Re: Stateless application is very slow using LDAP authentication

Tue, 22 Apr 2014 06:53:24 -0700 

Frédéric Poliquin wrote:

Hi,

I'm working on a stateless application which does not create an http session. 
This application has a standard security constraint requesting basic 
authentication on all resources.

Tomcat is configured using a standard JNDIRealm to authenticate against Active 
Directory. Authentication and authorisation are working fine but with this 
configuration, the application is very slow; we even get timeouts from 
requirejs. The documentation says:

"Once a user has been authenticated, the user (and his or her associated roles) are 
cached within Tomcat for the duration of the user's login. (For FORM-based 
authentication, that means until the session times out or is invalidated; for BASIC 
authentication, that means until the user closes their browser). The cached user is not 
saved and restored across sessions serialisations. Any changes to the directory 
information for an already authenticated user will not be reflected until the next time 
that user logs on again."
I see this paragraph too, in : https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm 
"Additional Notes"
 and I believe that it is unclear (or maybe the parenthesis are misplaced).
I don't think that Tomcat can cache the authentication information if there is no session, and thus for Basic Authentication, it probably calls the LDAP server at each request, to re-authenticate the user. 



Does Tomcat have a cache outside the http session? Is there a workaround to get 
one?
Does Tomcat can be used as a simple file server with LDAP authentication?
You should probably describe your application a bit more, and also explain why you seem to be adverse to sessions. 

That's because it seems to me that using sessions would be the answer here.
And that is because I believe (maybe wrongly) that Tomcat *does* cache the authenticated user-id within the session. Most authentication schemes would not make much sense if that is not the case. 



We are using Tomcat 7.0.53 with JDK  1.7.0_55 on Windows Server 2008 R2.

Thank you.

Frédéric.
frederic.poliq...@dti.ulaval.ca<mailto:frederic.poliq...@dti.ulaval.ca>






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to