tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frédéric Poliquin <>
Subject Stateless application is very slow using LDAP authentication
Date Tue, 22 Apr 2014 13:29:24 GMT

I'm working on a stateless application which does not create an http session. This application
has a standard security constraint requesting basic authentication on all resources.

Tomcat is configured using a standard JNDIRealm to authenticate against Active Directory.
Authentication and authorisation are working fine but with this configuration, the application
is very slow; we even get timeouts from requirejs. The documentation says:

"Once a user has been authenticated, the user (and his or her associated roles) are cached
within Tomcat for the duration of the user's login. (For FORM-based authentication, that means
until the session times out or is invalidated; for BASIC authentication, that means until
the user closes their browser). The cached user is not saved and restored across sessions
serialisations. Any changes to the directory information for an already authenticated user
will not be reflected until the next time that user logs on again."

Does Tomcat have a cache outside the http session? Is there a workaround to get one?
Does Tomcat can be used as a simple file server with LDAP authentication?

We are using Tomcat 7.0.53 with JDK  1.7.0_55 on Windows Server 2008 R2.

Thank you.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message