tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Tomcat & Apache webserver authentication
Date Wed, 14 May 2008 14:35:20 GMT
bartd schrieb:
> Thanks Rainer for your quick answer. Does "sharing the same database" means
> that if you are authenticated for 1 application, you're automatically
> authenticated for the other application?

No. It means you only need one user administration.

What you are now asking for, is sharing some kind of security context 
between httpd and Tomcat. Actually you are aksing about sharing between 
applications, but I will focus here on the httpd/Tomcat interaction.

I've got no complete solution to that, but there are some bbuilding blocks:

Basic auth uses http headers. Once the browser authenticated a user via 
basic auth, it will always send the Authorization header with the 
requests for the same server - unless a URL is protected by a different 
realm (more precisely a different realm-name in login-config in 
web.xml). The same should hold true for digest authentication. These 
ways of httpd authentication are used by httpd and Tomcat. So you can 
play around by using the same realm-name (by which I don't mean the 
class name implementing a special realm type in Tomcat).

mod_jk and mod_proxy_ajp will also automatically transport some 
authentication information from httpd to Tomcat, e.g. remote_user and 
auth_type. If you set tomcatAuthentication="false" in your AJP connector 
config (in server.xml), you can retrieve the remote user via 
request.getRemoteUser().

Additional information could be made available in httpd as so-called 
environment variables (not the same as a shell environment variable) and 
then forwarded to Tomcat via JkEnvVar.

Regards,

Rainer

> ---------- Initial header -----------
> 
> From      : "Rainer Jung" rainer.jung@kippdata.de
> To          : "Tomcat Users List" users@tomcat.apache.org
> CC          : 
> Date      : Wed, 14 May 2008 13:29:48 +0200
> Subject : Re: Tomcat & Apache webserver authentication
> 
>> bartd schrieb:
>>> Hi,
>>>
>>> I connected Tomcat 5.5 and Apache Webserver together with mod_jk. My
>>> servlet calls are correctly transferred to Tomcat by Apache and if i
>>> address a servlet in a "secured" zone i'm prompted for a password
>>> (Form authentication in a Jdbcrealm in Tomcat). So far, so good. But i
>>> wonder if it is possible to configure Tomcat or Apache or both to
>>> share there realm, so the Tomcat authentication covers both Tomcat and
>>> Apache secured areas with 1 user/password database. Everything i found
>>> on the web covers the one case where the secured area is completely in
>>> a Tomcat webcontext.
>> You should be able share the user database with JDBCRealm (Tomcat) and 
>> mod_auth_dbd (Apache httpd 2.2) resp. with JNDIRealm and mod_authnz_ldap.
>>
>>> Thanks in advance for any input!
>>>
>>> Bart.
>> Regards,
>>
>> Rainer

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message