tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: basic auth required on https but not required on http
Date Tue, 19 Feb 2013 22:56:50 GMT
Andrew Winter wrote:
> I work on an intranet type application.  While on the local network calls
> are made to regular http and authentication is not allowed due to a large
> number of established services that call the server without providing
> authentication.  However, the server accepts calls from the outside over
> SSL (regular http port is blocked by firewall). In these cases the use of
> basic authentication is required.  I don't see a way to have work like
> this.  With our older setup we used Apache as a front end and had a virtual
> host file for each port.  One used https and basic auth and the other
> didn't. Both pointed to the same web app.  Now I must send calls directly
> to Tomcat as we are implementing asynchronous requests.  What can I do here?

Do the same as under httpd (except one thing) : use separate <Host>'s within the Tomcat

configuration (same as <VirtualHost> under Apache).
Deploy a separate copy of your webapps within each <Host>'s "appBase". In one <Host>,
protect them via Basic Auth, in the other <Host> you do not.

Under Tomcat, it is not recommended to use the same "appBase" (roughly the same
as Apache's "DocumentRoot") for two separate <Host>'s, because this creates problems
double deployment etc.  So use two separate sets of webapps.  They are still the same 
webapp, just deployed twice, in different locations.  Is that a problem for you ?

Roughly (check the proper syntax on :

server.xml :


   <Engine ...>

     <Host name="" appBase="/some/dir/number1" ..>

     <Host name="" appBase="/some/dir/number2" ..>


     |- ROOT/
     |- webapp1
     |- webapp2

     |- ROOT/
     |- webapp1
     |- webapp2

the 2 "webapp1" are the same (same code, same files,..) (*)
the 2 "webapp2" are the same

(*) actually, almost the same, since their WEB-INF/web.xml will be different : one has to

be accessed via HTTPS and use Basic Auth, the other one not.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message