tomcat memory realms & tomcat-users.xml

Tue, 14 Aug 2007 23:39:04 -0700 

Hi all
I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java 1.6.0_01, and we need to authenticate access by client applications coming in over SOAP. We're looking at using the tomcat-users.xml file to store user/pwd/role data until the customers Single Sign-On service is ready (which will be when pigs fly, if it keeps going as it has). 


The application will be deployed internally so we don't need any SSL or 
digest authentication, we're looking at simple HTTP BASIC or SOAP 
headers  for the client to pass through their auth details. The 
complication is that we want to allow default access as well as 
authenticated access, and authenticate against the tomcat-users file.



eg - un-authenticated clients can still access the web service url, but 
get a public role, and authenticated clients get a privileged role.



I'm thinking we might be able to do part of that with the following 
tomcat-users.xml config by having an empty user declaration:


<tomcat-users>c
 <role rolename="privileged"/>
 <user name=""  password="" roles="PUBLIC"  />
 <user name="priv_user1"  password="tomcat" roles="privileged"  />
</tomcat-users>


The question is how to authenticate against the tomcat-user database? 

I've read the tomcat docs on memory realm: 
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, 
and I want to expose the org.apache.catalina.UserDatabase class to the 
web service context via a <ResourceLink...>. I'd like to be able to 
authenticate users without having to add a <security-constraint> to my 
web.xml, so that unauthenticated clients can still connect.



Am I on the right track? Or is there a much easier way than what I'm 
trying to do...


thanks!

--
* Matthew Kerle
* * IT Consultant *
* Canberra, Australia*

Mobile: +61404 096 863
Email:     Matthew Kerle <mailto:[EMAIL PROTECTED]>

Web:      Matthew Kerle <http://threebrightlights.blogspot.com/> 
<http://threebrightlights.blogspot.com/>



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to