This article will be useful if you want to use a separated authentication system for each context with Apache Tomcat
Why?
Apache Tomcat’s manager application has its own security roles. If you define configuration in server.xml ( after deleting “), a Manager application deployed in a same host can’t use its own roles/users configuration.
If you can create roles with same names in a LDAP server and add users to it, that’s a simple solution. But you have to request it to LDAP server manager if you don’t have rights.
This configuration help you to deploy an web application without requesting LDAP server configuration changes..
How to
- Create a META-INF/context.xml in a context’s application directory with default contents
<?xml version="1.0" encoding="UTF-8"?> <Context antiResourceLocking="false" privileged="true" > </Context>
- Create
definition in
tag
<Context antiResourceLocking="false" privileged="true" > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.0.12:3268" authentication="simple" referrals="follow" connectionName="CN=ad_user,CN=Users,DC=Apache,DC=NET" connectionPassword="xxxxxx" userSearch="(sAMAccountName={0})" userBase="dc=Apache,dc=NET" userSubtree="true" roleSearch="(cn={0})" roleName="cn" roleSubtree="true" roleBase="dc=Apache,dc=NET"> </Realm> </Context>
- Add this xml code in web.xml
<web-app> <!-- Other codes --> <security-constraint> <web-resource-collection> <web-resource-name>opengrok.org</web-resource-name> <description></description> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> </form-login-config> </login-config> <security-role> <role-name>*</role-name> </security-role> </web-app>
If you change <auth-method>‘s value to ‘BASIC’, you can remove <form-login-config> tag and use Browser’s default login dialog.
- Create login.html page
<form action="j_security_check" method="POST"> <table> <tbody> <tr> <td colspan="2">Login to the TVL's OpenGrok System</td> </tr> <tr> <td colspan="2">Use LGE AD account and password:</td> </tr> <tr> <td>Name:</td> <td><input name="j_username" type="text" /></td> </tr> <tr> <td>Password:</td> <td><input name="j_password" type="password" /></td> </tr> <tr> <td colspan="2"><input type="submit" value="Go" /></td> </tr> </tbody> </table> </form>
- Restart Tomcat or a context itself.