On 29.05.2009 23:01, André Warnier wrote: >> Or you can use a popular filter with more options: >> http://securityfilter.sourceforge.net/ >> > Or, if you decide to do the PHP part and do it under Apache httpd, then > you could do all the authentication at the Apache httpd level, and pass > the authenticated user-id to Tomcat (at least when using the mod_jk > connector).
This works whenever AJP is used as the protocol between the web server and Tomcat, so even with mod_proxy_ajp. You though need to set tomcatAuthentication to false on the AJP connector for Tomcat to blindly trust any user information it gets on the AJP connector. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org