tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stéphanie Cettou <>
Subject Re: Tomcat login
Date Wed, 31 Mar 2010 10:03:22 GMT
Thank you very much,
I will learn more for this solution.
But all points of my "issue" list must be covered...
And the other problem is that the user should be access everywhere
(not only from their pc).

And I have an other question, how I can get more roles at an user?

A tomcat solution exist? Or I must in java programming? Or an other
"ready" solution exist?



2010/3/30 André Warnier <>:
> Stéphanie,
> I don't want to interfere with the other people here who are trying to help
> you in the direction of a "pure Tomcat" solution.  I am incompetent in that
> area, while they are, and their recommendations may in the end be better
> than mine.
> So let's say that there are alternative ways in which your basic issue could
> be solved, and what I am suggesting is one of these possible alternatives.
> The solution I am suggesting consists of separating the "user management
> business" from the "Tomcat application business".
> My first premise is that managing users, passwords, rules for these
> passwords, aging, people coming and going etc.. is a complicated and
> time-consuming task and, if there already exists an AD infrastructure (or 3)
> that does this and people who manage it, maybe you do not want to create and
> manage a 4th system.
> (For example, if you create a mechanism based on a database, then you will
> probably have to synchronise that database with the 3 existing AD databases;
> and you will probably never obtain from the separate admins of the 3 AD
> domains, that they send you every day a new list of their users and
> passwords).
> My second premise is that users, in general, do not like to have to login
> several times, and remember different user-id's and/or passwords for
> different things.
> So if you can propose a solution which requires less additional programming
> and setup, and less management hassle later on, that may be to your own and
> to the users' advantage.
> Based on your previous explanations, I will imagine that there are 3
> locations from where users can access your Tomcat system; that at each of
> those locations, there is a Windows domain based on an AD system; and that
> the users in each of those locations already login to their local domain
> before they access your Tomcat applications; and that these systems already
> manage the business of password rules and aging, and the day-to-day business
> of people coming and going.
> If it is so, you can set up a system whereby the local login which each user
> has already done once when they started their workstation, can be used by
> your Tomcat application(s).  Your Tomcat application(s) will automatically
> receive, for each access, a unique and pre-authenticated user-id for each
> user, just as if you had done the authentication yourself at the Tomcat
> level.  This user-id can include the original domain name of the user (iow
> the location), so that if two users "john.smith" exist in two separate AD
> domains, they will not be confused.
> This method does not necessarily cover all your needs, and it may still
> require some user data and some management at the Tomcat level, but it may
> also avoid having to re-implement and manage stuff that is already being
> done elsewhere.
> If you are still interested, then go have a look here :
> I am not saying that this is necessarily the solution for you, but it is
> maybe worth having a look at it.
> (and no, I am not an employee of that company; it is just something I use
> myself with Tomcat, in contexts apparently similar to yours.)
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message