That is really a REALLY good idea!
And if that works the solution is solved.
To bad that I have to go home now and I'll have to wait until Monday to try it.
But this sounds like the solution!
I'll get back with the answer on Monday.
~Johannes
-----Originalmeddelande-----
From: Pid [EMAIL PROTECTED]
Date: Fri, 03 Nov 2006 14:28:29 +0100
To: Tomcat Users List users@tomcat.apache.org
Subject: Re: Tomcat authenticate with BASIC Auth (Pre: Active directory)
>
> If you deploy the webapp inside another directory that is already
> protected, you can use SingleSignOn to execute login via the parent/ROOT
> web app?
>
>
>
>
> Tim Funk wrote:
> > Out of the box - there is no Valve in Tomcat which requires
> > authentication without first consulting web.xml.
> >
> > As a simple(?) kludge - you could write your own Valve which forces
> > authentication on anything executed by the Valve: - you'll need to fill
> > in isAuthenticated(...)
> >
> >
> > public class ProtectMeValve extends ValveBase implements Lifecycle {
> >
> > ...
> >
> > public void invoke(Request request, Response response)
> > throws IOException, ServletException {
> >
> > String authHeader = request.getHeader("Authorization");
> > if (authHeader!=null) {
> > if (isAuthenticated(request, authHeader)) {
> > getNext().invoke(request, response);
> > } else {
> > // may need setContentType(...)
> > response.setStatus(403);
> > response.getWriter().write("Go away - your not allowed!");
> > }
> > } else {
> > // may need setContentType(...)
> > response.setStatus(401);
> > response.addHeader("WWW-Authenticate",
> > "Basic realm=\"My Webapp\"");
> > response.getWriter().write("some message");
> > }
> > }
> > }
> >
> > I would think the preceding should work.
> >
> > -Tim
> >
> > Johannes wrote:
> >> With the lack of reply's I guess that Active directory connections are
> >> not used by anyone here.
> >>
> >> I'm making it a bit more simple then and in step one only protect this
> >> service with a simple login / password protection.
> >>
> >> Setup: One separate engine only accepting HTTPS connections that needs
> >> to be protected.
> >> I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a
> >> xml file with one user, password and group in my server.xml section
> >> for the engine I'm protecting.
> >>
> >> So far so good.
> >> Then I got everything to work when editing <webapp>/WEB-INF/web.xml
> >> and added the following:
> >> <security-constraint>
> >> <display-name>Security check</display-name>
> >> <web-resource-collection>
> >> <web-resource-name>Protected Area</web-resource-name>
> >> <!-- Define the context-relative URL(s) to be protected -->
> >> <url-pattern>/*</url-pattern>
> >>
> >> <!-- If you list http methods, only those methods are protected -->
> >> <http-method>DELETE</http-method>
> >> <http-method>GET</http-method>
> >> <http-method>POST</http-method>
> >> <http-method>PUT</http-method>
> >> </web-resource-collection>
> >> <auth-constraint>
> >> <!-- Anyone with one of the listed roles may access this area -->
> >> <role-name>testgroup</role-name>
> >> </auth-constraint>
> >> </security-constraint>
> >>
> >> <login-config>
> >> <auth-method>BASIC</auth-method>
> >> <realm-name>Security Check</realm-name>
> >> </login-config>
> >>
> >> That worked great, the login box appears and are not accessible
> >> without the correct logon.
> >>
> >> BUT the problem is that this webapp is delivered by a 3:rd party
> >> without the above settings in there web.xml file.
> >> We get regular updates and I would like to NOT be forced to remember
> >> to add the above section every time we get a new release of the webapp.
> >>
> >> So how can I make this Engine/webapp in the server.xml file be
> >> protected by one simple login WITHOUT the need to modify the webapp
> >> itself every time we get a new version of the webapp?
> >>
> >> ~Johannes
> >>
> >>
> >>
> >> -----Originalmeddelande-----
> >> From: Johannes [EMAIL PROTECTED]
> >> Date: Thu, 02 Nov 2006 12:55:13 +0100
> >> To: users@tomcat.apache.org
> >> Subject: Tomcat authenticate with Active directory
> >>
> >>> I have a webapp that I want to protect the best way possible.
> >>> Our environment has previously been Windows and still are but our new
> >>> system is running tomcat 5.0.
> >>>
> >>> Now I would like to protect one part of our setup with login from our
> >>> Windows 2003 Active directory domain server when there is a lot of
> >>> people that is going to access this webapp. But still it need to be
> >>> secure!
> >>> Found some some information here:
> >>> http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html
> >>> Section JNDIRealm
> >>>
> >>> But without any previous experience with LDAP connections I have no
> >>> clue how to get this to work.
> >>> I'w tried searching for a good tutorial/guide how to make this happen
> >>> step by step but without success.
> >>>
> >>> Have this been done by anyone here that could give me some help
> >>> setting this up. Or can direct me to a good step by step tutorial to
> >>> get this up and running?
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
