1 Reply Latest reply on Dec 29, 2005 11:59 AM by nuno oliveira

    security before/after AJP1.3

    nuno oliveira Newbie

      I have a web app with declarative security setup in the deployment descriptor in a way to force ssl with client authentication. If I insert an apache node in the middle talking AJP1.3 with the server, do the deployment descriptors have to change in any way to maintain the same behavior regarding the identity validation and access control enforcement ?

      ( Note that I'm describing an arrangement where the apache server would make client authentication (mod-ssl) and transfer that info to JBoss via AJP1.3 (mod_jk) )

      Thank you