2012/3/23 <issa.goris...@ext.ec.europa.eu>: >> >> That works only if authentication is done by Tomcat. In many cases >> authentication is done by 3-rd party frameworks e.g. Spring Security, >> inside the web application itself. >> >> I think patching the connectors and mod_jk is not a good idea here. >> > > > Well, I have indeed seen that this information can be printed by Tomcat. My > goal is to have all the access information in one file, not two or more, > because I have one httpd instance and five tomcat instances served by this > httpd instance. This would mean having to process six access files... Not > practical IMO. > > > Can you explain for my understanding why you think it would be a bad idea to > patch the connectors & mod_jk ?
1. I do not think that your amendment to the AJP protocol can be contributed to official releases without much of work. There is no protocol capabilities negotiation between httpd and tomcat, so it has to be somehow explicitly enabled on both sides. Note, that there are several independent server-side ajp implementations (e.g. mod_proxy_ajp) and client-side implementations (e.g. jetty). There are 3 different implementations of Ajp connector in Tomcat itself. 2. In many cases Tomcat does not know how user is authenticated, as I already mentioned. 3. You would need some additional work and configuration on httpd side to make the information provided by Tomcat be printed into the logs. 4. It is easier to pass the information back via AJP13_SEND_HEADERS message.instead of inventing a new message type and marshalling it over the wire. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
