Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:applications:tomcat [2016/07/19 12:10] (current)
Line 1: Line 1:
 +====== Apache Tomcat ======
  
 +{{ :​applications:​tomcat_logo.png |}}
 +
 +<note important>​The Tomcat ​ Valve is only available for tomcat 5.5 or greater.</​note>​
 +
 +===== Presentation =====
 +
 +[[http://​tomcat.apache.org/​|Apache Tomcat]] is an open source software implementation of the Java Servlet and JavaServer Pages technologies.
 +
 +As J2EE servlet container, Tomcat provides standard security feature, like authentication:​ the application deployed in Tomcat can delegate its authentication to Tomcat.
 +
 +By default, Tomcat provides a file called ''​users.xml''​ to manage authentication:​
 +<file xml>
 +<?xml version='​1.0'​ encoding='​utf-8'?>​
 +<​tomcat-users>​
 +  <role rolename="​tomcat"/>​
 +  <role rolename="​role1"/>​
 +  <user username="​tomcat"​ password="​tomcat"​ roles="​tomcat"/>​
 +  <user username="​role1"​ password="​tomcat"​ roles="​role1"/>​
 +  <user username="​both"​ password="​tomcat"​ roles="​tomcat,​role1"/>​
 +</​tomcat-users>​
 + </​file>​
 +
 +LL::NG provides a valve, available on [[:​download#​contributions|download page]]. This valve will check an HTTP header to set the authenticated user on the J2EE container.
 +
 +===== Installation =====
 +
 +Copy ''​ValveLemonLDAPNG.jar''​ in ''<​TOMCAT_HOME>/​server/​lib'':​
 +<​code>​
 +cp ValveLemonLDAPNG.jar server/lib/
 +</​code>​
 +
 +<note tip>If needed, you can [[#​compilation|recompile the valve from the sources]].</​note>​
 +
 +===== Configuration =====
 +
 +Add on your ''​server.xml''​ file a new valve entry like this (in host section):
 +<file xml>
 +<Valve className="​org.lemonLDAPNG.SSOValve"​ userKey="​AUTH-USER"​ roleKey="​AUTH-ROLE"​ roleSeparator=","​ allows="​127.0.0.1"/>​
 +</​file>​
 +
 +Configure attributes:
 +  * **userKey**:​ key in the HTTP header containing user login.
 +  * **roleKey**:​ key in the HTTP header containing roles. If LL::NG send some roles split by some commas, configure **roleSeparator**.
 +  * **roleSeparator** (optional): role values separator.
 +  * **allows** (optional): Define allowed remote IP (use ","​ separator for multiple IP). Just set the LL::NG Handler IP on this attribute in order to add more security. If this attribute is missed all hosts are allowed.
 +  * **passThrough** (optional): Allow anonymous access or not. When it takes "​false",​ HTTP headers have to be sent by LL::NG to make authentication. So, if the user is not recognized or HTTP headers not present, a 403 error is sent.
 +
 +<note tip>For debugging, this valve can print some helpful information in debug level. See [[http://​tomcat.apache.org/​tomcat-5.5-doc/​logging.html|how configure logging in Tomcat]] . </​note>​
 +
 +===== Compilation =====
 +
 +The sources are  available on [[:​download#​contributions|download page]].
 +
 +Required :
 +  * ant
 +  * jre > 1.4
 +  * tomcat >= 5.5
 +
 +Configure your tomcat home in ''​build.properties''​ files.
 +
 +<note important>​
 +Be careful for Windows user, path must contains "/"​. Example:
 +<​code>​
 +c:/my hardisk/​tomcat/​
 +</​code>​
 +</​note>​
 +
 +Next run ant command:
 +<​code>​
 +ant
 +</​code>​
 +
 +''​ValveLemonLDAPNG.jar''​ is created under ''/​dist''​ directory. ​