grouper-dev - Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)
Subject: Grouper Developers Forum
List archive
- From: Tom Barton <>
- To: Chris Hyzer <>
- Cc: caleb racey <>, Grouper Dev <>
- Subject: Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z)
- Date: Wed, 14 May 2008 12:11:23 -0500
The prerequisites page gives details on both. For apache prior to 2.2 you must use mod_jk, but setup of mod_proxy_ajp with apache 2.2+ is much easier (note the number of caveats and conditionals needed to tell the mod_jk setup story).
Tom
Chris Hyzer wrote:
Sorry to be nitpicky, but I think mod_jk is preferred over mod_proxy_ajp. I
run the UI and WS with mod_jk and it works great...
http://wiki.apache.org/tomcat/FAQ/Connectors#Q2
Chris
-----Original Message-----
From: Tom Barton
[mailto:]
Sent: Wednesday, May 14, 2008 11:58 AM
To: Chris Hyzer
Cc: caleb racey; Grouper Dev
Subject: Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
1200EDT (1600Z)
If I recall correctly, the "missing doc" would address what is
anticipated to be a common need, not necessarily to detail all of the
ways grouper-ws might be protected. I suppose, though, that the former
can be the start of a larger and evolving doc of the latter.
For comparison, cf.
<https://wiki.internet2.edu/confluence/display/GrouperWG/Prerequisites>
.
Tom
Chris Hyzer wrote:
I think the issue is that the web.xml ships with servlet containersimple auth in it, right Tom?
I modified the README.txt to tell people to take out that part in theweb.xml if they don't want it (maybe it should be a web.example.xml)...
Incidentally, we will use the kerberos authenticator at Penn, so Im ok
with commenting out the simple auth as a default... it's the easiest
for a quick start though probably.
Also, I found the same results as Sanjay, and the build scriptreflects that. You can either build grouper-ws in non-rampart mode, or
rampart mode (and you should deploy twice to run both). If you wanted
container simple auth, and apache + mod_jk (or whatever connector to a
servlet container), you could do that in one deployment I believe...
same with Kerberos. But the rampart affects the Axis config files, and
you cant have multiple configs for multiple servlets in one webapp.
Regards,(multiple
Chris
-----Original Message-----
From: caleb racey
[mailto:]
Sent: Wednesday, May 14, 2008 10:59 AM
To: Grouper Dev
Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May
2008, 1200EDT (1600Z)
. protecting grouper-ws with apache + mod_proxy_ajpWe have just published sanjay's report on his investigations of
various techniques for authenticating webservices linked to from
http://gfivo.ncl.ac.uk/resources.php
The 10 second summary is: There are theoretical techniques for
deploying a webservice once and using different auth routes
policy, or multiple port), however the reality is that they are
poorly supported.
Deploying the same webservice app twice and deploying different auth
on top of each is much easier and works.
Cheers
Cal
--------------------
Caleb Racey
Team Leader
Middleware Team
ISS
Newcastle University
--------------------
begin:vcard fn:Tom Barton n:Barton;Tom org:University of Chicago;Networking Services & Information Technology adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637 email;internet: title:Sr. Director - Integration tel;work:+1 773 834 1700 version:2.1 end:vcard
- Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/13/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), caleb racey, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Sanjay Vivek, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Sanjay Vivek, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/14/2008
- Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Tom Barton, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), caleb racey, 05/15/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), Chris Hyzer, 05/14/2008
- RE: [grouper-dev] Grouper design call, Wednesday, 14 May 2008, 1200EDT (1600Z), caleb racey, 05/14/2008
Archive powered by MHonArc 2.6.16.