Re: Basic and Form Authentication

Wed, 02 Dec 2009 09:46:39 -0800 

On 02/12/2009 17:34, Christopher Schultz wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 12/1/2009 6:57 AM, André Warnier wrote:

Peter Crowther wrote:

2009/12/1 Anthony Jay<anthony...@fastmail.fm>:

As for cross application communication I will have to revisit our own
code to see if there are static/singleton services that can be
re-engineered and decoupled.


This may be one of the few appropriate times where you may want to put
code for the singletons (and all the classes that might be referenced
by your singletons) in common/lib.  It's not an ideal solution, but it
may save you considerable effort as those classes will then be loaded
by a single classloader, rather than the per-webapp classloaders.


Or then, this may be a case where you want to explore front-ending these
applications with an Apache httpd server, linked to Tomcat via an AJP
connector.
There is considerably more flexibility in Apache httpd regarding AAA
(since for one it is not bound by the servlet spec), and once a request
is authenticated, Apache and the connector will happily pass this
authenticated id to Tomcat.  And you would have to change nothing to
your servlet-engine side code, singletons and all.


Yeah, the problem is that AFAICT there is no standard way to do
form-based authentication with Apache httpd. HTTP BASIC AUTH works
wonderfully, but how would one implement form-based credential
gathering? Is a custom module required for this, or does httpd come
packaged with something that would work, even if a custom form /page/
would have to be developed that POSTs to a special URL?
The only HTTPD module that supports form auth that I've heard of is mod_auth_cookie, but it's not included with the distribution & has had, I believe, varying levels of support during its life. 


p



- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksWpSEACgkQ9CaO5/Lv0PD+jQCgm7QDsfdi+cfwF/n4mlo1ZHus
bO0An1qrEFK3doN0l6D4zSkRREJ33YZ8
=vnb7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to