tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Container managed security and Proxy support
Date Thu, 21 Oct 2010 09:29:54 GMT
On 21/10/2010 08:46, André Warnier wrote:
> Pid wrote:
>> On 20/10/2010 17:02, Oliver Wulff wrote:
>>> Thanks. To recap, I configure AJP13 with tomcatAuthentication equals to
>>> false but I still need the login-config and security-constraints in the
>>> web.xml...
>>>
>>> Where can I let tomcat know to which roles a user belongs to?
>>
>> That has to be done via Realm, AFAIK.  Which means you can't use the AJP
>> method.
>>
> Are you sure ?
> 
> The tomcatAuthentication="false" attribute means that Tomcat will pick
> up the user-id, as transmitted by the front-end webserver through the
> Connector, instead of trying to get it himself.
> But it should not mean that, with this user-id, Tomcat cannot perform
> other AAA steps, such as determining if that user-id in in Role X.

The authn/authz parts occur as separate steps in the Realm - but now you
mention it, I'll need to check to see what the actual behaviour is.

Not got time at the minute to set it up though, so if anyone wants to
try it...


p



Mime
View raw message