tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Pizzoli <>
Subject WebApp to WebApp JEE security
Date Sat, 05 Dec 2015 09:18:08 GMT
Hi list,
I am fighting against a 3rd party application composed by 2 webapps.

The first is supposed to present a login form and once authenticated you
are presented with the application frontend.
Behind the lines it is connecting (through localhost) to a second one that
is presenting the same security configuration.
In short, the same username/role are authorized for the second aplication
as well.

In the original setup everything works fine with the memoryRealm, so just
populating the tomcat-users.xml file.
Problems arose when I switched to leverage JNDIRealm (LDAP): it is not
working anymore.
I easily managed to get the first app to authenticate against LDAP,
validating a specific LDAP group, but eventually the app gets 403 in
accessing the second one.

Of course I already tried the same security-role / security-contraint in
both the web.xml.

Do you know if it is a known problem in "sharing" a security mechanism
between webapps running on the same Tomcat?
I am running Tomcat 7.0.64.

I did not found a way to debug the security-contraint/security-role stuff.
If you could just advice what to enable to have a deeper insight... that
would be invaluable!

Thanks to all

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message