apache httpd and geronimo -- newbie
Is it possible to have apache HTTPd run as the web server and geronimo run as the application server? -- View this message in context: http://www.nabble.com/apache-httpd-and-geronimonewbie-tp19033486s134p19033486.html Sent from the Apache Geronimo - Dev mailing list archive at Nabble.com.
Re: apache httpd and geronimo -- newbie
Hello, This is very much possible. I'm not sure what version you're using, so here's some instructions to get you started with 2.1 ( http://cwiki.apache.org/GMOxDOC21/configuring-a-remote-apache-http-server.html). I'd suggest using mod_proxy for a simple solution. It's simpler to setup and use, but doesn't provide the fine-tuning ability you get when using mod_jk. Please let us know if you have any questions or issues. Thanks! On Mon, Aug 18, 2008 at 10:58 AM, whitewaterbug [EMAIL PROTECTED] wrote: Is it possible to have apache HTTPd run as the web server and geronimo run as the application server? -- View this message in context: http://www.nabble.com/apache-httpd-and-geronimonewbie-tp19033486s134p19033486.html Sent from the Apache Geronimo - Dev mailing list archive at Nabble.com. -- ~Jason Warner
Re: apache httpd and geronimo -- newbie
Mod_JK might give the right way to do this. If httpd does certificate-based client side authentication using SSL, then does mod_JK pass the certificate along to geronimo so it can use it for application level authorization? I think the whole certificate would still need to be sent over mod_JK because sometimes authorizations are dependent on the content in the certificate. Jason Warner wrote: Hello, This is very much possible. I'm not sure what version you're using, so here's some instructions to get you started with 2.1 ( http://cwiki.apache.org/GMOxDOC21/configuring-a-remote-apache-http-server.html). I'd suggest using mod_proxy for a simple solution. It's simpler to setup and use, but doesn't provide the fine-tuning ability you get when using mod_jk. Please let us know if you have any questions or issues. Thanks! On Mon, Aug 18, 2008 at 10:58 AM, whitewaterbug [EMAIL PROTECTED] wrote: Is it possible to have apache HTTPd run as the web server and geronimo run as the application server? -- View this message in context: http://www.nabble.com/apache-httpd-and-geronimonewbie-tp19033486s134p19033486.html Sent from the Apache Geronimo - Dev mailing list archive at Nabble.com. -- ~Jason Warner -- View this message in context: http://www.nabble.com/apache-httpd-and-geronimonewbie-tp19033486s134p19035407.html Sent from the Apache Geronimo - Dev mailing list archive at Nabble.com.
Re: apache httpd and geronimo -- newbie
On Mon, Aug 18, 2008 at 12:43 PM, whitewaterbug [EMAIL PROTECTED] wrote: Mod_JK might give the right way to do this. If httpd does certificate-based client side authentication using SSL, then does mod_JK pass the certificate along to geronimo so it can use it for application level authorization? I think the whole certificate would still need to be sent over mod_JK because sometimes authorizations are dependent on the content in the certificate. In your application you should be able to get client's certificates from the HttpServletRequest object, for example: X509Certificate[] cert = (X509Certificate[])request.getAttribute(javax.servlet.request.X509Certificate); or get one client certificate at a time (in a loop): Object cert = request.getAttribute(SSL_CLIENT_CERT_CHAIN_ + i); (I don't quite remember now but I don't think this property returns a X509Certificate object but a String object which is PEM-encoded certificate). Jarek
Re: apache httpd and geronimo -- newbie
whitewaterbug wrote: Is it possible to have apache HTTPd run as the web server and geronimo run as the application server? Yep, it's possible. Jason already pointed to the doc that works with Apache httpd 2.0. My suggestion is to use Apache 2.2 with mod_proxy and mod_proxy_http: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html You would want to use a basic 'Reverse Proxy' configuration. Bill
Re: apache httpd and geronimo -- newbie
whitewaterbug wrote: Mod_JK might give the right way to do this. If httpd does certificate-based client side authentication using SSL, then does mod_JK pass the certificate along to geronimo so it can use it for application level authorization? I think the whole certificate would still need to be sent over mod_JK because sometimes authorizations are dependent on the content in the certificate. mod_headers should do what you need: http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header mod_ssl sets (or can be configured to set) SSL per-request envars that can then be read by mod_headers. Configure mod_headers to package the contents of the SSL envar into an HTTP header field on the request forwarded to the Geronimo instance. Bill