> > I have several web applications running on distinct tomcat instances. > Apache httpd is in front of all the tomcat instances, running as a reverse > proxy. Authentication is realized at the container side. Access log files are > active on the httpd side. > > "at the container side" = in Tomcat?
Yes container side being Tomcat. > > Just enable access logs (aka AccessLogValve) in Tomcat itself. It will > print whatever user Tomcat authenticated. > > That works only if authentication is done by Tomcat. In many cases > authentication is done by 3-rd party frameworks e.g. Spring Security, > inside the web application itself. > > I think patching the connectors and mod_jk is not a good idea here. > Well, I have indeed seen that this information can be printed by Tomcat. My goal is to have all the access information in one file, not two or more, because I have one httpd instance and five tomcat instances served by this httpd instance. This would mean having to process six access files... Not practical IMO. Can you explain for my understanding why you think it would be a bad idea to patch the connectors & mod_jk ? Thx -- Issa
