tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <m...@catseye.org>
Subject Re: Tomcat Manager WebApp authentication
Date Mon, 21 Nov 2011 22:53:12 GMT
On November 21, 2011 17:35 , André Warnier <aw@ice-sa.com> wrote:
> Mark Montague wrote:
>> Any advice on how to solve this problem?  I need Tomcat 6 to use the 
>> authentication performed by the front-end webserver without breaking 
>> the roles required by the Tomcat Manager webapp.
>>
> I know that it does not answer your question, but may I ask why ?
> If you already do the user authentication in the front-end Apache 
> httpd, can you not do a "role-equivalent" check there too, before you 
> proxy the call to Tomcat ?
> Like
> <Location /manager>
>   Require group manager
>   ProxyPass ajp://tomcat:8009
> </Location>
> (and remove the Tomcat auth constraints)

I have not tried your suggestion, but I think it will work.  The reason 
why I have not done that is because I was looking at the general case of 
other applications that may have auth constraints, not just Tomcat 
Manager.  Especially if the auth constraints are more complex than the 
ones Tomcat Manager has.  Plus, by understanding what is happening and 
why, I learn more about Tomcat.

Right now, I am experimenting with implementing my own realm; I think it 
may be possible to get the desired functionality under Tomcat that way.  
If this does not work or if it is too hard for me, I will use your 
suggestion.  But I am new to both Java and Tomcat, and so I wonder if 
there is yet another way of which I am ignorant.

Thank you for your help!

--
   Mark Montague
   mark@catseye.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message