geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krishnakumar B" <www....@gmail.com>
Subject Re: SSO in Tomcat
Date Thu, 20 Apr 2006 06:15:14 GMT
hi Jeff,

Thanks for the reply. I have tried this but am not able to get it to work.

My plan looks like this for test/web/1 and test/web/2. Both apps use
same Realm and Valve.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/web"
	xmlns:sec="http://geronimo.apache.org/xml/ns/security"
	configId="test/web/2">
	<context-root>/web2</context-root>
	<context-priority-classloader>false</context-priority-classloader>
	<container-config container="Tomcat">
		<config-param name="TomcatRealm">TomcatJAASRealm</config-param>
		<config-param name="TomcatValveChain">SSOValve</config-param>
	</container-config>
	<security-realm-name>geronimo-properties-realm</security-realm-name>
	<security>
		<default-principal realm-name="properties-realm">
			<principal
				class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
				name="system" />
		</default-principal>
		<role-mappings>
			<role role-name="admin">
				<realm realm-name="properties-realm">
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
						name="admin" designated-run-as="true" />
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
						name="system" />
				</realm>
			</role>
			<role role-name="users">
				<realm realm-name="properties-realm">
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
						name="users" designated-run-as="true" />
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
						name="user1" />
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
						name="user2" />
				</realm>
			</role>
			<role role-name="guest">
				<realm realm-name="properties-realm">
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
						name="guest" designated-run-as="true" />
					<principal
						class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
						name="guest1" />
				</realm>
			</role>
		</role-mappings>
	</security>
	
	<gbean name="SSOValve" class="org.apache.geronimo.tomcat.ValveGBean">
	           <attribute
name="className">org.apache.catalina.authenticator.SingleSignOn</attribute>
       </gbean>
</web-app>

Regards
Krish

On 4/20/06, Jeff Genender <jgenender@apache.org> wrote:
> Yes, you should be able to do this.  Look at the geronimo-web.xml for
> the Tomcat descriptor.  There is a xml tag that lets you reference a
> valve in the geronimo-web.xml.
>
> Krishnakumar B wrote:
> > Hi,
> >
> > I have a ? related to SSO in tomcat.
> >
> > I can build geronimo configuring a SSO Valve and use this in web
> > applications deployed in Tomcat. This works.
> >
> > If i deploy a new Valve along with a web application this does not work.
> >
> > Can valves be deployed at application level so that it works for some
> > web applications? I dont need to have a pre-built Valve enabled with
> > the Server if this works.
> >
> > Regards
> > Krish
>

Mime
View raw message