Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 95628 invoked from network); 2 Dec 2009 22:25:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Dec 2009 22:25:20 -0000 Received: (qmail 62778 invoked by uid 500); 2 Dec 2009 22:25:16 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 62700 invoked by uid 500); 2 Dec 2009 22:25:16 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 62689 invoked by uid 99); 2 Dec 2009 22:25:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2009 22:25:16 +0000 X-ASF-Spam-Status: No, hits=-2.6 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of aw@ice-sa.com designates 212.85.38.228 as permitted sender) Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Dec 2009 22:25:14 +0000 Received: from localhost (localhost [127.0.0.1]) by tor.combios.es (Postfix) with ESMTP id C8A32226098 for ; Wed, 2 Dec 2009 23:24:52 +0100 (CET) Received: from tor.combios.es ([127.0.0.1]) by localhost (tor.combios.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gw+sYlkVg1oL for ; Wed, 2 Dec 2009 23:24:52 +0100 (CET) Received: from [192.168.245.129] (p549EB2F7.dip0.t-ipconnect.de [84.158.178.247]) by tor.combios.es (Postfix) with ESMTPA id 6E91A226093 for ; Wed, 2 Dec 2009 23:24:52 +0100 (CET) Message-ID: <4B16E916.5080106@ice-sa.com> Date: Wed, 02 Dec 2009 23:24:22 +0100 From: =?UTF-8?B?QW5kcsOpIFdhcm5pZXI=?= Reply-To: Tomcat Users List User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Basic and Form Authentication References: <1259667535.3541.1347843907@webmail.messagingengine.com> <4B150494.4010303@ice-sa.com> <4B16A521.3090203@christopherschultz.net> <4B16A7DA.80309@pidster.com> In-Reply-To: <4B16A7DA.80309@pidster.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Pid wrote: > On 02/12/2009 17:34, Christopher Schultz wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> André, >> >> On 12/1/2009 6:57 AM, André Warnier wrote: >>> Peter Crowther wrote: >>>> 2009/12/1 Anthony Jay: >>>>> As for cross application communication I will have to revisit our own >>>>> code to see if there are static/singleton services that can be >>>>> re-engineered and decoupled. >>>> >>>> This may be one of the few appropriate times where you may want to put >>>> code for the singletons (and all the classes that might be referenced >>>> by your singletons) in common/lib. It's not an ideal solution, but it >>>> may save you considerable effort as those classes will then be loaded >>>> by a single classloader, rather than the per-webapp classloaders. >>>> >>> Or then, this may be a case where you want to explore front-ending these >>> applications with an Apache httpd server, linked to Tomcat via an AJP >>> connector. >>> There is considerably more flexibility in Apache httpd regarding AAA >>> (since for one it is not bound by the servlet spec), and once a request >>> is authenticated, Apache and the connector will happily pass this >>> authenticated id to Tomcat. And you would have to change nothing to >>> your servlet-engine side code, singletons and all. >> >> Yeah, the problem is that AFAICT there is no standard way to do >> form-based authentication with Apache httpd. HTTP BASIC AUTH works >> wonderfully, but how would one implement form-based credential >> gathering? Is a custom module required for this, or does httpd come >> packaged with something that would work, even if a custom form /page/ >> would have to be developed that POSTs to a special URL? > > The only HTTPD module that supports form auth that I've heard of is > mod_auth_cookie, but it's not included with the distribution & has had, > I believe, varying levels of support during its life. > At the last ApacheCON Europe in Amsterdam, there was I believe also talk about a new Apache mod_session module. But I've never seen any mention of it since. I'll ask about that too. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org