Grouper Developers Forum

[Chris Hyzer <>]

Sorry to be nitpicky, but I think mod_jk is preferred over mod_proxy_ajp.  I 
run the UI and WS with mod_jk and it works great...

http://wiki.apache.org/tomcat/FAQ/Connectors#Q2

Chris

> -----Original Message-----
> From: Tom Barton 
> [mailto:]
> Sent: Wednesday, May 14, 2008 11:58 AM
> To: Chris Hyzer
> Cc: caleb racey; Grouper Dev
> Subject: Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
> 1200EDT (1600Z)
>
> If I recall correctly, the "missing doc" would address what is
> anticipated to be a common need, not necessarily to detail all of the
> ways grouper-ws might be protected. I suppose, though, that the former
> can be the start of a larger and evolving doc of the latter.
>
> For comparison, cf.
> <https://wiki.internet2.edu/confluence/display/GrouperWG/Prerequisites>
> .
>
> Tom
>
> Chris Hyzer wrote:
> > I think the issue is that the web.xml ships with servlet container
> simple auth in it, right Tom?
> > I modified the README.txt to tell people to take out that part in the
> web.xml if they don't want it (maybe it should be a web.example.xml)...
> Incidentally, we will use the kerberos authenticator at Penn, so Im ok
> with commenting out the simple auth as a default...  it's the easiest
> for a quick start though probably.
> >
> > Also, I found the same results as Sanjay, and the build script
> reflects that.  You can either build grouper-ws in non-rampart mode, or
> rampart mode (and you should deploy twice to run both).  If you wanted
> container simple auth, and apache + mod_jk (or whatever connector to a
> servlet container), you could do that in one deployment I believe...
> same with Kerberos.  But the rampart affects the Axis config files, and
> you cant have multiple configs for multiple servlets in one webapp.
> >
> > Regards,
> > Chris
> >
> >> -----Original Message-----
> >> From: caleb racey 
> >> [mailto:]
> >> Sent: Wednesday, May 14, 2008 10:59 AM
> >> To: Grouper Dev
> >> Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May
> >> 2008, 1200EDT (1600Z)
> >>
> >>>    . protecting grouper-ws with apache + mod_proxy_ajp
> >>
> >> We have just published sanjay's report on his investigations of
> >> various techniques for authenticating webservices  linked to from
> >> http://gfivo.ncl.ac.uk/resources.php
> >>
> >>
> >> The 10 second summary is: There are theoretical techniques for
> >> deploying a webservice once and using different auth routes
> (multiple
> >> policy, or multiple port), however the reality is that they are
> >> poorly supported.
> >> Deploying the same webservice app twice and deploying different auth
> >> on top of each is much easier and works.
> >>
> >>
> >> Cheers
> >>
> >> Cal
> >>
> >> --------------------
> >> Caleb Racey
> >> Team Leader
> >> Middleware Team
> >> ISS
> >> Newcastle University
> >> --------------------