tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Basic and Form Authentication
Date Wed, 02 Dec 2009 17:34:25 GMT
Hash: SHA1


On 12/1/2009 6:57 AM, André Warnier wrote:
> Peter Crowther wrote:
>> 2009/12/1 Anthony Jay <>:
>>> As for cross application communication I will have to revisit our own
>>> code to see if there are static/singleton services that can be
>>> re-engineered and decoupled.
>> This may be one of the few appropriate times where you may want to put
>> code for the singletons (and all the classes that might be referenced
>> by your singletons) in common/lib.  It's not an ideal solution, but it
>> may save you considerable effort as those classes will then be loaded
>> by a single classloader, rather than the per-webapp classloaders.
> Or then, this may be a case where you want to explore front-ending these
> applications with an Apache httpd server, linked to Tomcat via an AJP
> connector.
> There is considerably more flexibility in Apache httpd regarding AAA
> (since for one it is not bound by the servlet spec), and once a request
> is authenticated, Apache and the connector will happily pass this
> authenticated id to Tomcat.  And you would have to change nothing to
> your servlet-engine side code, singletons and all.

Yeah, the problem is that AFAICT there is no standard way to do
form-based authentication with Apache httpd. HTTP BASIC AUTH works
wonderfully, but how would one implement form-based credential
gathering? Is a custom module required for this, or does httpd come
packaged with something that would work, even if a custom form /page/
would have to be developed that POSTs to a special URL?

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message