tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: Single sign on issue with Tomcat and Apache
Date Thu, 05 Jun 2008 01:28:20 GMT

----- Original Message ----- 
From: "André Warnier" <aw@ice-sa.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Thursday, June 05, 2008 2:54 AM
Subject: Re: Single sign on issue with Tomcat and Apache


>
>
> Johnny Kewl wrote:
>>
>> ----- Original Message ----- From: "André Warnier" <aw@ice-sa.com>
>> To: <users@tomcat.apache.org>
>> Cc: <sridharmnj@yahoo.co.in>
>> Sent: Thursday, June 05, 2008 1:06 AM
>> Subject: RE: Single sign on issue with Tomcat and Apache
>>
>>
>>> Hi.
>>>
>>> I saw your ongoing discussion, and maybe I can contribute something, but 
>>> I need some more info before.
>>>
>>> Here is what you explained before :
>>>
>>> a) You have one site "aaa.com" to which users access this way :
>>>
>>> user -------------------------------> tomcat aaa.com
>>>
>>> b) and another site "bbb.com" to which users access this way :
>>>
>>> 1) static content :
>>> user ------------------------------> Apache bbb.com
>>> 2) dynamic content :
>>> user -----> Apache ---> mod_jk ---> tomcat bbb.com
>>>
>>> Is it really like described above ?
>>
>>
>>
>> Yes the exact architecture would help ;)
>>
>> I understand it like this
>>
>> browser ------------------> Tomcat on aaa.com
>> browser <----------------- Tomacat delivers web pages with links to 
>> bbb.com/image.jpg
>> browser -------------------> Apache on bbb.com with images and stuff 
>> (that wont authenticate)
>>
>> Reason is browser will not return auth and cookies that belong to domain 
>> aaa.com to bbb.com
>>
>> What (I think) may work is what you have indicated
>>
>> user -----> Apache (bbb.com) ---> mod_jk ---> tomcat aaa.com
>>
>> All links now to bbb.com and JK setup to talk to aaa.com
>>
>> Images on Apache and servlet JKMounted on aaa.com
>>
>> The browser will return Basic header and cookies... so I think Apache 
>> auth modules and tomcat on SingleSignOn will work.
>>
>> All assuming this can be setup and if the images are hosted remotely that 
>> the Sp can set up JK etc.
>> But is webapp cannot be changed and images are hardcoded in servlet... I 
>> think he's snookered and probably has to lose authentication on Apache.
>> Thats how I understand it...
>>
>> Maybe?
>>
> There are too many known unknowns at the moment to propose something 
> precise.  If there is only a single Tomcat with a single localhost Host 
> and two webapps, then it would simplify the domain stuff and the 
> SingleSignOn at that end.
>
> The general schema I am thinking about, if .. , is
> - all requests go through Apache, and from there to Tomcat or not
> - Tomcat allows only calls from Apache (IP filter)
> - Apache does all the authentication
> - mod_jk will pass the Apache user-id to Tomcat for requests that go there
> - the Apache config for Tomcat-destined links is of the kind
>   <Location (or LocationMatch) ..>
>    SetHandler Jakarta-servlet
>    Authentication stuff..
>    Require ...
>  </Location>

Yes, I think you right, if Apache is fronting the whole thing, then it may 
as well do all the auth stuff...
This TC mailing list is great, theres a fantastic user knowledge base in 
this list.
It almost like every other discipline has converged around TC.
I beginning to think you could ask any question in this group, PHP, Ruby 
whatever, and it would probably get answered ;)
Thanks

---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message