tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johannes <>
Subject Re: Tomcat authenticate with BASIC Auth (Pre: Active directory)
Date Fri, 03 Nov 2006 11:18:59 GMT
With the lack of reply's I guess that Active directory connections are not used by anyone here.

I'm making it a bit more simple then and in step one only protect this service with a simple
login / password protection.

Setup: One separate engine only accepting HTTPS connections that needs to be protected.
I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a xml file with one user,
password and group in my server.xml section for the engine I'm protecting.

So far so good.
Then I got everything to work when editing <webapp>/WEB-INF/web.xml and added the following:
    <display-name>Security check</display-name>
      <web-resource-name>Protected Area</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->

      <!-- If you list http methods, only those methods are protected -->
      <!-- Anyone with one of the listed roles may access this area -->

    <realm-name>Security Check</realm-name>

That worked great, the login box appears and are not accessible without the correct logon.

BUT the problem is that this webapp is delivered by a 3:rd party without the above settings
in there web.xml file.
We get regular updates and I would like to NOT be forced to remember to add the above section
every time we get a new release of the webapp.

So how can I make this Engine/webapp in the server.xml file be protected by one simple login
WITHOUT the need to modify the webapp itself every time we get a new version of the webapp?


From: Johannes
Date: Thu, 02 Nov 2006 12:55:13 +0100
Subject: Tomcat authenticate with Active directory

> I have a webapp that I want to protect the best way possible.
> Our environment has previously been Windows and still are but our new system is running
tomcat 5.0.
> Now I would like to protect one part of our setup with login from our Windows 2003 Active
directory domain server when there is a lot of people that is going to access this webapp.
But still it need to be secure!
> Found some some information here:
> Section JNDIRealm
> But without any previous experience with LDAP connections I have no clue how to get this
to work.
> I'w tried searching for a good tutorial/guide how to make this happen step by step but
without success.
> Have this been done by anyone here that could give me some help setting this up. Or can
direct me to a good step by step tutorial to get this up and running?
> ~Johannes
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message