Re: caching principals within Tomcat using Basic Auth and LDAP

Sun, 29 Apr 2007 18:07:38 -0700 

Hello Bill

http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
"Once a user has been authenticated, the user (and his or her associated roles) are cached within Tomcat for the duration of the user's login. (For FORM-based authentication, that means until the session times out or is invalidated; for BASIC authentication, that means until the user closes their browser)" 


I concur to look at authentication from another source such as Apache if 
you're looking for BASIC auth beyond the session's timeout or is invalidated 
(including user close of Browser)


Does this conform to your understanding?

Thx,
Martin
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed.  If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy.  Thank you.


----- Original Message ----- 
From: "Bill Higgins" <[EMAIL PROTECTED]>

To: <users@tomcat.apache.org>
Sent: Sunday, April 29, 2007 8:44 PM
Subject: Re: caching principals within Tomcat using Basic Auth and LDAP



FYI, we ended up finding a solution to the problem above, but it required 
us

to use Apache HTTP Server rather than Tomcat to secure the URLs and cache
the Basic Auth credentials (since Tomcat apparently cannot do so) and
configure Tomcat to respect the other component as the trusted source of
principal information.

In detail:

  - remove all security constraints from our Tomcat webapp's web.xmlfile
  - install Apache HTTP Server to front Tomcat and configure Apache to
  secure the same paths that Tomcat had previously secured
  - configure Apache to cache Basic Auth credentials for 10 minutes at a
  time
  - configure Tomcat so that when you call
  HttpServletRequest#getRemoteUser(), Tomcat gets the info from Apache
  (this is invisible to the calling code)

--

- Bill




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to