Yeah, it'd would be a good idea to store the authentication information - userid/pwd - in one place. And then use LDAP or JNDI. If you store the info in the database, only Tomcat would be able to access it (unless you use LDAP - maybe Apache has a LDAP module). Also I'd suggest either Tomcat or Apache handle the authetication, not both. This way you won't have nightmares later :-) Again, these are just suggestions, you make the call depending on your requirements.
RS Jacob Kjome <[EMAIL PROTECTED]> on 07/24/2002 11:19:18 AM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> cc: Subject: Re[4]: Apache Authentication Hello rsequeira, Good point. However, that means you have to keep your user authentication info in two different places...unless you are pulling the info a single source such as JNDI or JDBC for both Apache and Tomcat. Also, in that case, the structure of the JNDI and JDBC entries for both Apache and Tomcat have to be pretty close to identical. Notice the issues brought up by users unhappy with how SingleSignOn work with Tomcat and how the structure of the database forced by Tomcat's implementation doesn't quite meet their needs. Jake Wednesday, July 24, 2002, 10:50:48 AM, you wrote: rtc> Just a thought, might not be true (since I haven't checked this behaviour). rtc> When you go through Apache (and if Apache has BASIC authentication setup), rtc> the Apache authentication will take precedence. Once you have entered the rtc> userid/password in the authentication dialog box, the browser will from rtc> then on keep sending the Authentication header (Base64 encoded userid/pwd) rtc> to the webserver. So if Tomcat has a BASIC authentication setup too, then rtc> it will not send a 401 response code since the browser has sent the rtc> Authentication header (ofcourse the userid/pwd for both Apache and Tomcat rtc> should be the same. Else Tomcat will send a 401 response code). rtc> RS rtc> Jacob Kjome <[EMAIL PROTECTED]> on 07/24/2002 10:41:58 AM rtc> Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> rtc> To: "Tomcat Users List" <[EMAIL PROTECTED]> rtc> cc: rtc> Subject: Re[2]: Apache Authentication rtc> Hello Kevin, rtc> That's a question for the developers. I don't think it is possible, rtc> actually. I think if you set your BASIC auth up in the web.xml and in rtc> Apache, then you get the case where, when you go through Apache on rtc> port 80, you get prompted for username/password by Apache and then rtc> again by Tomcat. However, in this setup, if you went to port 8080, rtc> directly to Tomcat, then it would work fine. rtc> So, you kind of need to make a choice as to whether to disable the rtc> authentication set in web.xml and just use Apache or just let Apache rtc> forward the request without asking for authentication and let Tomcat rtc> deal with that. rtc> It sure seems like a better solution ought to be possible. rtc> Jake rtc> Monday, July 22, 2002, 1:11:15 PM, you wrote: KA>> OK, KA>> So what if I want in one application to use Tomcat Authentication rtc> and in KA>> the other use Apache's Authentication. Is that possible?? KA>> Thanks, KA>> Kevin KA>> Kevin Andryc KA>> Web Systems Engineer KA>> MISER KA>> http://www.umass.edu/miser/ KA>> Phone: (413)-545-3460 KA>> [EMAIL PROTECTED] KA>> -----Original Message----- KA>> From: Jacob Kjome [mailto:[EMAIL PROTECTED]] KA>> Sent: Monday, July 22, 2002 02:07 PM KA>> To: Tomcat Users List KA>> Subject: Re: Apache Authentication KA>> Hello Kevin, KA>> You need to add tomcatAuthentication="false" to your jk connector KA>> definition in server.xml. KA>> <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" KA>> port="8009" minProcessors="5" maxProcessors="75" KA>> acceptCount="10" debug="0" tomcatAuthentication ="false"/>> KA>> Note that tomcatAuthentication does not seem to be implemented KA>> properly in Coyote. For instace, the analog to the above connection KA>> for Coyote would be the following which currently doesn't work KA>> (getRemoteUser() returns null): KA>> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" KA>> port="8009" minProcessors="5" maxProcessors="75" KA>> enableLookups="true" redirectPort="8443" KA>> acceptCount="10" debug="0" connectionTimeout="20000" KA>> useURIValidationHack="false" tomcatAuthentication rtc> ="false" KA>> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> KA>> Let me qualify that. It doesn't work when using mod_jk. I haven't KA>> gotten thing to work using mod_jk2, so it may work in that case, but KA>> it should work in both. KA>> To Tomcat Developers... KA>> Is there another way that Coyote implemented to grab the auth info KA>> from Apache? KA>> Jake KA>> Monday, July 22, 2002, 12:55:31 PM, you wrote: KA>>> I just converted over from Tomcat 3.2.X to Tomcat 4.0.4 on Linux using KA>>> Apache 1.3.26. In the Apache httpd.conf file, we have an Alias that KA>> points KA>>> to a directory that uses Apache's authentication. In Tomcat 3.2.X, I KA>> used KA>>> mod_jserv which integrated well and I could get the remote user and rtc> use KA>>> Apache to authenticate. I was wondering how I could use mod_jk to do rtc> the KA>>> same. Right now, when I do a getRemoteUser() it returns null. KA>>> Thanks, KA>>> Kevin KA>>> Kevin Andryc KA>>> Web Systems Engineer KA>>> MISER KA>>> http://www.umass.edu/miser/ KA>>> Phone: (413)-545-3460 KA>>> [EMAIL PROTECTED] KA>>> -- KA>>> To unsubscribe, e-mail: KA>> <mailto:[EMAIL PROTECTED]> KA>>> For additional commands, e-mail: KA>> <mailto:[EMAIL PROTECTED]> KA>> -- KA>> Best regards, KA>> Jacob mailto:[EMAIL PROTECTED] KA>> -- KA>> To unsubscribe, e-mail: KA>> <mailto:[EMAIL PROTECTED]> KA>> For additional commands, e-mail: KA>> <mailto:[EMAIL PROTECTED]> KA>> -- KA>> To unsubscribe, e-mail: < rtc> mailto:[EMAIL PROTECTED]> KA>> For additional commands, e-mail: < rtc> mailto:[EMAIL PROTECTED]> rtc> -- rtc> Best regards, rtc> Jacob mailto:[EMAIL PROTECTED] rtc> -- rtc> To unsubscribe, e-mail: < rtc> mailto:[EMAIL PROTECTED]> rtc> For additional commands, e-mail: < rtc> mailto:[EMAIL PROTECTED]> rtc> -- rtc> To unsubscribe, e-mail: < mailto:[EMAIL PROTECTED]> rtc> For additional commands, e-mail: < mailto:[EMAIL PROTECTED]> -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: < mailto:[EMAIL PROTECTED]> For additional commands, e-mail: < mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
