On November 21, 2011 17:35 , André Warnier <a...@ice-sa.com> wrote:
Mark Montague wrote:
Any advice on how to solve this problem? I need Tomcat 6 to use the
authentication performed by the front-end webserver without breaking
the roles required by the Tomcat Manager webapp.
I know that it does not answer your question, but may I ask why ?
If you already do the user authentication in the front-end Apache
httpd, can you not do a "role-equivalent" check there too, before you
proxy the call to Tomcat ?
Like
<Location /manager>
Require group manager
ProxyPass ajp://tomcat:8009
</Location>
(and remove the Tomcat auth constraints)
I have not tried your suggestion, but I think it will work. The reason
why I have not done that is because I was looking at the general case of
other applications that may have auth constraints, not just Tomcat
Manager. Especially if the auth constraints are more complex than the
ones Tomcat Manager has. Plus, by understanding what is happening and
why, I learn more about Tomcat.
Right now, I am experimenting with implementing my own realm; I think it
may be possible to get the desired functionality under Tomcat that way.
If this does not work or if it is too hard for me, I will use your
suggestion. But I am new to both Java and Tomcat, and so I wonder if
there is yet another way of which I am ignorant.
Thank you for your help!
--
Mark Montague
m...@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
