Grouper Developers Forum

[Tom Barton <>]

If I recall correctly, the "missing doc" would address what is 
anticipated to be a common need, not necessarily to detail all of the 
ways grouper-ws might be protected. I suppose, though, that the former 
can be the start of a larger and evolving doc of the latter.

For comparison, cf. 
<https://wiki.internet2.edu/confluence/display/GrouperWG/Prerequisites>.

Tom

Chris Hyzer wrote:
> I think the issue is that the web.xml ships with servlet container simple 
> auth in it, right Tom?
> I modified the README.txt to tell people to take out that part in the web.xml 
> if they don't want it (maybe it should be a web.example.xml)...  
> Incidentally, we will use the kerberos authenticator at Penn, so Im ok with 
> commenting out the simple auth as a default...  it's the easiest for a quick 
> start though probably.
>
> Also, I found the same results as Sanjay, and the build script reflects that. 
>  You can either build grouper-ws in non-rampart mode, or rampart mode (and 
> you should deploy twice to run both).  If you wanted container simple auth, 
> and apache + mod_jk (or whatever connector to a servlet container), you could 
> do that in one deployment I believe...  same with Kerberos.  But the rampart 
> affects the Axis config files, and you cant have multiple configs for 
> multiple servlets in one webapp.
>
> Regards,
> Chris
>
> > -----Original Message-----
> > From: caleb racey 
> > [mailto:]
> > Sent: Wednesday, May 14, 2008 10:59 AM
> > To: Grouper Dev
> > Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
> > 1200EDT (1600Z)
> >
> > >    . protecting grouper-ws with apache + mod_proxy_ajp
> >
> > We have just published sanjay's report on his investigations of various
> > techniques for authenticating webservices  linked to from
> > http://gfivo.ncl.ac.uk/resources.php
> >
> >
> > The 10 second summary is: There are theoretical techniques for
> > deploying
> > a webservice once and using different auth routes (multiple policy, or
> > multiple port), however the reality is that they are poorly supported.
> > Deploying the same webservice app twice and deploying different auth on
> > top of each is much easier and works.
> >
> >
> > Cheers
> >
> > Cal
> >
> > --------------------
> > Caleb Racey
> > Team Leader
> > Middleware Team
> > ISS
> > Newcastle University
> > --------------------
begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technology
adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637
email;internet:
title:Sr. Director - Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard