Christopher, thanks for your reply.
I do mention however that two separate physical servers exist and the
webapps are on two separate web servers as well... they appear under the
same host to users because the URL's are dynamically rewritten on the
front end. The DNS is entirely separate, so to share a login across the
two would require that I pass authentication information between the two
web servers somehow, do you understand?
Also, sharing a session is not possible in this case because the Perl
application is stateless, for this reason also it uses Apache basic
authentication, so I cant use forms authentication or the problem would
be easily solved with a common sign-in as you suggested, but
unfortunately thats not an option.
Peter
Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter,
Peter Stavrinides wrote:
I have an Apache web server with Basic authentication configured to use
a Postgres database. Web application A (written in Perl) uses it.
Web application B (written in Java) runs on Tomcat 5.5.20 on a different
physical server, it uses a JDBC realm with basic authentication once
again to connect to the same database and authenticate users.
What I need to do is authenticate users once (on either server /
application), and allow the users to navigate from one application to
the other (I don't want to ask for passwords again). Can the servers
share a realm or is there a connector component or something I can use.
What you are talking about is not realm-sharing since the concept of a
"realm" really only exists on the Tomcat side. You really want some sort
of cooperative login or something like that.
First, you have to decide which type of authentication you prefer. For
instance, if the user really cannot tell the difference between the
webapps, does that mean that the URL spaces are the same? (i.e. the perl
webapp lives in "/cool-product/whatever/*.pl" and the Java stuff lives
in "/cool-product/whatever/*.jsp")?
If that's the case, then you can probably configure Tomcat to use Basic
authentication which is already being used by Apache httpd to do the
authentication for your other application. The same path
("/cool-product") will result in the WWW-Auth information being sent to
both applications. Since you have the same database for authentication
in both webapps, either one can be the "first" to do authentication, and
then the other app should respect the other's WWW-auth information.
There are other ways, but this sounds like the most painless given your
setup.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFt2nu9CaO5/Lv0PARAk8PAKCx6FT2r7wGaBX0TrhgcsdHY+Q07ACgk6uy
+jtEpw9Nts3/zOgFTilzFCU=
=mye9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Peter Stavrinides
Albourne Partners (Cyprus) Ltd
Tel: +357 22 750652
If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Please visit http://www.albourne.com/email.html for important additional terms relating to this e-mail.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
