tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aurélien Allienne" <allie...@gmail.com>
Subject Cas Filter, security filter and tomcat manager
Date Wed, 25 Apr 2007 09:54:12 GMT
Hi,

I want to use these filters for authenticate on tomcat manger. I use this
wiki page :
http://www.ja-sig.org/wiki/display/CASC/Combining+CASFilter+with+Tomcat+Realms+using+SecurityFilter
http://www.ja-sig.org/wiki/display/CAS/CASifying+Tomcat+Manager

So I have this in my web.xml :

  ...
 <filter>
        <filter-name>CASFilter</filter-name>
        <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter
</filter-class>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.loginUrl
</param-name>
                <param-value>https:///auth.univ-lille2.fr/cas/login
</param-value>
        </init-param>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
</param-name>
                <param-value>https://auth.univ-lille2.fr/cas/serviceValidate
</param-value>
        </init-param>
        <init-param>
                <param-name>edu.yale.its.tp.cas.client.filter.serverName
</param-name>
                <param-value>agenda.univ-lille2.fr:8080</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>CASFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

  <filter>
        <filter-name>Security Filter</filter-name>
        <filter-class>org.securityfilter.filter.SecurityFilter
</filter-class>
        <init-param>
                <param-name>config</param-name>
                <param-value>/WEB-INF/securityfilter-config.xml
</param-value>
                <description>Configuration file location (this is the
default value)</description>
        </init-param>
        <init-param>
                <param-name>validate</param-name>
                <param-value>false</param-value>
                <description>Validate config file if set to
true</description>
        </init-param>
        <init-param>
                <param-name>formPattern</param-name>
                <param-value>/logMeIn</param-value>
                <description>
                As an example a login form can define "logMeIn" as it action
in place of the standard
                "j_security_check" which is a special flag user by app
servers for container managed security.
                </description>
        </init-param>
  </filter>

  <filter-mapping>
        <filter-name>Security Filter</filter-name>
        <url-pattern>/*</url-pattern>
  </filter-mapping>

  ....

I have create a securityfilter-config.xml

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE securityfilter-config PUBLIC
   "-//SecurityFilter.org//DTD Security Filter Configuration 2.0//EN"
      "http://www.securityfilter.org/dtd/securityfilter-config_2_0.dtd">

      <securityfilter-config>

       <security-constraint>
                <web-resource-collection>
                        <web-resource-name>Secure Pages</web-resource-name>
                         <url-pattern>/*</url-pattern>
                 </web-resource-collection>
                 <auth-constraint>
                         <role-name>tomcat admin</role-name>
                 </auth-constraint>
       </security-constraint>
       <login-config>
                 <auth-method>CAS</auth-method>
                 <form-login-config>

<form-default-page>/html/index.html</form-default-page>
                 </form-login-config>
       </login-config>

       <!-- start with a Catalina realm adapter to wrap the Catalina realm
defined below -->
       <realm className="
org.securityfilter.realm.catalina.CatalinaRealmAdapter" />

       <realm className="org.apache.catalina.realm.JNDIRealm">
                <realm-param name="connectionName"
value="cn=admin,dc=univ-lille2,dc=fr"/>
                <realm-param name="connectionPassword" value="prout"/>
                <realm-param name="digest" value="SHA"/>
                <realm-param name="connectionURL"
value="ldap://ldapmasta:1389"/>
                <realm-param name="userBase"
value="ou=people,dc=univ-lille2,dc=fr"/>
                <realm-param name="userSearch"
value="(supannAliasLogin={0})"/>
                <realm-param name="roleBase"
value="ou=appli,dc=univ-lille2,dc=fr"/>
                <realm-param name="roleSubtree" value="true"/>
                <realm-param name="roleName" value="cn"/>
                <realm-param name="roleSearch" value="(member={0})"/>
                <realm-param name="debug" value="99"/>
       </realm>
</securityfilter-config>


And i put casclient.jar and all jar of the security filter projet in
WEB-INF/lib.

For me there are no problem but i have this in the browser :

HTTP Status 404 - Servlet HTMLManager is not available
------------------------------

*type* Status report

*message* *Servlet HTMLManager is not available*

*description* *The requested resource (Servlet HTMLManager is not available)
is not available.*
------------------------------
Apache Tomcat/5.5

And in the log :

 INFO http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]
- Marking servlet HTMLManager as unavailable
 INFO http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager]
- Marking servlet HTMLManager as unavailable


What is the problem?

Cordially

Aurelien Allienne

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message