bartd schrieb:
Thanks Rainer for your quick answer. Does "sharing the same database" means
that if you are authenticated for 1 application, you're automatically
authenticated for the other application?
No. It means you only need one user administration.
What you are now asking for, is sharing some kind of security context
between httpd and Tomcat. Actually you are aksing about sharing between
applications, but I will focus here on the httpd/Tomcat interaction.
I've got no complete solution to that, but there are some bbuilding blocks:
Basic auth uses http headers. Once the browser authenticated a user via
basic auth, it will always send the Authorization header with the
requests for the same server - unless a URL is protected by a different
realm (more precisely a different realm-name in login-config in
web.xml). The same should hold true for digest authentication. These
ways of httpd authentication are used by httpd and Tomcat. So you can
play around by using the same realm-name (by which I don't mean the
class name implementing a special realm type in Tomcat).
mod_jk and mod_proxy_ajp will also automatically transport some
authentication information from httpd to Tomcat, e.g. remote_user and
auth_type. If you set tomcatAuthentication="false" in your AJP connector
config (in server.xml), you can retrieve the remote user via
request.getRemoteUser().
Additional information could be made available in httpd as so-called
environment variables (not the same as a shell environment variable) and
then forwarded to Tomcat via JkEnvVar.
Regards,
Rainer
---------- Initial header -----------
From : "Rainer Jung" [EMAIL PROTECTED]
To : "Tomcat Users List" users@tomcat.apache.org
CC :
Date : Wed, 14 May 2008 13:29:48 +0200
Subject : Re: Tomcat & Apache webserver authentication
bartd schrieb:
Hi,
I connected Tomcat 5.5 and Apache Webserver together with mod_jk. My
servlet calls are correctly transferred to Tomcat by Apache and if i
address a servlet in a "secured" zone i'm prompted for a password
(Form authentication in a Jdbcrealm in Tomcat). So far, so good. But i
wonder if it is possible to configure Tomcat or Apache or both to
share there realm, so the Tomcat authentication covers both Tomcat and
Apache secured areas with 1 user/password database. Everything i found
on the web covers the one case where the secured area is completely in
a Tomcat webcontext.
You should be able share the user database with JDBCRealm (Tomcat) and
mod_auth_dbd (Apache httpd 2.2) resp. with JNDIRealm and mod_authnz_ldap.
Thanks in advance for any input!
Bart.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
