa                                         
                 che.org>                                              
                                                                       
                                                                       
                                                                       
                                                                       





On 20/10/2010 16:46, Oliver Wulff wrote:
>
> <img
> src="http://zdownload.zurich.com/mailimages/ZHP_MailHeader.gif"; />
>
> Hi there
>
> Different Realms are already provided by Tomcat to configure the
> authentication. This allows the application developer to use the standard
> Servlet API to retrieve security related informations like username and
> whether the user belongs to a role or not. Further, you can configure
> access restrictions based on roles in web.xml.
>
> When the whole authentication happens within a reverse proxy (mod_proxy
of
> apache server) how can I still benefit from container managed security in
> tomcat? The password is not available anymore so that I could configure
one
> of the Realms.
>
> Is there any out of the box solution in Tomcat?

For the AJP connector:

 tomcatAuthentication=false

 http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html



p
[attachment "0x62590808.asc" deleted by Oliver Wulff/CHK/External/Zurich]
[attachment "signature.asc" deleted by Oliver Wulff/CHK/External/Zurich]







******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Container managed security and Proxy support

Reply via email to