tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Container managed security and Proxy support
Date Thu, 21 Oct 2010 07:46:17 GMT
Pid wrote:
> On 20/10/2010 17:02, Oliver Wulff wrote:
>> Thanks. To recap, I configure AJP13 with tomcatAuthentication equals to
>> false but I still need the login-config and security-constraints in the
>> web.xml...
>> Where can I let tomcat know to which roles a user belongs to?
> That has to be done via Realm, AFAIK.  Which means you can't use the AJP
> method.
Are you sure ?

The tomcatAuthentication="false" attribute means that Tomcat will pick up the user-id, as

transmitted by the front-end webserver through the Connector, instead of trying to get it

But it should not mean that, with this user-id, Tomcat cannot perform other AAA steps, 
such as determining if that user-id in in Role X.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message