Grouper Developers Forum

[Chris Hyzer <>]

I think the issue is that the web.xml ships with servlet container simple 
auth in it, right Tom?
I modified the README.txt to tell people to take out that part in the web.xml 
if they don't want it (maybe it should be a web.example.xml)...  
Incidentally, we will use the kerberos authenticator at Penn, so Im ok with 
commenting out the simple auth as a default...  it's the easiest for a quick 
start though probably.

Also, I found the same results as Sanjay, and the build script reflects that. 
 You can either build grouper-ws in non-rampart mode, or rampart mode (and 
you should deploy twice to run both).  If you wanted container simple auth, 
and apache + mod_jk (or whatever connector to a servlet container), you could 
do that in one deployment I believe...  same with Kerberos.  But the rampart 
affects the Axis config files, and you cant have multiple configs for 
multiple servlets in one webapp.

Regards,
Chris

> -----Original Message-----
> From: caleb racey 
> [mailto:]
> Sent: Wednesday, May 14, 2008 10:59 AM
> To: Grouper Dev
> Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
> 1200EDT (1600Z)
>
> >    . protecting grouper-ws with apache + mod_proxy_ajp
>
>
> We have just published sanjay's report on his investigations of various
> techniques for authenticating webservices  linked to from
> http://gfivo.ncl.ac.uk/resources.php
>
>
> The 10 second summary is: There are theoretical techniques for
> deploying
> a webservice once and using different auth routes (multiple policy, or
> multiple port), however the reality is that they are poorly supported.
> Deploying the same webservice app twice and deploying different auth on
> top of each is much easier and works.
>
>
> Cheers
>
> Cal
>
> --------------------
> Caleb Racey
> Team Leader
> Middleware Team
> ISS
> Newcastle University
> --------------------