Jan 2nd, 2013, 08:43 AM
Using Spring Security without HTTP?
I am currently using Spring Security 3.x with my Tomcat 7 server and all is well. Requests come directly into my Tomcat server and are authenticated by the Tomcat server. After the server authenticates (x509 cert) the user, Spring Security takes over and gets the user detail information using info extracted from cert. My config file snippet is:
My requirement now is to integrate an apache web server. So requests would enter the web server and be authenticated before being sent to the Tomcat server where Spring Security is configured. Lets say the protocol for the communications between web server and Tomcat server is NOT http do to the type of connector being used. For example, if the protocol AJP is being used then the Tomcat server is not getting http request; it get AJP type requests. My question is can I still use Spring Security if the incoming protocol is NOT HTTP?Is there some other configuration that can be used?