Hi, I'm working on a stateless application which does not create an http session. This application has a standard security constraint requesting basic authentication on all resources.
Tomcat is configured using a standard JNDIRealm to authenticate against Active Directory. Authentication and authorisation are working fine but with this configuration, the application is very slow; we even get timeouts from requirejs. The documentation says: "Once a user has been authenticated, the user (and his or her associated roles) are cached within Tomcat for the duration of the user's login. (For FORM-based authentication, that means until the session times out or is invalidated; for BASIC authentication, that means until the user closes their browser). The cached user is not saved and restored across sessions serialisations. Any changes to the directory information for an already authenticated user will not be reflected until the next time that user logs on again." Does Tomcat have a cache outside the http session? Is there a workaround to get one? Does Tomcat can be used as a simple file server with LDAP authentication? We are using Tomcat 7.0.53 with JDK 1.7.0_55 on Windows Server 2008 R2. Thank you. Frédéric. frederic.poliq...@dti.ulaval.ca<mailto:frederic.poliq...@dti.ulaval.ca>
