tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Basic and Form Authentication
Date Wed, 02 Dec 2009 17:34:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 12/1/2009 6:57 AM, André Warnier wrote:
> Peter Crowther wrote:
>> 2009/12/1 Anthony Jay <anthonyjay@fastmail.fm>:
>>> As for cross application communication I will have to revisit our own
>>> code to see if there are static/singleton services that can be
>>> re-engineered and decoupled.
>>
>> This may be one of the few appropriate times where you may want to put
>> code for the singletons (and all the classes that might be referenced
>> by your singletons) in common/lib.  It's not an ideal solution, but it
>> may save you considerable effort as those classes will then be loaded
>> by a single classloader, rather than the per-webapp classloaders.
>>
> Or then, this may be a case where you want to explore front-ending these
> applications with an Apache httpd server, linked to Tomcat via an AJP
> connector.
> There is considerably more flexibility in Apache httpd regarding AAA
> (since for one it is not bound by the servlet spec), and once a request
> is authenticated, Apache and the connector will happily pass this
> authenticated id to Tomcat.  And you would have to change nothing to
> your servlet-engine side code, singletons and all.

Yeah, the problem is that AFAICT there is no standard way to do
form-based authentication with Apache httpd. HTTP BASIC AUTH works
wonderfully, but how would one implement form-based credential
gathering? Is a custom module required for this, or does httpd come
packaged with something that would work, even if a custom form /page/
would have to be developed that POSTs to a special URL?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksWpSEACgkQ9CaO5/Lv0PD+jQCgm7QDsfdi+cfwF/n4mlo1ZHus
bO0An1qrEFK3doN0l6D4zSkRREJ33YZ8
=vnb7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message