• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat bypass authentication

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there a way to by pass tomcat authentication.
We have an application that has BASIC authentication.
But if the incoming URL has parameter say 'apikey' then we do not want tomcat to authenticate and instead perform our own authenticatin.

Thanks.
 
Ranch Hand
Posts: 163
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I too would like to know if this is possible.

I have two tomcat servers, each utilizes the same userid/password table. The reason for the separation is performance. At this time, I don't trust Tomcat to manage both sets of workloads with one server. Maybe down the road when I'm more learned in Tomcat configuration.

So now the users have to log in twice, once for each server. And they don't like it. And they tell me about it. Often.

I can't use the Single Sign-On valve because the webapps are on different servers.

Is it possible to pass login credentials from one tomcat server to another?




 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bill Clar wrote:I can't use the Single Sign-On valve because the webapps are on different servers.


Technically that doesn't need to stop you. There's a technique called SAML that allows you to perform SSO across multiple servers. One of them needs to play the role of IdP, the others the role of SP.
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't need to dig a 4-year old thread out of its grave to find that out, Bill. We don't charge extra for starting your own threads. In fact, we prefer it.

Actually, SSO is most effective when it is co-ordinating security between multiple servers. So that, regardless of the machine, OS, application framework, you sign on once and that makes you transparently known to all participating apps in the shop.
 
Bill Clar
Ranch Hand
Posts: 163
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Rob and Tim!
 
Rob Spoor
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You're welcome.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic