This is actually the situation Let me create:

  • - protected by Apache HTTP Fundamental Auth, realm "foo"
  • - protected by Tomcat/Servlet HTTP Fundamental Auth, realm "foo"
  • User access /priv, apache demands login info, they offer and therefore are given access
  • Same user then demands /application. Given that they have authenticated towards the "foo" realm in the earlier step, I'd like these to be let in directly.
  • If another customers accesses /application without first likely to /priv, Tomcat requires authentication (and they may also later access /priv without needing to re-authenticate)

Essentially, I would like apache and tomcat to talk about authentication area and, ideally, user databases.

How could this be best accomplished?

Perhaps you have already attempted to get this done and unsuccessful? I request because HTTP Fundamental authentication happens purely with the addition of an HTTP header to some request in other words, once you are authenticated against confirmed realm on the given server, your browser adds one more header for your request (e.g., "Authorization: Fundamental amxldmludnskZXZsaW4="), and also the server appreciates that you are authenticated due to that header. So given your example, and given some ad-hoc testing I simply did, I suspect the setup you describe will just work with no additional effort from you.