tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: Tomcat authenticate with BASIC Auth (Pre: Active directory)
Date Fri, 03 Nov 2006 13:27:22 GMT

If you deploy the webapp inside another directory that is already
protected, you can use SingleSignOn to execute login via the parent/ROOT
web app?




Tim Funk wrote:
> Out of the box - there is no Valve in Tomcat which requires
> authentication without first consulting web.xml.
> 
> As a simple(?) kludge - you could write your own Valve which forces
> authentication on anything executed by the Valve: - you'll need to fill
> in isAuthenticated(...)
> 
> 
> public class ProtectMeValve extends ValveBase implements Lifecycle {
> 
>     ...
> 
>   public void invoke(Request request, Response response)
>         throws IOException, ServletException {
> 
>     String authHeader = request.getHeader("Authorization");
>     if (authHeader!=null) {
>       if (isAuthenticated(request, authHeader)) {
>         getNext().invoke(request, response);
>       } else {
>         // may need setContentType(...)
>         response.setStatus(403);
>         response.getWriter().write("Go away - your not allowed!");
>       }
>     } else {
>       // may need setContentType(...)
>       response.setStatus(401);
>       response.addHeader("WWW-Authenticate",
>                          "Basic realm=\"My Webapp\"");
>       response.getWriter().write("some message");
>     }
>   }
> }
> 
> I would think the preceding should work.
> 
> -Tim
> 
> Johannes wrote:
>> With the lack of reply's I guess that Active directory connections are
>> not used by anyone here.
>>
>> I'm making it a bit more simple then and in step one only protect this
>> service with a simple login / password protection.
>>
>> Setup: One separate engine only accepting HTTPS connections that needs
>> to be protected.
>> I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a
>> xml file with one user, password and group in my server.xml section
>> for the engine I'm protecting.
>>
>> So far so good.
>> Then I got everything to work when editing <webapp>/WEB-INF/web.xml
>> and added the following:
>>   <security-constraint>
>>     <display-name>Security check</display-name>
>>     <web-resource-collection>
>>       <web-resource-name>Protected Area</web-resource-name>
>>       <!-- Define the context-relative URL(s) to be protected -->
>>       <url-pattern>/*</url-pattern>
>>
>>       <!-- If you list http methods, only those methods are protected -->
>>       <http-method>DELETE</http-method>
>>       <http-method>GET</http-method>
>>       <http-method>POST</http-method>
>>       <http-method>PUT</http-method>
>>     </web-resource-collection>
>>     <auth-constraint>
>>       <!-- Anyone with one of the listed roles may access this area -->
>>       <role-name>testgroup</role-name>
>>     </auth-constraint>
>>   </security-constraint>
>>
>>   <login-config>
>>     <auth-method>BASIC</auth-method>
>>     <realm-name>Security Check</realm-name>
>>   </login-config>
>>
>> That worked great, the login box appears and are not accessible
>> without the correct logon.
>>
>> BUT the problem is that this webapp is delivered by a 3:rd party
>> without the above settings in there web.xml file.
>> We get regular updates and I would like to NOT be forced to remember
>> to add the above section every time we get a new release of the webapp.
>>
>> So how can I make this Engine/webapp in the server.xml file be
>> protected by one simple login WITHOUT the need to modify the webapp
>> itself every time we get a new version of the webapp?
>>
>> ~Johannes
>>
>>
>>
>> -----Originalmeddelande-----
>> From: Johannes johannes@idg.nu
>> Date: Thu, 02 Nov 2006 12:55:13 +0100
>> To: users@tomcat.apache.org
>> Subject: Tomcat authenticate with Active directory
>>
>>> I have a webapp that I want to protect the best way possible.
>>> Our environment has previously been Windows and still are but our new
>>> system is running tomcat 5.0.
>>>
>>> Now I would like to protect one part of our setup with login from our
>>> Windows 2003 Active directory domain server when there is a lot of
>>> people that is going to access this webapp. But still it need to be
>>> secure!
>>> Found some some information here:
>>> http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html
>>> Section JNDIRealm
>>>
>>> But without any previous experience with LDAP connections I have no
>>> clue how to get this to work.
>>> I'w tried searching for a good tutorial/guide how to make this happen
>>> step by step but without success.
>>>
>>> Have this been done by anyone here that could give me some help
>>> setting this up. Or can direct me to a good step by step tutorial to
>>> get this up and running?
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message