tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Adding NTLM Auth to the Entire tomcat instance
Date Thu, 25 Oct 2007 15:19:16 GMT
Peter Kahn wrote:
> Can someone let me know how to setup NTLM authentication such that all
> access to tomcat is restricted to users in a specific group?
> I have an instance of tomcat and it is serving several opengrok web apps.
> Each opengrop app is pointing at a different source tree.  I want to
> restrict access to all of these webapps to a specific group of users.
> When I offer php based webapps and restrict them to a group of users, I use
> apache2 authentication with a perl based NTLM extension.  Since tomcat is
> running on a different port,   I tried binding tomcat to localhost or
> loopback only and then used the proxy directive from apache2 to the offer
> the applications to users on my lan.  This worked, but the NTLM auth failed
> when I added it in.  I see my options as:
>   a) get apache auth to work via the proxy
>   b) forget apache auth and have tomcat handle the authentication.

If you use the AJP connector with mod_jk (or in Apache 2.2,
mod_proxy_ajp) you can continue to front your application with HTTPD
NTLM authentication.

Set the tomcatAuthentication connector attribute to false, as per:


> I looked around the docs, googling here and there but most authentication
> appeared to be at the individual web application level and not for the
> entire instance.
>   - Is authentication at the entire tomcat instance level a practice that
> people do?
>   - Is there a standard way to tie it into NTLM?
> So, can you send me links or advice if you happen to know of a good resource
> for issue or see that I'm approaching in a needlessly difficult way?  Thanks

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message