Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)


Chronological Thread 
  • From: Tom Barton <>
  • To: Chris Hyzer <>
  • Cc: caleb racey <>, Grouper Dev <>
  • Subject: Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)
  • Date: Wed, 14 May 2008 10:57:41 -0500

If I recall correctly, the "missing doc" would address what is anticipated to be a common need, not necessarily to detail all of the ways grouper-ws might be protected. I suppose, though, that the former can be the start of a larger and evolving doc of the latter.

For comparison, cf. <https://wiki.internet2.edu/confluence/display/GrouperWG/Prerequisites>.

Tom

Chris Hyzer wrote:
I think the issue is that the web.xml ships with servlet container simple
auth in it, right Tom?
I modified the README.txt to tell people to take out that part in the web.xml
if they don't want it (maybe it should be a web.example.xml)...
Incidentally, we will use the kerberos authenticator at Penn, so Im ok with
commenting out the simple auth as a default... it's the easiest for a quick
start though probably.

Also, I found the same results as Sanjay, and the build script reflects that.
You can either build grouper-ws in non-rampart mode, or rampart mode (and
you should deploy twice to run both). If you wanted container simple auth,
and apache + mod_jk (or whatever connector to a servlet container), you could
do that in one deployment I believe... same with Kerberos. But the rampart
affects the Axis config files, and you cant have multiple configs for
multiple servlets in one webapp.

Regards,
Chris

-----Original Message-----
From: caleb racey
[mailto:]
Sent: Wednesday, May 14, 2008 10:59 AM
To: Grouper Dev
Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
1200EDT (1600Z)

. protecting grouper-ws with apache + mod_proxy_ajp

We have just published sanjay's report on his investigations of various
techniques for authenticating webservices linked to from
http://gfivo.ncl.ac.uk/resources.php


The 10 second summary is: There are theoretical techniques for
deploying
a webservice once and using different auth routes (multiple policy, or
multiple port), however the reality is that they are poorly supported.
Deploying the same webservice app twice and deploying different auth on
top of each is much easier and works.


Cheers

Cal

--------------------
Caleb Racey
Team Leader
Middleware Team
ISS
Newcastle University
--------------------
begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technology
adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637
email;internet:
title:Sr. Director - Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard




Archive powered by MHonArc 2.6.16.

Top of Page