Hello, I have a web app on Tomcat 5.5 where we're using Basic Auth as our authentication method. We recently did some load testing and noticed that every HTTPS request to one of the secure URLs was resulting in an LDAP auth check. This makes sense because in Basic Auth, the browser send the credentials with every request via the Authorization header.
I would like Tomcat to cache the credentials for a period of time so that after successfully authenticating against LDAP, the server will not hit LDAP for that particular user for 5-10 minutes, to reduce load on the LDAP server and remove a system bottleneck. Note, the user observes this behavior already since the browser caches the credentials; the problem I'm trying to solve is excessive load on the LDAP server. I consulted the Tomcat 5.5 docs and read the following paragraph in the Realm HOWTO ( http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html ): Once a user has been authenticated, the user (and his or her associated
roles) are cached within Tomcat for the duration of the user's login. (For FORM-based authentication, that means until the session times out or is invalidated; for BASIC authentication, that means until the user closes their browser).
So the docs indicate that Tomcat would automatically give me the behavior that I'm looking for (Tomcat caching the credentials) but my LDAP logs are telling a different story. I think the more accurate description is that "the browser caches the credentials for the duration of the browser process, but Tomcat doesn't cache anything". So my question (after this long-winded exposition) is that it seems that Tomcat gives me nothing for caching Basic Auth'd users to reduce load on my LDAP server. Can anyone confirm or deny if this is true? Has anyone ever encountered a similar situation and found a workaround? My current best workaround idea is to install Apache HTTP server in front of Tomcat (which can do Basic Auth credential caching) and turn off Tomcat security, but this seems kludgy. Thanks in advance for any help. -- - Bill
