That is really a REALLY good idea! And if that works the solution is solved.
To bad that I have to go home now and I'll have to wait until Monday to try it. But this sounds like the solution! I'll get back with the answer on Monday. ~Johannes -----Originalmeddelande----- From: Pid [EMAIL PROTECTED] Date: Fri, 03 Nov 2006 14:28:29 +0100 To: Tomcat Users List users@tomcat.apache.org Subject: Re: Tomcat authenticate with BASIC Auth (Pre: Active directory) > > If you deploy the webapp inside another directory that is already > protected, you can use SingleSignOn to execute login via the parent/ROOT > web app? > > > > > Tim Funk wrote: > > Out of the box - there is no Valve in Tomcat which requires > > authentication without first consulting web.xml. > > > > As a simple(?) kludge - you could write your own Valve which forces > > authentication on anything executed by the Valve: - you'll need to fill > > in isAuthenticated(...) > > > > > > public class ProtectMeValve extends ValveBase implements Lifecycle { > > > > ... > > > > public void invoke(Request request, Response response) > > throws IOException, ServletException { > > > > String authHeader = request.getHeader("Authorization"); > > if (authHeader!=null) { > > if (isAuthenticated(request, authHeader)) { > > getNext().invoke(request, response); > > } else { > > // may need setContentType(...) > > response.setStatus(403); > > response.getWriter().write("Go away - your not allowed!"); > > } > > } else { > > // may need setContentType(...) > > response.setStatus(401); > > response.addHeader("WWW-Authenticate", > > "Basic realm=\"My Webapp\""); > > response.getWriter().write("some message"); > > } > > } > > } > > > > I would think the preceding should work. > > > > -Tim > > > > Johannes wrote: > >> With the lack of reply's I guess that Active directory connections are > >> not used by anyone here. > >> > >> I'm making it a bit more simple then and in step one only protect this > >> service with a simple login / password protection. > >> > >> Setup: One separate engine only accepting HTTPS connections that needs > >> to be protected. > >> I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a > >> xml file with one user, password and group in my server.xml section > >> for the engine I'm protecting. > >> > >> So far so good. > >> Then I got everything to work when editing <webapp>/WEB-INF/web.xml > >> and added the following: > >> <security-constraint> > >> <display-name>Security check</display-name> > >> <web-resource-collection> > >> <web-resource-name>Protected Area</web-resource-name> > >> <!-- Define the context-relative URL(s) to be protected --> > >> <url-pattern>/*</url-pattern> > >> > >> <!-- If you list http methods, only those methods are protected --> > >> <http-method>DELETE</http-method> > >> <http-method>GET</http-method> > >> <http-method>POST</http-method> > >> <http-method>PUT</http-method> > >> </web-resource-collection> > >> <auth-constraint> > >> <!-- Anyone with one of the listed roles may access this area --> > >> <role-name>testgroup</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> <login-config> > >> <auth-method>BASIC</auth-method> > >> <realm-name>Security Check</realm-name> > >> </login-config> > >> > >> That worked great, the login box appears and are not accessible > >> without the correct logon. > >> > >> BUT the problem is that this webapp is delivered by a 3:rd party > >> without the above settings in there web.xml file. > >> We get regular updates and I would like to NOT be forced to remember > >> to add the above section every time we get a new release of the webapp. > >> > >> So how can I make this Engine/webapp in the server.xml file be > >> protected by one simple login WITHOUT the need to modify the webapp > >> itself every time we get a new version of the webapp? > >> > >> ~Johannes > >> > >> > >> > >> -----Originalmeddelande----- > >> From: Johannes [EMAIL PROTECTED] > >> Date: Thu, 02 Nov 2006 12:55:13 +0100 > >> To: users@tomcat.apache.org > >> Subject: Tomcat authenticate with Active directory > >> > >>> I have a webapp that I want to protect the best way possible. > >>> Our environment has previously been Windows and still are but our new > >>> system is running tomcat 5.0. > >>> > >>> Now I would like to protect one part of our setup with login from our > >>> Windows 2003 Active directory domain server when there is a lot of > >>> people that is going to access this webapp. But still it need to be > >>> secure! > >>> Found some some information here: > >>> http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html > >>> Section JNDIRealm > >>> > >>> But without any previous experience with LDAP connections I have no > >>> clue how to get this to work. > >>> I'w tried searching for a good tutorial/guide how to make this happen > >>> step by step but without success. > >>> > >>> Have this been done by anyone here that could give me some help > >>> setting this up. Or can direct me to a good step by step tutorial to > >>> get this up and running? > > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]