I am attempting to connect Apache and Tomcat together but to use forms based authentication for both. Apache will terminate the SSL session, and mod_jk will send load balanced requests to two tomcat servers in the background.
I have a db of users in mysql which contains username/pw and role based information. I will use wordpress on apache to handle blogging functionality and perform basic cms management for static content. Tomcat will serve jsp/servlets and xml content.
It is easy to do all this using Http Basic as user/pass information is passed to server for each request and both apache and tomcat can handle this via the db. In addition I would like to use forms based authentication, basic authentication and no authentication for specific tomcat webapps. The content on apache will either be secured using forms based authentication or be fully publically accessible.
I have looked at mod_authn_dbd but and mod_auth_mysql etc. and how they pass userids to Tomcat, but this does not handle the forms based login itself.
It is straightforward to use forms based authentication for tomcat but for Apache what should I use? I would rather use open source and supported components and would like to avoid any custom written solutions. User experience should be that customers only need to login once to see both apache and tomcat content. Use of roles is important but my main issue now is the apache forms based login.
Note: I am looking for real advice, please don't say "I can do it" as that will **immediately disqualify you**. I am only looking for responses from persons who have done this before or have worked in apache/tomcat environments.
I am happy to answer any questions you may have, and will pay the first person that comes up with a good solution to my issue.
My env is:
public static content served from apache via wordpress no login
private static content served from apache via wordpress following form login
xml content served from tomcat using http basic
xml content served from tomcat using no login or ssl
private dynamic content (jsp/servlet) served from tomcat following form login
Users need only login once!