tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allistair Crossley" <>
Subject RE: Tomcat configuration tuning
Date Thu, 08 Apr 2004 19:50:59 GMT
Hi Yoav
It's the Samba team JCIFS NTLM servlet filter, so I guess I need to find out from them if
the auth is done each time.
Cheers, ADC
-----Original Message----- 
From: Shapira, Yoav [] 
Sent: Thu 08/04/2004 20:39 
To: Tomcat Users List 
Subject: RE: Tomcat configuration tuning

	Did you profile the filter versus aspects?  Now that's a benchmark I'd
	be really interested in.
	To the original poster: assuming your filter is smart enough to check
	the session for a "user is authenticated already" token, the /* mapping
	is not that big a deal.  If you're re-authenticating every time, that's
	terrible, and you should make your filter smarter.
	Yoav Shapira
	Millennium Research Informatics
	>-----Original Message-----
	>From: Charles N. Harvey III []
	>Sent: Thursday, April 08, 2004 3:38 PM
	>To: Tomcat Users List
	>Subject: Re: Tomcat configuration tuning
	>I do just what you described below.  If the loginContext isn't in the
	>I show do a global-forward to the login form.  And, because I didn't
	>have to put a session check into every Struts action I used AspectJ to
	>in a pointcut into every action.  Works great.  I was considering going
	>a filter servlet instead but if you say its slow then maybe I did the
	>Allistair Crossley wrote:
	>>Slightly off-forum but related to my performance tuning of my tomcat
	>webapp, I am using the JCIFS NTLM authentication servlet as a filter.
	>filter is mapped to all requests /*. I just thought to myself on the
	>home whether because NTLM is a 3-way handshake, that this may be
	>some kind of performance hit.
	>>The filter authenticates the desktop user and then populates the
	>request.getRemoteUser. I suppose I "could" do this once with a login
	>servlet and then populate a session user object and if that ever
	>redirect back to the login servlet.
	>>Does anyone have an opinion on whether it would be worth my time
	>the filter per request in favour of a once-only login action.
	>>I appreciate this is off-tomcat, so no hard feelings if noone replies
	>>QAS Ltd.
	>>Developers of QuickAddress Software
	>><a href=""></a>
	>>Registered in England: No 2582055
	>>Registered in Australia: No 082 851 474
	>>To unsubscribe, e-mail:
	>>For additional commands, e-mail:
	>To unsubscribe, e-mail:
	>For additional commands, e-mail:
	This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.
	To unsubscribe, e-mail:
	For additional commands, e-mail:

QAS Ltd.
Developers of QuickAddress Software
<a href=""></a>
Registered in England: No 2582055
Registered in Australia: No 082 851 474

View raw message