tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Stateless application is very slow using LDAP authentication
Date Tue, 22 Apr 2014 16:53:26 GMT
Leo Donahue wrote:
> On Tue, Apr 22, 2014 at 8:48 AM, André Warnier <aw@ice-sa.com> wrote:
> 
>> Frédéric Poliquin wrote:
>>
>>> << What if you disable authentication entirely as a test... do things
>>> speed-up?>> Answer is YES
>>> << Do you have a problem only under load or also when you are testing a
>>> single-user?>> Single user
>>>
>>> What I did is to put Tomcat behind an Apache Server which solved my
>>> problem. Maybe it could be a good new feature to add in future releases...
>>>
>>>
>> Can you explain how this solved your problem ?
>>
>> If you are using Basic Authentication, without sessions, even httpd would
>> need to re-authenticate to AD/LDAP with every request, no ?

(I stand corrected, with the documentation Frédéric points to in a later post :
http://httpd.apache.org/docs/current/mod/mod_ldap.html#cache
httpd does cache the LDAP authentication information, independently of sessions).
So that probably answers the performance difference question also.

And I do also now understand his suggestion for an enhancement to the Tomcat JNDIRealm, to

do the same kind of thing, if it doesn't already.

>>
>>
>>
> I'm somewhat more concerned for the OP if he is using Basic Authentication
> and LDAP.  Passwords going over the network unprotected.  Am I the only one
> seeing this?
> 

Well, all things considered, over the last 2 years that has been a rather more secure 
method than HTTPS, no ? At least, all they could steal was your password.
;-)


P.S. I am jesting of course, and your concern is justified, particularly since Frédéric
is 
talking about using an AD/LDAP system as the back-end.  Unless that AD system is only used

for this application, that would be a concern.

(But by the way, Frédéric never said this was pure HTTP; it could all be going over HTTPS)


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message