tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Malley <cmal...@pixelzoom.com>
Subject Re: How does one authenticate through TC 4.0?
Date Mon, 03 Dec 2001 17:48:16 GMT
Mike Kelley wrote:
> 
> Read that but it leaves some questions for a newbie ... Like where and how
> to setup the authentication? The how to just kkinda skips that part ...


Here's how to do this for the SOAP servlet.
Other servlets should be similar.

On the client, set the username and password for the HTTP 
connection. For Apache SOAP, this is:

  SOAPHTTPConnection connection = new SOAPHTTPConnection();
  connection.setMaintainSession( true );
  connection.setUserName("myuser");
  connection.setPassword("mypassword");
  call.setSOAPTransport(connection);
  //...

Or if you're using Microsoft STK 2.0

  ISoapConnectorPtr pConnector;  // smart pointer
  pConnector.CreateInstance(__uuidof(HttpConnector)); 
  pConnector->Property["AuthUser" ] = _variant_t( "myuser" ); 
  pConnector->Property["AuthPassword" ] = _variant_t( "mypassword" ); 
  //...

On the server (running Tomcat), enable basic HTTP authentication 
on a per-service basis by adding this to 
$CATALINA_HOME/webapps/<service>/WEB-INF/web.xml:

     <security-constraint>
       <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/servlet/rpcrouter</url-pattern>
         <!-- If you list http methods, only those methods are protected
-->
         <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area
-->
         <role-name>tomcat</role-name>
       </auth-constraint>
     </security-constraint>
     <!-- Default login configuration uses BASIC authentication -->
     <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>Example Basic Authentication Area</realm-name>
     </login-config>

If you're not using a realm plug-in, then usernames and
passwords live in $CATALINA_HOME/conf/tomcat-users.xml.
Here's what it might look like for the above example:

     <tomcat-users>
       <user name="tomcat" password="tomcat" roles="tomcat" />
       <user name="role1"  password="tomcat" roles="role1"  />
       <user name="both"   password="tomcat" roles="tomcat,role1" />
       <user name="myuser" password="mypassword" roles="tomcat" />
     </tomcat-users>

Hope that gets you going...

-Chris

--
Chris Malley
PixelZoom, Inc.             Voice: +1.303.494.8849
835 Orman Drive             EMail: cmalley@pixelzoom.com
Boulder CO 80303-2616

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message