tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johannes <johan...@idg.nu>
Subject Re: Tomcat authenticate with BASIC Auth (Pre: Active directory)
Date Fri, 03 Nov 2006 11:18:59 GMT
With the lack of reply's I guess that Active directory connections are not used by anyone here.

I'm making it a bit more simple then and in step one only protect this service with a simple
login / password protection.

Setup: One separate engine only accepting HTTPS connections that needs to be protected.
I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a xml file with one user,
password and group in my server.xml section for the engine I'm protecting.

So far so good.
Then I got everything to work when editing <webapp>/WEB-INF/web.xml and added the following:
  <security-constraint>
    <display-name>Security check</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>/*</url-pattern>

      <!-- If you list http methods, only those methods are protected -->
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
    </web-resource-collection>
    <auth-constraint>
      <!-- Anyone with one of the listed roles may access this area -->
      <role-name>testgroup</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Security Check</realm-name>
  </login-config>

That worked great, the login box appears and are not accessible without the correct logon.

BUT the problem is that this webapp is delivered by a 3:rd party without the above settings
in there web.xml file.
We get regular updates and I would like to NOT be forced to remember to add the above section
every time we get a new release of the webapp.

So how can I make this Engine/webapp in the server.xml file be protected by one simple login
WITHOUT the need to modify the webapp itself every time we get a new version of the webapp?

~Johannes



-----Originalmeddelande-----
From: Johannes johannes@idg.nu
Date: Thu, 02 Nov 2006 12:55:13 +0100
To: users@tomcat.apache.org
Subject: Tomcat authenticate with Active directory

> I have a webapp that I want to protect the best way possible.
> Our environment has previously been Windows and still are but our new system is running
tomcat 5.0.
> 
> Now I would like to protect one part of our setup with login from our Windows 2003 Active
directory domain server when there is a lot of people that is going to access this webapp.
But still it need to be secure!
> Found some some information here:
> http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html
> Section JNDIRealm
> 
> But without any previous experience with LDAP connections I have no clue how to get this
to work.
> I'w tried searching for a good tutorial/guide how to make this happen step by step but
without success.
> 
> Have this been done by anyone here that could give me some help setting this up. Or can
direct me to a good step by step tutorial to get this up and running?
> 
> ~Johannes
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message