With the lack of reply's I guess that Active directory connections are not used
by anyone here.
I'm making it a bit more simple then and in step one only protect this service
with a simple login / password protection.
Setup: One separate engine only accepting HTTPS connections that needs to be
protected.
I have set up a ""org.apache.catalina.realm.MemoryRealm" realm with a xml file
with one user, password and group in my server.xml section for the engine I'm
protecting.
So far so good.
Then I got everything to work when editing <webapp>/WEB-INF/web.xml and added
the following:
<security-constraint>
<display-name>Security check</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>testgroup</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Security Check</realm-name>
</login-config>
That worked great, the login box appears and are not accessible without the
correct logon.
BUT the problem is that this webapp is delivered by a 3:rd party without the
above settings in there web.xml file.
We get regular updates and I would like to NOT be forced to remember to add the
above section every time we get a new release of the webapp.
So how can I make this Engine/webapp in the server.xml file be protected by one
simple login WITHOUT the need to modify the webapp itself every time we get a
new version of the webapp?
~Johannes
-----Originalmeddelande-----
From: Johannes [EMAIL PROTECTED]
Date: Thu, 02 Nov 2006 12:55:13 +0100
To: users@tomcat.apache.org
Subject: Tomcat authenticate with Active directory
> I have a webapp that I want to protect the best way possible.
> Our environment has previously been Windows and still are but our new system
> is running tomcat 5.0.
>
> Now I would like to protect one part of our setup with login from our Windows
> 2003 Active directory domain server when there is a lot of people that is
> going to access this webapp. But still it need to be secure!
> Found some some information here:
> http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html
> Section JNDIRealm
>
> But without any previous experience with LDAP connections I have no clue how
> to get this to work.
> I'w tried searching for a good tutorial/guide how to make this happen step by
> step but without success.
>
> Have this been done by anyone here that could give me some help setting this
> up. Or can direct me to a good step by step tutorial to get this up and
> running?
>
> ~Johannes
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
