Re: Putting APACHE in front of a stand-alone Tomcat Server
Take a look at http://tomcat.apache.org/connectors-doc/ I think you can also use apache mod_proxy. On Mon, May 17, 2010 at 1:36 PM, Stephen . marr...@hotmail.com wrote: Hi all, just a quick question. I am currently using a stand-alone Tomcat Server to run an application. However, I plan to expand this application (which is web-based) to enable Authentication processes from external IDPs (Identity Providers). Unfortunately, to be able to implement this, the IDPs require that Tomcat must not be a stand-alone server. It requires Apache (apparently, all authentication requests will need to be routed via the Apache) My question is : is it possible to make this change (somehow install, or place Apache in front of my current Tomcat server)? Or does this require a whole new installation of Apache Tomcat? I am using : Apache Tomcat 6.0.18 (Funny thing : I always thought that the name Apache Tomcat automatically meant that my server already had Apache in front of it. But, it seems I was wrong) _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- Why? Because YES! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
On 17/05/2010 12:36, Stephen . wrote: Hi all, just a quick question. I am currently using a stand-alone Tomcat Server to run an application. However, I plan to expand this application (which is web-based) to enable Authentication processes from external IDPs (Identity Providers). Unfortunately, to be able to implement this, the IDPs require that Tomcat must not be a stand-alone server. It requires Apache (apparently, all authentication requests will need to be routed via the Apache) My question is : is it possible to make this change (somehow install, or place Apache in front of my current Tomcat server)? Or does this require a whole new installation of Apache Tomcat? I am using : Apache Tomcat 6.0.18 6.0.26 is shinier. [Hint]. (Funny thing : I always thought that the name Apache Tomcat automatically meant that my server already had Apache in front of it. But, it seems I was wrong) HTTPD can be run alongside/in front of Tomcat, using mod_jk or mod_proxy to forward some/all requests to the latter. Typical use cases are using HTTPD as a poor-mans load-balancer, or when combining different technologies (e.g. PHP, Java/JSP). HTTPD can handle authentication, or Tomcat can, but not both at the same AFAIK. The AJP Connector will need it's 'tomcatAuthentication' attribute set to 'false' in the former case. Out of interest, which IDPs require Apache HTTPD? p _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 signature.asc Description: OpenPGP digital signature
RE: Putting APACHE in front of a stand-alone Tomcat Server
Hi, thanks for your response. However, I would need some more explanation. Exactly where and how would I implement those Tomcat Connectors ? Apparently, all I have is the Tomcat engine itself. So, what I need is an actual Apache server. (Am I right?) Another thing : I've had my Tomcat running for a while now. The application which is running on the server is Sun's Identity Manager (IDM). If I now place an Apache in front of it, would that, in any way, damage the web application itself? Thanks Date: Mon, 17 May 2010 13:44:12 +0200 Subject: Re: Putting APACHE in front of a stand-alone Tomcat Server From: borut.hadzia...@gmail.com To: users@tomcat.apache.org Take a look at http://tomcat.apache.org/connectors-doc/ I think you can also use apache mod_proxy. On Mon, May 17, 2010 at 1:36 PM, Stephen . marr...@hotmail.com wrote: Hi all, just a quick question. I am currently using a stand-alone Tomcat Server to run an application. However, I plan to expand this application (which is web-based) to enable Authentication processes from external IDPs (Identity Providers). Unfortunately, to be able to implement this, the IDPs require that Tomcat must not be a stand-alone server. It requires Apache (apparently, all authentication requests will need to be routed via the Apache) My question is : is it possible to make this change (somehow install, or place Apache in front of my current Tomcat server)? Or does this require a whole new installation of Apache Tomcat? I am using : Apache Tomcat 6.0.18 (Funny thing : I always thought that the name Apache Tomcat automatically meant that my server already had Apache in front of it. But, it seems I was wrong) _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- Why? Because YES! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
RE: Putting APACHE in front of a stand-alone Tomcat Server
Hi Pid, HTTPD doesn't help me much because I am using Windows. (I assume HTTPD is only for Unix/Linux systems) -Stephen Date: Mon, 17 May 2010 12:54:42 +0100 From: p...@pidster.com To: users@tomcat.apache.org Subject: Re: Putting APACHE in front of a stand-alone Tomcat Server On 17/05/2010 12:36, Stephen . wrote: Hi all, just a quick question. I am currently using a stand-alone Tomcat Server to run an application. However, I plan to expand this application (which is web-based) to enable Authentication processes from external IDPs (Identity Providers). Unfortunately, to be able to implement this, the IDPs require that Tomcat must not be a stand-alone server. It requires Apache (apparently, all authentication requests will need to be routed via the Apache) My question is : is it possible to make this change (somehow install, or place Apache in front of my current Tomcat server)? Or does this require a whole new installation of Apache Tomcat? I am using : Apache Tomcat 6.0.18 6.0.26 is shinier. [Hint]. (Funny thing : I always thought that the name Apache Tomcat automatically meant that my server already had Apache in front of it. But, it seems I was wrong) HTTPD can be run alongside/in front of Tomcat, using mod_jk or mod_proxy to forward some/all requests to the latter. Typical use cases are using HTTPD as a poor-mans load-balancer, or when combining different technologies (e.g. PHP, Java/JSP). HTTPD can handle authentication, or Tomcat can, but not both at the same AFAIK. The AJP Connector will need it's 'tomcatAuthentication' attribute set to 'false' in the former case. Out of interest, which IDPs require Apache HTTPD? p _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
Re: Putting APACHE in front of a stand-alone Tomcat Server
2010/5/17 Stephen . marr...@hotmail.com: Hi Pid, HTTPD doesn't help me much because I am using Windows. (I assume HTTPD is only for Unix/Linux systems) :) For windows it is httpd.exe. http://httpd.apache.org/ http://httpd.apache.org/download.cgi http://www.apachelounge.com/download/ Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
On 5/17/2010 8:09 AM, Stephen . wrote: Hi Pid, HTTPD doesn't help me much because I am using Windows. (I assume HTTPD is only for Unix/Linux systems) Incorrect assumption. It has pretty much the same uses on windows as it does on *x systems. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
On Mon, May 17, 2010 at 1:58 PM, Stephen . marr...@hotmail.com wrote: Hi, thanks for your response. However, I would need some more explanation. Exactly where and how would I implement those Tomcat Connectors ? Apparently, all I have is the Tomcat engine itself. So, what I need is an actual Apache server. (Am I right?) A simplified explanation - Tomcat connectors - mod_jk is an Apache HTTPD module that can be used to implement a reverse proxy and load balancing. You need to install Apache HTTPD (which runs on Windows too), add module mod_jk to it and configure it. You can find more detailed tutorials and explanations how to do it on google - this is the first one that google returned to me http://www3.ntu.edu.sg/home/ehchua/programming/howto/apache_tomcat_howto.html Another thing : I've had my Tomcat running for a while now. The application which is running on the server is Sun's Identity Manager (IDM). If I now place an Apache in front of it, would that, in any way, damage the web application itself? What kind of authentication does the application use? Thanks Date: Mon, 17 May 2010 13:44:12 +0200 Subject: Re: Putting APACHE in front of a stand-alone Tomcat Server From: borut.hadzia...@gmail.com To: users@tomcat.apache.org Take a look at http://tomcat.apache.org/connectors-doc/ I think you can also use apache mod_proxy. On Mon, May 17, 2010 at 1:36 PM, Stephen . marr...@hotmail.com wrote: Hi all, just a quick question. I am currently using a stand-alone Tomcat Server to run an application. However, I plan to expand this application (which is web-based) to enable Authentication processes from external IDPs (Identity Providers). Unfortunately, to be able to implement this, the IDPs require that Tomcat must not be a stand-alone server. It requires Apache (apparently, all authentication requests will need to be routed via the Apache) My question is : is it possible to make this change (somehow install, or place Apache in front of my current Tomcat server)? Or does this require a whole new installation of Apache Tomcat? I am using : Apache Tomcat 6.0.18 (Funny thing : I always thought that the name Apache Tomcat automatically meant that my server already had Apache in front of it. But, it seems I was wrong) _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- Why? Because YES! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hotmail: Free, trusted and rich email service. Get it now. -- Why? Because YES! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
Stephen . wrote: Hi, thanks for your response. However, I would need some more explanation. Exactly where and how would I implement those Tomcat Connectors ? Apparently, all I have is the Tomcat engine itself. So, what I need is an actual Apache server. (Am I right?) Another thing : I've had my Tomcat running for a while now. The application which is running on the server is Sun's Identity Manager (IDM). If I now place an Apache in front of it, would that, in any way, damage the web application itself? Hi Stephen. Your questions are very wide-ranging, and apparently your knowledge of this kind of configuration very limited. That makes it hard and time-consuming to give you a comprehensive answer. Even pointing you to the corresponding documentation is not going to help a lot, if you are not willing to spend quite a bit of time on this. Roughly, the kind of configuration of which it is question here looks like this : browser - Apache httpd server - Apache/Tomcat connector - Tomcat Apache httpd is a classic webserver, serving static content and also able to run miscellaneous active content providers such as programs written in perl, php, python etc.. Apache Tomcat is a servlet engine. Its main focus is to be an environment to run web applications written in Java. But it can also server as a generic webserver and serve static content, in most cases as fast as Apache httpd. It is less good at running non-Java applications. The Apache/Tomcat connector mentioned above is an add-on module within Apache httpd, which allows Apache to receive requests from browsers, examine them, and select some for processing by the back-end Tomcat. These requests are then forwarded to Tomcat by the Connector, and the Connector receives the Tomcat response and returns it to Apache httpd, which returns it to the browser. Using one such Connector, one can also use one Apache httpd to act as front-end to several Tomcat back-end servers, for example for load-balancing. There are two different types of Apache/Tomcat Connectors : one is called mod_jk; the other is called mod_prox/mod_proxy_ajp. They have roughly the same capabilities, but they differ in the setup. Placing an Apache httpd (with a Connector) in front of a Tomcat will not damage the Tomcat web application in any way, if the configuration is done correctly. But this proper configuration can be anything from very simple to quite complex, depending on what exactly you need to achieve. So there is no one size fits all. What I would recommend if you want to know more about this, is that you set up Tomcat and Apache httpd on a server (separately), with some example Tomcat application. Then come back here to get tips about which documentation to use, and how to set things up to try this kind of configuration. That will be better than another 10 pages of written introduction. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
Sorry if I drop in here getting a bit off-topic, howver: On Mon, May 17, 2010 at 1:54 PM, Pid p...@pidster.com wrote: On 17/05/2010 12:36, Stephen . wrote: HTTPD can handle authentication, or Tomcat can, but not both at the same AFAIK. The AJP Connector will need it's 'tomcatAuthentication' attribute set to 'false' in the former case. was never aware of said attribute. what i'd like to know: from the docs, it says: tomcatAuthentication If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true. hm, that puzzles me a bit... does it also work vice-versa, meaning that autorization is handled by tomcat and then passed back to native httpd? would be a real bummer if we could dump that mod_auth_cookie_mysql-stuff... cheers gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting APACHE in front of a stand-alone Tomcat Server
On 17/05/2010 12:58, Stephen . wrote: Hi, thanks for your response. However, I would need some more explanation. Exactly where and how would I implement those Tomcat Connectors ? Part of the config is in Tomcat's server.xml, and part of it would be in the relevant files of HTTPD, dependant on the method chosen to integrate. Apparently, all I have is the Tomcat engine itself. So, what I need is an actual Apache server. (Am I right?) You'll need a Tomcat, an HTTPD and either mod_jk or mod_proxy (and related modules). Another thing : I've had my Tomcat running for a while now. The application which is running on the server is Sun's Identity Manager (IDM). I'd be a little surprised to discover that you can't integrate Sun's IDM with a Servlet Container, without having to use HTTPD in between... If I now place an Apache in front of it, would that, in any way, damage the web application itself? Could you clarify what you mean by damage? p Date: Mon, 17 May 2010 13:44:12 +0200 Subject: Re: Putting APACHE in front of a stand-alone Tomcat Server From: borut.hadzia...@gmail.com To: users@tomcat.apache.org Take a look at http://tomcat.apache.org/connectors-doc/ I think you can also use apache mod_proxy. On Mon, May 17, 2010 at 1:36 PM, Stephen . marr...@hotmail.com wrote: Hi all, just a quick question. I am currently using a stand-alone Tomcat Server to run an application. However, I plan to expand this application (which is web-based) to enable Authentication processes from external IDPs (Identity Providers). Unfortunately, to be able to implement this, the IDPs require that Tomcat must not be a stand-alone server. It requires Apache (apparently, all authentication requests will need to be routed via the Apache) My question is : is it possible to make this change (somehow install, or place Apache in front of my current Tomcat server)? Or does this require a whole new installation of Apache Tomcat? I am using : Apache Tomcat 6.0.18 (Funny thing : I always thought that the name Apache Tomcat automatically meant that my server already had Apache in front of it. But, it seems I was wrong) _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- Why? Because YES! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969 signature.asc Description: OpenPGP digital signature
Re: Putting APACHE in front of a stand-alone Tomcat Server
On 17/05/2010 13:43, Gregor Schneider wrote: Sorry if I drop in here getting a bit off-topic, howver: On Mon, May 17, 2010 at 1:54 PM, Pid p...@pidster.com wrote: On 17/05/2010 12:36, Stephen . wrote: HTTPD can handle authentication, or Tomcat can, but not both at the same AFAIK. The AJP Connector will need it's 'tomcatAuthentication' attribute set to 'false' in the former case. was never aware of said attribute. what i'd like to know: from the docs, it says: tomcatAuthentication If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true. hm, that puzzles me a bit... does it also work vice-versa, meaning that autorization is handled by tomcat and then passed back to native httpd? Nope. More's the pity. p (Looks over shoulder for inbound patches welcome comment). would be a real bummer if we could dump that mod_auth_cookie_mysql-stuff... cheers gregor signature.asc Description: OpenPGP digital signature