Using Apache HTTP user in Tomcat?

Question

I need users to authenticate in Apache HTTP for some static resources (using mod_auth_openid. I also have a Tomcat application running. How can I accept the HTTP user as the Tomcat user, so the users don't need to login twice?

Clarification: I don't want to recheck credentials on the Tomcat side, but essentially trust that the user that has been identified by Apache HTTP is correct (whatever way that authentication happened - which is the main point: handing over username/password is **not* an option since there might not be a password, actually most likely there won't).

I want this to work with the Tomcat authentication system, but some pointer how it could work with a home grown authentication wouldn't harm.

Do you need to ensure that they have the correct credentials in Tomcat, or essentially just 'trust' the user as Apache received and authenticated it? And do you need for this to work with Tomcat's auth mechanisms, or just with an authentication mechanism that you implement within Tomcat? — Shane Madden, Oct 18 '12 at 04:37
Hi Share Just trust / Tomcat's authentication. Clarified above — stwissel, Oct 18 '12 at 14:11

score 1 · Accepted Answer · answered Oct 22 '12 at 08:31

1

According to http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html just set the tomcatAuthentication to false to have the authorization propagated from the native webserver and used for authorization in Tomcat.

answered Oct 22 '12 at 08:31

addam

430
2
6

That was the missing piece: I need to use the ajp protocol instead of http. Thx – stwissel Oct 22 '12 at 08:43

Using Apache HTTP user in Tomcat?

1 Answers1