You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Larry Rogers <La...@mercmarine.com> on 2000/11/06 16:05:05 UTC

Which Tomcat to use?


Hi All!

We've been using Tomcat 3.1 in development, and now we're getting ready to
deploy our first production app (using the Struts framework, BTW).  Anyway, this
app and future apps will be deployed on an intranet, so we have some specific
security requirements:

* Using Servlet 2.2 security, authentication needs to refer to our relational
database of users and passwords.  We have a separate application that is used
for administering the user database.

* When a user is authenticated in one app, in its servlet context, and she
clicks a link to another app in a separate servlet context, she must not be
prompted to log in again.  The authentication should be shared across servlet
contexts (i.e., container based security).

Will Tomcat 3.2 handle these situations, or will they be implemented in 4.0?

BTW, I tested container based security in JRun 3.0 and it works, but I would
rather use Tomcat.

TIA,

Larry