tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arno <arno.schae...@sqs.com>
Subject Re: How to authenticate our webapp against our own relm only
Date Tue, 21 Jul 2015 15:50:43 GMT
Christopher Schultz <chris <at> christopherschultz.net> writes:
> Accessing a protected resource triggers an authorization check, which
> also required authentication. Some realms cache authentication
> information while others do not. The authenticator is a Valve which
> uses the Realm to perform the authentication and gather authorization
> information (e.g. roles). If the user isn't authenticated, then they
> are challenged for credentials (login form, SSL client certificate,
> HTT BASIC/DIGEST auth, etc.) and the credentials they provide are then
> fed back into the realm to authenticate the user. Then the roles are
> checked for authorization.

ok, thanks for this explanation, that's makes it more clear for me. One more
question about "...Accessing a protected resource..."
Which resources are protected is decided by what kind of configuration?
Because I do nothing special for this, I think that my configuration is
using the normal defaults for BASIC authentification.
Perhaps there is some potential space to increase performance by disable
this authentification for a lot of request types.

Because I will have some issues with the administration of my session
handling, can I also influence the JSESSION generation with such kind of
configuration or is this done by the used browser only? 
Background for this question: Now I recognize, when I open a new instance of
f.e. an IExplorer with my home url, this new instance use the same JSESSION
id, what the parallel running instance is also using. Is it possible to
configure this in the tomcat instance or couldn't I influence this behaviour?

kind regards
Arno


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message