Ok Rainer, due to your information i think i see a way out. Thank you very much!
Bart. -----Oorspronkelijk bericht----- Van: Rainer Jung [mailto:[EMAIL PROTECTED] Verzonden: woensdag 14 mei 2008 16:35 Aan: Tomcat Users List Onderwerp: Re: Tomcat & Apache webserver authentication bartd schrieb: > Thanks Rainer for your quick answer. Does "sharing the same database" means > that if you are authenticated for 1 application, you're automatically > authenticated for the other application? No. It means you only need one user administration. What you are now asking for, is sharing some kind of security context between httpd and Tomcat. Actually you are aksing about sharing between applications, but I will focus here on the httpd/Tomcat interaction. I've got no complete solution to that, but there are some bbuilding blocks: Basic auth uses http headers. Once the browser authenticated a user via basic auth, it will always send the Authorization header with the requests for the same server - unless a URL is protected by a different realm (more precisely a different realm-name in login-config in web.xml). The same should hold true for digest authentication. These ways of httpd authentication are used by httpd and Tomcat. So you can play around by using the same realm-name (by which I don't mean the class name implementing a special realm type in Tomcat). mod_jk and mod_proxy_ajp will also automatically transport some authentication information from httpd to Tomcat, e.g. remote_user and auth_type. If you set tomcatAuthentication="false" in your AJP connector config (in server.xml), you can retrieve the remote user via request.getRemoteUser(). Additional information could be made available in httpd as so-called environment variables (not the same as a shell environment variable) and then forwarded to Tomcat via JkEnvVar. Regards, Rainer > ---------- Initial header ----------- > > From : "Rainer Jung" [EMAIL PROTECTED] > To : "Tomcat Users List" users@tomcat.apache.org > CC : > Date : Wed, 14 May 2008 13:29:48 +0200 > Subject : Re: Tomcat & Apache webserver authentication > >> bartd schrieb: >>> Hi, >>> >>> I connected Tomcat 5.5 and Apache Webserver together with mod_jk. My >>> servlet calls are correctly transferred to Tomcat by Apache and if i >>> address a servlet in a "secured" zone i'm prompted for a password >>> (Form authentication in a Jdbcrealm in Tomcat). So far, so good. But i >>> wonder if it is possible to configure Tomcat or Apache or both to >>> share there realm, so the Tomcat authentication covers both Tomcat and >>> Apache secured areas with 1 user/password database. Everything i found >>> on the web covers the one case where the secured area is completely in >>> a Tomcat webcontext. >> You should be able share the user database with JDBCRealm (Tomcat) and >> mod_auth_dbd (Apache httpd 2.2) resp. with JNDIRealm and mod_authnz_ldap. >> >>> Thanks in advance for any input! >>> >>> Bart. >> Regards, >> >> Rainer --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.16/1430 - Release Date: 13/05/2008 7:31 --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
