grouper-dev - RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: Tom Barton <>
- Cc: caleb racey <>, Grouper Dev <>
- Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)
- Date: Wed, 14 May 2008 11:59:25 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
Sorry to be nitpicky, but I think mod_jk is preferred over mod_proxy_ajp. I
run the UI and WS with mod_jk and it works great...
http://wiki.apache.org/tomcat/FAQ/Connectors#Q2
Chris
> -----Original Message-----
> From: Tom Barton
> [mailto:]
> Sent: Wednesday, May 14, 2008 11:58 AM
> To: Chris Hyzer
> Cc: caleb racey; Grouper Dev
> Subject: Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
> 1200EDT (1600Z)
>
> If I recall correctly, the "missing doc" would address what is
> anticipated to be a common need, not necessarily to detail all of the
> ways grouper-ws might be protected. I suppose, though, that the former
> can be the start of a larger and evolving doc of the latter.
>
> For comparison, cf.
> <https://wiki.internet2.edu/confluence/display/GrouperWG/Prerequisites>
> .
>
> Tom
>
> Chris Hyzer wrote:
> > I think the issue is that the web.xml ships with servlet container
> simple auth in it, right Tom?
> > I modified the README.txt to tell people to take out that part in the
> web.xml if they don't want it (maybe it should be a web.example.xml)...
> Incidentally, we will use the kerberos authenticator at Penn, so Im ok
> with commenting out the simple auth as a default... it's the easiest
> for a quick start though probably.
> >
> > Also, I found the same results as Sanjay, and the build script
> reflects that. You can either build grouper-ws in non-rampart mode, or
> rampart mode (and you should deploy twice to run both). If you wanted
> container simple auth, and apache + mod_jk (or whatever connector to a
> servlet container), you could do that in one deployment I believe...
> same with Kerberos. But the rampart affects the Axis config files, and
> you cant have multiple configs for multiple servlets in one webapp.
> >
> > Regards,
> > Chris
> >
> >> -----Original Message-----
> >> From: caleb racey
> >> [mailto:]
> >> Sent: Wednesday, May 14, 2008 10:59 AM
> >> To: Grouper Dev
> >> Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May
> >> 2008, 1200EDT (1600Z)
> >>
> >>> . protecting grouper-ws with apache + mod_proxy_ajp
> >>
> >> We have just published sanjay's report on his investigations of
> >> various techniques for authenticating webservices linked to from
> >> http://gfivo.ncl.ac.uk/resources.php
> >>
> >>
> >> The 10 second summary is: There are theoretical techniques for
> >> deploying a webservice once and using different auth routes
> (multiple
> >> policy, or multiple port), however the reality is that they are
> >> poorly supported.
> >> Deploying the same webservice app twice and deploying different auth
> >> on top of each is much easier and works.
> >>
> >>
> >> Cheers
> >>
> >> Cal
> >>
> >> --------------------
> >> Caleb Racey
> >> Team Leader
> >> Middleware Team
> >> ISS
> >> Newcastle University
> >> --------------------
- Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/13/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), caleb racey, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Sanjay Vivek, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Sanjay Vivek, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), caleb racey, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), caleb racey, 05/14/2008
Archive powered by MHonArc 2.6.16.