tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Do any of the Tomcat LDAP-type realms support "no password" authentication?
Date Sat, 03 Dec 2011 23:42:09 GMT wrote:
> ---- "André Warnier" <> wrote: 
>> wrote:
>>> ---- "André Warnier" <> wrote: 
>>>> wrote:
>>>>>> Now let me ask another question :
>>>>>> Why do you need to authenticate the user at the Apache level, and
pass this user-id to 
>>>>>> Tomcat ?
>>>>>> Obviously, from the OAM documentation I scanned, there must exist
an OAM module directly 
>>>>>> for Tomcat, to authenticate users there.  Why are you not using that
>>>>> It seems like they should have one, but, unfortunately, they don't.
>>>> Mmm. Browsing the documentation, I seem to remember seeing something about
Weblogic, no ?
>>>> Is that not usable ?
>>>> (As an aside, send your messages only to the list. I get all messages to
the list anyway, 
>>>> so if you send them to me too, I get them twice).
>>> Hi,
>>> Sorry about the emails.  
>>> Yes, they do support integrating with WebLogic, and we do use that for other
cases, but that's probably a bit off-topic here.
>> We don't mind the competition here. Keeps us on our toes.
>> Just kidding.
>> What I meant to ask (me being the not-so-Java specialist see) was, since Weblogic
is a 
>> servlet engine, and Tomcat is a servlet engine, both ought to abide by the servlet
>> and such, so isn't the Weblogic-oriented module usable with Tomcat ?
>> Or is this too much of a rosy view of the world ?
>> Anyway, the only other thing that comes to mind is, since you seem to be an OAM customer,

>> can you not ask the OAM support people if OAM sets the internal Apache user-id or
not ?
> Hi,
> I'll answer the last question first:  We have asked, but they don't support integration
with Tomcat out-of-the-box.  That was why I've been looking into it for our organization.

Ok. But the question here is different : you are not asking if they support Tomcat.
What you are asking is if OAM can set the Apache internal user-id, once the user is 
authenticated by OAM.

The situation is the same as if you had to support, say, some legacy Apache-based 
application, and this Apache-based application needs the user-id, and it normally gets it

from Apache.
For example, imagine that your organisation has some pre-existing content-management 
system based on Apache and Perl.  Now you purchase OAM as a global SSO mechanism, and you

want to use OAM to authenticate the users for your content-management application.  For 
that, the easiest way is for OAM to just set the Apache user-id, because then you don't 
have to change anything to your existing application.

> Re. your 1st question, yes, WebLogic is J2EE, but the integration that Oracle has with
WebLogic is based on providers that leverage the (old) WebLogic/BEA security framework, which
is/was proprietary to WebLogic, so those providers are not compatible with or usable with
anything other than WebLogic.
> The situation is similar to Tomcat and valves I guess, i.e., Tomcat is J2EE compliant
(for JSPs, servlets, etc., but valves are "proprietary'' to Tomcat.
> Jim

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message