tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: [OT] mod_jk inserting Transfer-Encoding Chunked header
Date Sun, 11 Oct 2009 12:35:11 GMT
Mark Thomas wrote:
> André Warnier wrote:
>> Sam Crawford wrote:
>>> Apologies for misinterpreting your post.
>>> Unfortunately we can't ditch SunONE - it's a requirement from our
>>> security guys. We're operating in a two-tier DMZ environment and
>>> SunONE will be in the top tier, with an SSO agent running inside it.
>>> JBoss will be in the 2nd tier.
>> Just by curiosity (and I do not know SunONE) : you mention SSO. I know
>> that with Apache and mod_jk, the authenticated Apache user can be passed
>> on to Tomcat, and use by Tomcat.  But I don't so far know any other
>> connector able to do this.  How does it work with SunONE ?
> All the variants of mod_jk (httpd, IIS, Netscape) support this, as does
> mod_proxy_ajp. It is a feature supported by the AJP protocol. AFAIR The Netscape
> variant works with SunOne.
Thanks for that clarification.
Since I work mostly with Apache, my knowledge of IIS-related stuff is 
scarce, and I have another follow-up question :
If the webserver is IIS, connected to Tomcat (as you imply above) via 
the appropriate version of mod_jk, does that mean that when a HTTP 
user's browser (IE) connects to IIS, and IIS authenticates the user (via 
some NTLM scheme), this IE/IIS user-id is automatically being passed to 
Tomcat via AJP, and (depending on the Tomcat configuration) Tomcat can 
make use of it ?
Or does the above require additional setup steps at the IE/IIS/mod_jk 
level ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message