If you deploy the webapp inside another directory that is already
protected, you can use SingleSignOn to execute login via the parent/ROOT
web app?
Tim Funk wrote:
> Out of the box - there is no Valve in Tomcat which requires
> authentication without first consulting web.xml.
>
> As a simple(?) kludge - you could write your own Valve which forces
> authentication on anything executed by the Valve: - you'll need to fill
> in isAuthenticated(...)
>
>
> public class ProtectMeValve extends ValveBase implements Lifecycle {
>
> ...
>
> public void invoke(Request request, Response response)
> throws IOException, ServletException {
>
> String authHeader = request.getHeader("Authorization");
> if (authHeader!=null) {
> if (isAuthenticated(request, authHeader)) {
> getNext().invoke(request, response);
> } else {
> // may need setContentType(...)
> response.setStatus(403);
> response.getWriter().write("Go away - your not allowed!");
> }
> } else {
> // may need setContentType(...)
> response.setStatus(401);
> response.addHeader("WWW-Authenticate",
> "Basic realm=\"My Webapp\"");
> response.getWriter().write("some message");
> }
> }
> }
>
> I would think the preceding should work.
>
> -Tim
>
> Johannes wrote:
>> With the lack of reply's I guess that Active directory connections are
>> not used by anyone here.
>>
>> I'm making it a bit more simple then and in step one only protect this
>> service with a simple login / password protection.
>>
>> Setup: One separate engine only accepting HTTPS connections that needs
>> to be protected.
>> I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a
>> xml file with one user, password and group in my server.xml section
>> for the engine I'm protecting.
>>
>> So far so good.
>> Then I got everything to work when editing <webapp>/WEB-INF/web.xml
>> and added the following:
>> <security-constraint>
>> <display-name>Security check</display-name>
>> <web-resource-collection>
>> <web-resource-name>Protected Area</web-resource-name>
>> <!-- Define the context-relative URL(s) to be protected -->
>> <url-pattern>/*</url-pattern>
>>
>> <!-- If you list http methods, only those methods are protected -->
>> <http-method>DELETE</http-method>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> <http-method>PUT</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <!-- Anyone with one of the listed roles may access this area -->
>> <role-name>testgroup</role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>Security Check</realm-name>
>> </login-config>
>>
>> That worked great, the login box appears and are not accessible
>> without the correct logon.
>>
>> BUT the problem is that this webapp is delivered by a 3:rd party
>> without the above settings in there web.xml file.
>> We get regular updates and I would like to NOT be forced to remember
>> to add the above section every time we get a new release of the webapp.
>>
>> So how can I make this Engine/webapp in the server.xml file be
>> protected by one simple login WITHOUT the need to modify the webapp
>> itself every time we get a new version of the webapp?
>>
>> ~Johannes
>>
>>
>>
>> -----Originalmeddelande-----
>> From: Johannes [EMAIL PROTECTED]
>> Date: Thu, 02 Nov 2006 12:55:13 +0100
>> To: [email protected]
>> Subject: Tomcat authenticate with Active directory
>>
>>> I have a webapp that I want to protect the best way possible.
>>> Our environment has previously been Windows and still are but our new
>>> system is running tomcat 5.0.
>>>
>>> Now I would like to protect one part of our setup with login from our
>>> Windows 2003 Active directory domain server when there is a lot of
>>> people that is going to access this webapp. But still it need to be
>>> secure!
>>> Found some some information here:
>>> http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html
>>> Section JNDIRealm
>>>
>>> But without any previous experience with LDAP connections I have no
>>> clue how to get this to work.
>>> I'w tried searching for a good tutorial/guide how to make this happen
>>> step by step but without success.
>>>
>>> Have this been done by anyone here that could give me some help
>>> setting this up. Or can direct me to a good step by step tutorial to
>>> get this up and running?
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: [email protected]
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]