tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Has anyone created a WSDL for the Manager Application
Date Wed, 27 May 2009 22:33:35 GMT
Mike Oliver wrote:
...
Unless I misunderstand,
- the first part of your problem is to be able to login once, and then 
have this login be valid for all separate Tomcat instances.
- the second part of the problem is then, for each Tomcat instance, to 
be able to use manager-like functionalities to start/stop/load new 
applications and whatnot.

I'll tackle the first part, which amounts to an "enterprise-wide SSO issue".
Assuming that the same authenticated user-id can be used on all your 
Tomcat instances, as one possible solution I would use the following setup :

- an Apache httpd front-end, which does the authentication, using any 
Apache-compatible way for ditto
- the Apache httpd front-end connects to Tomcat back-ends via the mod_jk 
connector module (on the Apache side), and an AJP Connector (on the 
Tomcat side)
- in the AJP <Connector> element on the Tomcat side, set the attribute :
tomcatAuthentication="false"

This will cause Tomcat to accept the user-id as authenticated by the 
httpd server (and passed on by mod_jk), and not redo the authentication 
at the Tomcat level (while still verifying that this user-id effectively 
belongs to a "Tomcat role" allowed to use the relevant functionality).


Now that the SSO issue is solved, my personal stab at the next issue 
would involve writing a mod_perl add_on module for Apache httpd, which 
would accept your "Tomcat management" commands, and distribute them to 
your back-end Tomcats, using the /manager interface that other more 
qualified people seem to suggest.  Quite which front-end protocol this 
httpd add-on module accepts from the client side is up to you.

But that is of course because I am a mod_perl fan, and because for this 
kind of problem, it seems to me like the most flexible tool.  Other 
people may have other suggestions.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message