I have my solution.
Here for interested user:
I use mod_jk to connect my tomcat to my apache webserver.
The authentification of an user will be dony by the webserverpluggin.
User is set as the remoteuser.
The servlet gets the remoteuser (request.getRequest().getRemoteUser();) if
the tomcat configuration trust the mod_jk (tomcatAuthentication="false").
server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
tomcatAuthentication="false"/>
To ensure nonexisting user in the jetspeed user repository give user access,
I use my own valve (invoke before securityValve) to create the remote user
with the usermanager.
mgsimon
