On a somewhat related note; Anyone have best practices/recommendations on handling traditional .htaccess control on content?
I don't particularly care to have the 2 separate layers of security, purely from an ease of administration perspective. .htaccess controls are totally bypassed when requesting content handled by Tomcat. For example, simply clicking cancel during the authentication dialog box will still present the default index.jsp page, or ignored all together if requesting the .jsp directly. In addition to creating the .htaccess, you then must also create your Tomcat Security Realm. Is there anyway to have Apache & Tomcat use the same user/pass file? Can a Realm be created that is simply; username:MD5 encrypted password (such as the format of .htaccess) I'd rather not have to go to the extent of creating user/password pairs in a database, then setting up something like mod_auth_mysql and JDBC for centralized authentication (is this even possible?). -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, October 14, 2004 2:27 PM To: Tomcat Users List Subject: RE: mod_jk2 Ready/Recommended For Production? I have been using mod_jk2 for a couple of years now, and I have not had to compile it, either. I use it on Linux production systems... (currently I am using Redhat Enterprise Linux and the Fedora binary). The biggest problem has always been extremely poor documentation. However, the Fedora download has a directory structure that quickly shows you where to place the needed files. I was setup in less than 30 seconds. I am a big fan of a 3-tier architecture. I think it's important to have web requests intercepted on one layer, and only handed off to the processing layer (tomcat) when need be. Apache is likely much better than tomcat in serving static content, and even though tomcat has lots of security, I feel much more comfortable with Apache being at the front door, because of its extremely wide use and history. -Raiden Johnson On Thu, 14 Oct 2004, Angus Mezick wrote: > I have been using mod_jk2 for a long time now. I have no idea why so > many people dislike it (well, after they get it compiled that is). I > might just be blessed in that I run on win2k servers and can just get > the binary for mod_jk2. I have never had to deal with the pain of > compiling this thing. It is working great for me on a rather busy > little cluster of servers. > --Angus > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 13, 2004 7:27 PM > > To: Tomcat Users List > > Subject: Re: mod_jk2 Ready/Recommended For Production? > > > > > > Boy am I confused now. If mod_jk2 is dead, so what is everyone using? > > Still using just the first mod_jk? I had just gotten > > everythign working > > with mod_jk2 - more or less- but configurationwise mod_jk2 is > > a pain since > > the syntax was completely changed and requires you to map > > every nook and > > cranny. > > > > John > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
