Pid wrote:
On 20/10/2010 17:02, Oliver Wulff wrote:
Thanks. To recap, I configure AJP13 with tomcatAuthentication equals to
false but I still need the login-config and security-constraints in the
web.xml...
Where can I let tomcat know to which roles a user belongs to?
That has to be done via Realm, AFAIK. Which means you can't use the AJP
method.
Are you sure ?
The tomcatAuthentication="false" attribute means that Tomcat will pick up the user-id, as
transmitted by the front-end webserver through the Connector, instead of trying to get it
himself.
But it should not mean that, with this user-id, Tomcat cannot perform other AAA steps,
such as determining if that user-id in in Role X.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
