Re: basic auth required on https but not required on http

Tue, 19 Feb 2013 14:57:23 -0800 

Andrew Winter wrote:

I work on an intranet type application.  While on the local network calls
are made to regular http and authentication is not allowed due to a large
number of established services that call the server without providing
authentication.  However, the server accepts calls from the outside over
SSL (regular http port is blocked by firewall). In these cases the use of
basic authentication is required.  I don't see a way to have work like
this.  With our older setup we used Apache as a front end and had a virtual
host file for each port.  One used https and basic auth and the other
didn't. Both pointed to the same web app.  Now I must send calls directly
to Tomcat as we are implementing asynchronous requests.  What can I do here?
Do the same as under httpd (except one thing) : use separate <Host>'s within the Tomcat configuration (same as <VirtualHost> under Apache). Deploy a separate copy of your webapps within each <Host>'s "appBase". In one <Host>, you protect them via Basic Auth, in the other <Host> you do not. 

Under Tomcat, it is not recommended to use the same "appBase" (roughly the same
as Apache's "DocumentRoot") for two separate <Host>'s, because this creates problems of double deployment etc. So use two separate sets of webapps. They are still the same webapp, just deployed twice, in different locations. Is that a problem for you ? 

Roughly (check the proper syntax on tomcat.apache.org) :

server.xml :

....

  <Engine ...>

    <Host name="host1.company.com" appBase="/some/dir/number1" ..>
       ...
    </Host>

    <Host name="host2.company.com" appBase="/some/dir/number2" ..>
       ...
    </Host>

...

/some/dir/number1
    |- ROOT/
    |- webapp1
    |- webapp2

/some/dir/number2
    |- ROOT/
    |- webapp1
    |- webapp2

the 2 "webapp1" are the same (same code, same files,..) (*)
the 2 "webapp2" are the same
(*) actually, almost the same, since their WEB-INF/web.xml will be different : one has to be accessed via HTTPS and use Basic Auth, the other one not. 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to