Grouper Developers Forum

[Tom Barton <>]

The prerequisites page gives details on both. For apache prior to 2.2 
you must use mod_jk, but setup of mod_proxy_ajp with apache 2.2+ is much 
easier (note the number of caveats and conditionals needed to tell the 
mod_jk setup story).

Tom

Chris Hyzer wrote:
> Sorry to be nitpicky, but I think mod_jk is preferred over mod_proxy_ajp.  I 
> run the UI and WS with mod_jk and it works great...
>
> http://wiki.apache.org/tomcat/FAQ/Connectors#Q2
>
> Chris
>
> > -----Original Message-----
> > From: Tom Barton 
> > [mailto:]
> > Sent: Wednesday, May 14, 2008 11:58 AM
> > To: Chris Hyzer
> > Cc: caleb racey; Grouper Dev
> > Subject: Re: [grouper-dev] Grouper design call, Wednesday, 14 May 2008,
> > 1200EDT (1600Z)
> >
> > If I recall correctly, the "missing doc" would address what is
> > anticipated to be a common need, not necessarily to detail all of the
> > ways grouper-ws might be protected. I suppose, though, that the former
> > can be the start of a larger and evolving doc of the latter.
> >
> > For comparison, cf.
> > <https://wiki.internet2.edu/confluence/display/GrouperWG/Prerequisites>
> > .
> >
> > Tom
> >
> > Chris Hyzer wrote:
> > > I think the issue is that the web.xml ships with servlet container
> > simple auth in it, right Tom?
> > > I modified the README.txt to tell people to take out that part in the
> > web.xml if they don't want it (maybe it should be a web.example.xml)...
> > Incidentally, we will use the kerberos authenticator at Penn, so Im ok
> > with commenting out the simple auth as a default...  it's the easiest
> > for a quick start though probably.
> > > Also, I found the same results as Sanjay, and the build script
> > reflects that.  You can either build grouper-ws in non-rampart mode, or
> > rampart mode (and you should deploy twice to run both).  If you wanted
> > container simple auth, and apache + mod_jk (or whatever connector to a
> > servlet container), you could do that in one deployment I believe...
> > same with Kerberos.  But the rampart affects the Axis config files, and
> > you cant have multiple configs for multiple servlets in one webapp.
> > > Regards,
> > > Chris
> > >
> > > > -----Original Message-----
> > > > From: caleb racey 
> > > > [mailto:]
> > > > Sent: Wednesday, May 14, 2008 10:59 AM
> > > > To: Grouper Dev
> > > > Subject: RE: [grouper-dev] Grouper design call, Wednesday, 14 May
> > > > 2008, 1200EDT (1600Z)
> > > >
> > > > >    . protecting grouper-ws with apache + mod_proxy_ajp
> > > > We have just published sanjay's report on his investigations of
> > > > various techniques for authenticating webservices  linked to from
> > > > http://gfivo.ncl.ac.uk/resources.php
> > > >
> > > >
> > > > The 10 second summary is: There are theoretical techniques for
> > > > deploying a webservice once and using different auth routes
> > (multiple
> > > > policy, or multiple port), however the reality is that they are
> > > > poorly supported.
> > > > Deploying the same webservice app twice and deploying different auth
> > > > on top of each is much easier and works.
> > > >
> > > >
> > > > Cheers
> > > >
> > > > Cal
> > > >
> > > > --------------------
> > > > Caleb Racey
> > > > Team Leader
> > > > Middleware Team
> > > > ISS
> > > > Newcastle University
> > > > --------------------
begin:vcard
fn:Tom Barton
n:Barton;Tom
org:University of Chicago;Networking Services & Information Technology
adr;dom:1155 E. 60th St.;;Rm 309, 1155 Bldg;Chicago;IL;60637
email;internet:
title:Sr. Director - Integration
tel;work:+1 773 834 1700
version:2.1
end:vcard