Hi Bill,
Thanks for your answer.
The original design of this authentication/session creation mechanism
was made by another developper who knows Tomcat better than I know (but
not enough apparently ;) ).
If I understand correctly, your suggestion is to write a custom valve
which will be used as our missing link between the Apache authentication
and the Tomcat Realm call. Is this correct?
The Valve will access the username/password in the header and explicitly
call the Realm (Kind of similar to the SSO Valve)?
Cheers,
Mickael
Bill Barker wrote:
"Mickael Goujon" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
Hi,
We have a web application deployed under Tomcat 5.0 which uses a custom
Realm for authentication. This custom Realm basically does a web service
call using the user's credentials to authenticate with the web service
server (basic WS-I username/password authentication).
If the web service call fails (user not allowed to call the web service
with his credentials), then Tomcat authentication fails.
If the web service call succeed (user has access to the web service), then
Tomcat authentication succeed and the Realm will store the Session object
returned by the web service in a ThreadLocalContext to be reused later in
the web application.
This works fine with Tomcat only, but as soon as I add mod_jk and try to
use Apache to do the authentication and then pass the credentials to
Tomcat (using tomcatAuthentication=false), I get the "403 - access denied"
page.
I'd like to know if, in my configuration (Apache authentication + Tomcat
Realm + tomcatAuthentication=false), Apache is supposed to pass the user
login/password to the Tomcat Realm or if the realm is not called at all
(This would be the bad news I fear)?
Sorry for the bad news, but the Tomcat Realm is not called at all in this
situation. Also, Apache doesn't forward the password directly (although it
is still in encoded in the Header).
My combination Apache/Tomcat/mod_jk works when I specify
tomcatAuthentication=true. But, I'd like to have Apache authentication and
the Tomcat Realm called automatically after that with the
username/password... Is this possible or do I have to move my Session
creation process somewhere else?
A custom Authenticator is probably over-kill here. I would probably just
use a custom Valve. But as-is, you do at least have to add something (or,
modify your copy of the Tomcat code :) to invoke the Realm.
Hope you understood my problem,
Cheers,
Mickael
--
Mickael Goujon
Software Engineer
Lion Bioscience Ltd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
