I have a web app with declarative security setup in the deployment descriptor in a way to force ssl with client authentication. If I insert an apache node in the middle talking AJP1.3 with the server, do the deployment descriptors have to change in any way to maintain the same behavior regarding the identity validation and access control enforcement ?
( Note that I'm describing an arrangement where the apache server would make client authentication (mod-ssl) and transfer that info to JBoss via AJP1.3 (mod_jk) )
can someone please help me ?
Maybe I should rephrase my question to " Does ajp1.3 leverages the declarative security mechanisms or does it force applicational security ?
Thanks in advance