Apache front-end will do the authentication, does tomcat still use tomcat-users.xml for the authorization part?
Thanks John -----Original Message----- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, September 14, 2009 12:41 PM To: Tomcat Users List Subject: Re: decouple authentication and authorization of TOMCAT John Chen wrote: ... > > I am also thinking using Apache Web Server to do the authentication and use > tomcat for authorization, do you think it would work? > With the Apache/mod_jk/Tomcat combination it can, certainly. There exists (I believe in the <Connector> element of Tomcat), an attribute "tomcatAuthentication", which when set to false makes Tomcat accept the user-id authenticated by Apache as its own. I do not know with other connectors. But if this would be the only reason to put Apache in front of your Tomcat, it would be a lot of complication for that sole purpose. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org