tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Single sign on issue with Tomcat and Apache
Date Fri, 06 Jun 2008 16:07:07 GMT
Pid wrote:
> sridharmnj wrote:
>> Is there any way to do it, without modifying the Apache Authencitation?
> 
> Not to my knowledge.  AFAIK Tomcat sets a user principal that is not 
> visible to the HTTPD server's authentication/authorization module.
> 
> HTTPD's authenticated remote user header can be visible downwards to the 
> container with the right configuration, and the two Tomcat webapps can 
> co-operate, but I don't believe that there is anything in JK to allow it 
> to propagate a principal upwards.
> 
> Maybe one of the mod_jk committers has better info.

I see no way how to propagate the info back to httpd. Of course you 
could set a cookie, but we can't trust a cookie with an easy to forge 
value (like the ID of the authenticated user).

Regards,

Rainer

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message