Tomcat valve
The Tomcat valve was provided by Pascal Pejac. This valve is only available for tomcat 5.5 or greater.Compilation
Note: source and compiled valve can be found in the download area. Required :- ant
- jre > 1.4
- tomcat >= 5.5
Note: be crareful for windosw user, path must contains "/".
Exemple:
c:/my hardisk/tomcat/
Next run ant command:
ant
ValveLemonLDAPNG.jar is created under /dist directory.
Installation
Copy ValveLemonLDAPNG.jar on <TOMCAT_HOME>/server/lib
Add on your server.xml file a new valve entry like this (in host section):
<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1"/>
Configure attributes:
- userKey: key in the http header send by lemonLDAP in order to store user login.
- roleKey: key in the http header send by lemonLDAP in order to store roles. If lemonLDAP send some roles split by some commas, use roleSeparator.
- roleSeparator (optional): see above.
- allows (optional): filter remote IP. IP defined in this attribute are allowed (use "," separator for multiple IP). Just set the LemonLDAP::NG handler IP on this attribute in order to add more security. If this attribute is missed all hosts are allowed.
Quick test and debugging tips
Download for exemple probe application (great administration tool for tomcat): http://www.lambdaprobe.org.
Install valve and configure it.
Send via LemonLDAP::NG user with role = probeuser or other user with role = manager.
Probe doesn't ask authentification, you're logged...
For debugging, this valve can print some helpfull information in debug level. Configure logging in tomcat (see http://tomcat.apache.org/tomcat-5.5-doc/logging.html) .