Hello My aim is to introduce a domain level authentication/authorisation security layer when accessing the http://localhost:8080/sample/ application. I don't want this web application to be openly accessible and without challenging an operator.
After a frustrating and fruitless week I now reach out to the apache community for assistance because I have been unsuccessful enabling this function. The current behaviour is that http://localhost:8080/sample does not throw a login prompt. I can only assume it is caused by my Apache Tomcat code snippet configuration is all wrong. I am running version Apache Tomcat/7.0.91 on Redhat 7 in an ec2 AWS instance. I have installed and integrated Winbind on the OS and is happily talking to my AD domain example.com. Confirmation of this is realm connecting successful, I can see groups and users and I have masked the domain format 'example/user1' so it appears as 'user1'. Other factors; 1) I have found similar issues posted by others but none of the solutions worked for me 2)There are no errors found within /usr/local/tomcat7/logs/. I had downloaded and installed sample.war from https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/ into my tomcat installation /usr/local.tomcat7/webapps/ directory. I would appreciate any assistance or a hefty kick in the right direction. There are 3 files in total that I have attempted to configure; /conf/server.xml, /webapps/sample/WEB-INF/web.xml & /conf/tomcat-users.xml My JNDI Realm entry in /usr/local/tomcat7/conf/server.xml configuration looks like this: -------------------------------------------------------------------------------------- <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://example.com:389" authentication="simple" referrals="follow" connectionName="ou=users,ou=lab,dc=example,dc=com" userSearch="(sAMAccountName={0})" userBase="dc=example,dc=com" userSubtree="true" roleSearch="(member={0})" roleName="cn" roleSubtree="true" roleBase="ou=users,ou=lab,dc=example,dc=com" /> -------------------------------------------------------------------------------------- Also, I have commented the following: -------------------------------------------------------------------------------------- <!-- <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> --> -------------------------------------------------------------------------------------- My /usr/local/tomcat7/webapps/sample/WEB-INF/web.xml file looks like this: -------------------------------------------------------------------------------------- <?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <display-name>Hello, World Application</display-name> <description> This is a simple web application with a source code organization based on the recommendations of the Application Developer's Guide. </description> <servlet> <servlet-name>HelloServlet</servlet-name> <servlet-class>mypackage.Hello</servlet-class> </servlet> <servlet-mapping> <servlet-name>HelloServlet</servlet-name> <url-pattern>/hello</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> </security-constraint> <!-- This application has two basic areas; --> <!-- the webroot of the application accessed by all users(/MyWebApp) --> <!-- and the admin pages (/MyWebApp/Admin) --> <!-- We assign the role-name 'Users' to first, and 'Admin' to the second --> <security-constraint> <display-name>All Users</display-name> <web-resource-collection> <web-resource-name>All Users</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>User</role-name> </auth-constraint> </security-constraint> <security-constraint> <display-name>Admin Users</display-name> <web-resource-collection> <web-resource-name>Admin Users</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <security-role> <description>Webapp Admins</description> <role-name>Admin</role-name> <group-name>domain admins</group-name> </security-role> <security-role> <description>Webapp Users</description> <role-name>User</role-name> <group-name>domain users</group-name> </security-role> <login-config> <auth-method>BASIC</auth-method> <form-login-config>/sample/login.html</form-login-config> <form-error-page>/sample/error_login.jsp</form-error-page> </login-config> </web-app> -------------------------------------------------------------------------------------- The only change made to /usr/local/tomcat7/conf/tomcat-users.xml is the additional text: -------------------------------------------------------------------------------------- <role rolename="User"/> <role rolename="Admin"/> <user username="user1" password="******" roles="User,Admin"/> -------------------------------------------------------------------------------------- Thanks for reading. Terms and conditions apply to all Vitality partners, please visit the Member Zone for more information. © 2016 Vitality Corporate Services Limited trading as VitalityHealth and VitalityLife. All rights reserved. Don't want to receive our emails anymore? If you're sure you want to stop receiving updates about our Vitality programme, you can unsubscribe by clicking here. You will still receive emails from us about your plan or product changes as we are obliged to send you these to comply with regulatory guidelines. This email is confidential and should not be used by anyone who is not the original intended recipient. VitalityHealth and VitalityLife are trading names of Vitality Corporate Services Limited. Registered number 05933141. Registered in England and Wales. Registered office at 3 More London Riverside, London, SE1 2AQ. Vitality Corporate Services Limited is authorised and regulated by the Financial Conduct Authority. Trust administration business is handled by Vitality Corporate Services Limited and this activity is not regulated by the Financial Conduct Authority. An email reply to this address may be subject to interception or monitoring for operational reasons or for lawful business practices. If you wish to contact us, please do not reply to this message but instead go to the contact us page at vitalityhealth.co.uk or vitalitylife.co.uk. Alternatively, please register or log into the Member Zone and send us a secure message. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org