tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: basic auth required on https but not required on http
Date Tue, 19 Feb 2013 22:56:50 GMT
Andrew Winter wrote:
> I work on an intranet type application.  While on the local network calls
> are made to regular http and authentication is not allowed due to a large
> number of established services that call the server without providing
> authentication.  However, the server accepts calls from the outside over
> SSL (regular http port is blocked by firewall). In these cases the use of
> basic authentication is required.  I don't see a way to have work like
> this.  With our older setup we used Apache as a front end and had a virtual
> host file for each port.  One used https and basic auth and the other
> didn't. Both pointed to the same web app.  Now I must send calls directly
> to Tomcat as we are implementing asynchronous requests.  What can I do here?
> 

Do the same as under httpd (except one thing) : use separate <Host>'s within the Tomcat

configuration (same as <VirtualHost> under Apache).
Deploy a separate copy of your webapps within each <Host>'s "appBase". In one <Host>,
you 
protect them via Basic Auth, in the other <Host> you do not.

Under Tomcat, it is not recommended to use the same "appBase" (roughly the same
as Apache's "DocumentRoot") for two separate <Host>'s, because this creates problems
of 
double deployment etc.  So use two separate sets of webapps.  They are still the same 
webapp, just deployed twice, in different locations.  Is that a problem for you ?

Roughly (check the proper syntax on tomcat.apache.org) :

server.xml :

....

   <Engine ...>

     <Host name="host1.company.com" appBase="/some/dir/number1" ..>
        ...
     </Host>

     <Host name="host2.company.com" appBase="/some/dir/number2" ..>
        ...
     </Host>

...

/some/dir/number1
     |- ROOT/
     |- webapp1
     |- webapp2

/some/dir/number2
     |- ROOT/
     |- webapp1
     |- webapp2

the 2 "webapp1" are the same (same code, same files,..) (*)
the 2 "webapp2" are the same

(*) actually, almost the same, since their WEB-INF/web.xml will be different : one has to

be accessed via HTTPS and use Basic Auth, the other one not.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message