Hello,
I need to build modules that will handle authentication and authorization. Our requirements seem to be a little different then what is provided with the apache web server. However, before I started down this path, I was hoping to get some feedback on the approach, as I am new module development. In our architecture, authentication and authorization is handled by a set of web services. I would need to have the apache module make calls to the service. I was planning on using Axis 2 for this. Are there any issues with thiat? For Authentication: I need to be able to look at request and see if it has a security token. If it does, then I need to validate it through the service. If it does not, then I need to redirect them to an authentication page. I thought it would be easier to handle the authentication through our java application (as we have the rest of the application) or should this part of the module as well? If a person successful authenticates, then the authentication app would redirect the user to the originally requested url. This would flow through the apache web service and mod-proxy to end up at the target location. Does this approach seem reasonable ? Thanks for your feedback. Suneet