On 07/07/16 19:59, André Warnier (tomcat) wrote:
On 07.07.2016 17:48, Nathan Quirynen wrote:
We have several applications deployed in Tomcat and want to add 1
application to handle
authentication for all of the other applications.
All applications are defined as different host elements in Tomcat
configuration
(server.xml) like following example:
<Host name="loginapp.localhost" appBase="loginapp" />
<Host name="webapp1.localhost" appBase="webapp1" />
<Host name="webapp2.localhost" appBase="webapp2" />
...
How I see it theoretically working:
When a user goes to an url that points to webapp1, a request filter
in the application
sees that the user has not been authenticated yet and redirects to
the "loginapp" where
authentication happens and redirects back to webapp1 where the user
now has been
authenticated for (only for this specific application).
Is it possible to share data between these applications in any way or
somehow access and
make changes in the http session for webapp1 to make this flow work?
I hope my question is clear, else I'd like to hear your questions.
Hi.
Your question is clear.
I believe however that what you want to achieve, given your
configuration (multiple Hosts) is not possible in Tomcat alone (nor
maybe in any Servlet Engine respectful of the Servlet Specification).
However, there is one way in which I can imagine a solution, provided
you have (or are willing to add) a front-end Apache httpd along with a
Apache-Tomcat "mod_jk" connector.
Have a look here, first of all :
http://tomcat.apache.org/tomcat-8.0-doc/config/ajp.html#Standard_Implementations
-> tomcatAuthentication
-> tomcatAuthorization
In other words, you could use a httpd front-end proxy to all your
Tomcat Hosts, do the authentication at the httpd level (using any of
the numerous methods available to do so), and then transmit this
authenticated user-id to Tomcat, at the moment the requests get
proxied to Tomcat for execution.
Because for Tomcat then, all incoming requests (no matter for which
Host) would already be authenticated, and Tomcat would "believe" this
authentication and not bother to do its own anymore, even for
protected areas within Tomcat Hosts.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Hey thanks for your answer.
I'll look into your suggestion to see if that's a possibility for us.
What I have also found in my further research is JNDI resources. I have
never used this so my knowledge is pretty zero on this, but would this
be something I can use to share data (some java beans with needed data
for the authentication) across my applications in my current setup?
Nathan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
