Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 17170E34F for ; Tue, 19 Feb 2013 23:51:13 +0000 (UTC) Received: (qmail 1019 invoked by uid 500); 19 Feb 2013 23:51:09 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 949 invoked by uid 500); 19 Feb 2013 23:51:09 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 939 invoked by uid 99); 19 Feb 2013 23:51:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2013 23:51:09 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of andrewcwinter@gmail.com designates 74.125.82.173 as permitted sender) Received: from [74.125.82.173] (HELO mail-we0-f173.google.com) (74.125.82.173) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2013 23:51:02 +0000 Received: by mail-we0-f173.google.com with SMTP id r5so5950096wey.4 for ; Tue, 19 Feb 2013 15:50:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=HocVwPiiSS1QS2SZyi7vR3/cqlzrn0YoTitHWvRk7ic=; b=lF/hgNy9LQTAUv0r/ZRry8JYdQGIbzUqJqCWJnWzeO6JwJI1ow4UmPzv92tgOHngCv k3nNxFJPcCSx/W2LArhs8Dze4JboQWbQiOYyvU0/jNLcysQqSR8nvqrQMHywqMISEdXC gmh26/ChtXmaS9OsbWTaqn/wDSJcfxK8szGumv8+0eT43Q8HklTPwZPo32yqwq/+rAgB urATWz8y0PGUT/dcfsZqK275cZ9H5WW/njnI/8v1QMnINzwbqikLw7ST1jgQWWlNjEd5 x4EY+NoqnRiazJDLlyI9/M2sQ7ZofKTghQFlzx4Z35d9BqKI8IR+ukys0hvrpQr6IayP uDOQ== MIME-Version: 1.0 X-Received: by 10.180.108.3 with SMTP id hg3mr28606511wib.33.1361317841937; Tue, 19 Feb 2013 15:50:41 -0800 (PST) Received: by 10.194.16.72 with HTTP; Tue, 19 Feb 2013 15:50:41 -0800 (PST) Received: by 10.194.16.72 with HTTP; Tue, 19 Feb 2013 15:50:41 -0800 (PST) In-Reply-To: <51240332.30805@ice-sa.com> References: <51240332.30805@ice-sa.com> Date: Tue, 19 Feb 2013 18:50:41 -0500 Message-ID: Subject: Re: basic auth required on https but not required on http From: Andrew Winter To: Tomcat Users List Content-Type: multipart/alternative; boundary=e89a8f3ba6e365265004d61c824a X-Virus-Checked: Checked by ClamAV on apache.org --e89a8f3ba6e365265004d61c824a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thanks. A lot of file IO goes on with this app. There are a couple of files in particular that are held open for the life of the app and written to sporadically. I am thinking that having the same code as two web apps would lead to those files getting clobbered. Is there a way to make the 'same appbase with 2 hosts' version work? On Feb 19, 2013 5:57 PM, "Andr=C3=A9 Warnier" wrote: > Andrew Winter wrote: > >> I work on an intranet type application. While on the local network call= s >> are made to regular http and authentication is not allowed due to a larg= e >> number of established services that call the server without providing >> authentication. However, the server accepts calls from the outside over >> SSL (regular http port is blocked by firewall). In these cases the use o= f >> basic authentication is required. I don't see a way to have work like >> this. With our older setup we used Apache as a front end and had a >> virtual >> host file for each port. One used https and basic auth and the other >> didn't. Both pointed to the same web app. Now I must send calls directl= y >> to Tomcat as we are implementing asynchronous requests. What can I do >> here? >> >> > Do the same as under httpd (except one thing) : use separate 's > within the Tomcat configuration (same as under Apache). > Deploy a separate copy of your webapps within each 's "appBase". In > one , you protect them via Basic Auth, in the other you do n= ot. > > Under Tomcat, it is not recommended to use the same "appBase" (roughly th= e > same > as Apache's "DocumentRoot") for two separate 's, because this > creates problems of double deployment etc. So use two separate sets of > webapps. They are still the same webapp, just deployed twice, in differe= nt > locations. Is that a problem for you ? > > Roughly (check the proper syntax on tomcat.apache.org) : > > server.xml : > > .... > > > > > ... > > > > ... > > > ... > > /some/dir/number1 > |- ROOT/ > |- webapp1 > |- webapp2 > > /some/dir/number2 > |- ROOT/ > |- webapp1 > |- webapp2 > > the 2 "webapp1" are the same (same code, same files,..) (*) > the 2 "webapp2" are the same > > (*) actually, almost the same, since their WEB-INF/web.xml will be > different : one has to be accessed via HTTPS and use Basic Auth, the othe= r > one not. > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --e89a8f3ba6e365265004d61c824a--