aspose file tools*
The moose likes Tomcat and the fly likes Tomcat bypass authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat bypass authentication" Watch "Tomcat bypass authentication" New topic
Author

Tomcat bypass authentication

cucci gucci
Greenhorn

Joined: Sep 23, 2009
Posts: 1
Is there a way to by pass tomcat authentication.
We have an application that has BASIC authentication.
But if the incoming URL has parameter say 'apikey' then we do not want tomcat to authenticate and instead perform our own authenticatin.

Thanks.
Bill Clar
Ranch Hand

Joined: Sep 21, 2006
Posts: 153

I too would like to know if this is possible.

I have two tomcat servers, each utilizes the same userid/password table. The reason for the separation is performance. At this time, I don't trust Tomcat to manage both sets of workloads with one server. Maybe down the road when I'm more learned in Tomcat configuration.

So now the users have to log in twice, once for each server. And they don't like it. And they tell me about it. Often.

I can't use the Single Sign-On valve because the webapps are on different servers.

Is it possible to pass login credentials from one tomcat server to another?




Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19761
    
  20

Bill Clar wrote:I can't use the Single Sign-On valve because the webapps are on different servers.

Technically that doesn't need to stop you. There's a technique called SAML that allows you to perform SSO across multiple servers. One of them needs to play the role of IdP, the others the role of SP.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16250
    
  21

You don't need to dig a 4-year old thread out of its grave to find that out, Bill. We don't charge extra for starting your own threads. In fact, we prefer it.

Actually, SSO is most effective when it is co-ordinating security between multiple servers. So that, regardless of the machine, OS, application framework, you sign on once and that makes you transparently known to all participating apps in the shop.


Customer surveys are for companies who didn't pay proper attention to begin with.
Bill Clar
Ranch Hand

Joined: Sep 21, 2006
Posts: 153

Thanks Rob and Tim!
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19761
    
  20

You're welcome.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Tomcat bypass authentication