Re: Share data between applications

Thu, 07 Jul 2016 11:00:00 -0700 

On 07.07.2016 17:48, Nathan Quirynen wrote:

We have several applications deployed in Tomcat and want to add 1 application 
to handle
authentication for all of the other applications.

All applications are defined as different host elements in Tomcat configuration
(server.xml) like following example:

<Host name="loginapp.localhost" appBase="loginapp" />
<Host name="webapp1.localhost" appBase="webapp1" />
<Host name="webapp2.localhost" appBase="webapp2" />
...

How I see it theoretically working:
When a user goes to an url that points to webapp1, a request filter in the 
application
sees that the user has not been authenticated yet and redirects to the 
"loginapp" where
authentication happens and redirects back to webapp1 where the user now has been
authenticated for (only for this specific application).

Is it possible to share data between these applications in any way or somehow 
access and
make changes in the http session for webapp1 to make this flow work?

I hope my question is clear, else I'd like to hear your questions.



Hi.
Your question is clear.
I believe however that what you want to achieve, given your configuration (multiple Hosts) is not possible in Tomcat alone (nor maybe in any Servlet Engine respectful of the Servlet Specification). However, there is one way in which I can imagine a solution, provided you have (or are willing to add) a front-end Apache httpd along with a Apache-Tomcat "mod_jk" connector. 
Have a look here, first of all :
http://tomcat.apache.org/tomcat-8.0-doc/config/ajp.html#Standard_Implementations
-> tomcatAuthentication
-> tomcatAuthorization
In other words, you could use a httpd front-end proxy to all your Tomcat Hosts, do the authentication at the httpd level (using any of the numerous methods available to do so), and then transmit this authenticated user-id to Tomcat, at the moment the requests get proxied to Tomcat for execution. Because for Tomcat then, all incoming requests (no matter for which Host) would already be authenticated, and Tomcat would "believe" this authentication and not bother to do its own anymore, even for protected areas within Tomcat Hosts. 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to