Hi all
I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java
1.6.0_01, and we need to authenticate access by client applications
coming in over SOAP. We're looking at using the tomcat-users.xml file to
store user/pwd/role data until the customers Single Sign-On service is
ready (which will be when pigs fly, if it keeps going as it has).
The application will be deployed internally so we don't need any SSL or
digest authentication, we're looking at simple HTTP BASIC or SOAP
headers for the client to pass through their auth details. The
complication is that we want to allow default access as well as
authenticated access, and authenticate against the tomcat-users file.
eg - un-authenticated clients can still access the web service url, but
get a public role, and authenticated clients get a privileged role.
I'm thinking we might be able to do part of that with the following
tomcat-users.xml config by having an empty user declaration:
<tomcat-users>c
<role rolename="privileged"/>
<user name="" password="" roles="PUBLIC" />
<user name="priv_user1" password="tomcat" roles="privileged" />
</tomcat-users>
The question is how to authenticate against the tomcat-user database?
I've read the tomcat docs on memory realm:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm,
and I want to expose the org.apache.catalina.UserDatabase class to the
web service context via a <ResourceLink...>. I'd like to be able to
authenticate users without having to add a <security-constraint> to my
web.xml, so that unauthenticated clients can still connect.
Am I on the right track? Or is there a much easier way than what I'm
trying to do...
thanks!
--
* Matthew Kerle
* * IT Consultant *
* Canberra, Australia*
Mobile: +61404 096 863
Email: Matthew Kerle <mailto:[EMAIL PROTECTED]>
Web: Matthew Kerle <http://threebrightlights.blogspot.com/>
<http://threebrightlights.blogspot.com/>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]