whitewaterbug wrote:
Mod_JK might give the right way to do this.
If httpd does certificate-based client side authentication using SSL, then
does mod_JK pass the certificate along to geronimo so it can use it for
application level authorization?
I think the whole certificate would still need to be sent over mod_JK
because sometimes authorizations are dependent on the content in the
certificate.
mod_headers should do what you need:
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header
mod_ssl sets (or can be configured to set) SSL per-request envars that
can then be read by mod_headers. Configure mod_headers to package the
contents of the SSL envar into an HTTP header field on the request
forwarded to the Geronimo instance.
Bill
