The Tomcat Valve is only available for tomcat 5.5 or greater.
Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies.
As J2EE servlet container, Tomcat provides standard security feature, like authentication: the application deployed in Tomcat can delegate its authentication to Tomcat.
By default, Tomcat provides a file called
users.xml to manage
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="role1" password="tomcat" roles="role1"/> <user username="both" password="tomcat" roles="tomcat,role1"/> </tomcat-users>
LL::NG provides a valve that will check an HTTP header to set the authenticated user on the J2EE container.
The sources are available at https://github.com/LemonLDAPNG/lemonldap-valve-tomcat
- jre > 1.4
- tomcat >= 5.5
Configure your tomcat home in
Be careful for Windows user, path must contains “/”. Example:
Next run ant command:
ValveLemonLDAPNG.jar is created under
cp ValveLemonLDAPNG.jar server/lib/
If needed, you can recompile the valve from the sources.
Add on your
server.xml file a new valve entry like this (in host
<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1"/>
- userKey: key in the HTTP header containing user login.
- roleKey: key in the HTTP header containing roles. If LL::NG send some roles split by some commas, configure roleSeparator.
- roleSeparator (optional): role values separator.
- allows (optional): Define allowed remote IP (use “,” separator for multiple IP). Just set the LL::NG Handler IP on this attribute in order to add more security. If this attribute is missed all hosts are allowed.
- passThrough (optional): Allow anonymous access or not. When it takes “false”, HTTP headers have to be sent by LL::NG to make authentication. So, if the user is not recognized or HTTP headers not present, a 403 error is sent.
For debugging, this valve can print some helpful information in debug level. See how configure logging in Tomcat .