On 21/10/2010 08:46, André Warnier wrote: > Pid wrote: >> On 20/10/2010 17:02, Oliver Wulff wrote: >>> Thanks. To recap, I configure AJP13 with tomcatAuthentication equals to >>> false but I still need the login-config and security-constraints in the >>> web.xml... >>> >>> Where can I let tomcat know to which roles a user belongs to? >> >> That has to be done via Realm, AFAIK. Which means you can't use the AJP >> method. >> > Are you sure ? > > The tomcatAuthentication="false" attribute means that Tomcat will pick > up the user-id, as transmitted by the front-end webserver through the > Connector, instead of trying to get it himself. > But it should not mean that, with this user-id, Tomcat cannot perform > other AAA steps, such as determining if that user-id in in Role X.
The authn/authz parts occur as separate steps in the Realm - but now you mention it, I'll need to check to see what the actual behaviour is. Not got time at the minute to set it up though, so if anyone wants to try it... p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
