Passwords are protected using standard SSL. Eventually, the plan is to move towards OAuth 2.0 with a cookie/security token but until then I needed a quick solution...
For the other question, Apache httpd has an authentication cache which prevents going to Active Directory every time which is not linked to any session. It is documented here: http://httpd.apache.org/docs/current/mod/mod_ldap.html#cache ______________________________ Frédéric Poliquin Conseiller en architecture de système, DTI frederic.poliq...@dti.ulaval.ca Tél. : (418) 656-2131 #5875 -----Message d'origine----- De : Leo Donahue [mailto:donahu...@gmail.com] Envoyé : 22 avril 2014 12:01 À : Tomcat Users List Objet : Re: Stateless application is very slow using LDAP authentication On Tue, Apr 22, 2014 at 8:48 AM, André Warnier <a...@ice-sa.com> wrote: > Frédéric Poliquin wrote: > >> << What if you disable authentication entirely as a test... do things >> speed-up?>> Answer is YES << Do you have a problem only under load or >> also when you are testing a single-user?>> Single user >> >> What I did is to put Tomcat behind an Apache Server which solved my >> problem. Maybe it could be a good new feature to add in future releases... >> >> > Can you explain how this solved your problem ? > > If you are using Basic Authentication, without sessions, even httpd > would need to re-authenticate to AD/LDAP with every request, no ? > > > I'm somewhat more concerned for the OP if he is using Basic Authentication and LDAP. Passwords going over the network unprotected. Am I the only one seeing this? Leo
