
125 lines
2.9 KiB
Raw Normal View History

2020-05-14 23:29:41 +02:00
Apache Tomcat
.. important::
The Tomcat Valve is only available for tomcat 5.5 or
`Apache Tomcat <http://tomcat.apache.org/>`__ is an open source software
implementation of the Java Servlet and JavaServer Pages technologies.
As J2EE servlet container, Tomcat provides standard security feature,
like authentication: the application deployed in Tomcat can delegate its
authentication to Tomcat.
By default, Tomcat provides a file called ``users.xml`` to manage
.. code:: xml
<?xml version='1.0' encoding='utf-8'?>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
LL::NG provides a valve, available on :doc:`download page</download>`.
This valve will check an HTTP header to set the authenticated user on
the J2EE container.
Copy ``ValveLemonLDAPNG.jar`` in ``<TOMCAT_HOME>/server/lib``:
cp ValveLemonLDAPNG.jar server/lib/
.. tip::
If needed, you can
:doc:`recompile the valve from the sources<>`.
Add on your ``server.xml`` file a new valve entry like this (in host
.. code:: xml
<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows=""/>
Configure attributes:
- **userKey**: key in the HTTP header containing user login.
- **roleKey**: key in the HTTP header containing roles. If LL::NG send
some roles split by some commas, configure **roleSeparator**.
- **roleSeparator** (optional): role values separator.
- **allows** (optional): Define allowed remote IP (use "," separator
for multiple IP). Just set the LL::NG Handler IP on this attribute in
order to add more security. If this attribute is missed all hosts are
- **passThrough** (optional): Allow anonymous access or not. When it
takes "false", HTTP headers have to be sent by LL::NG to make
authentication. So, if the user is not recognized or HTTP headers not
present, a 403 error is sent.
.. tip::
For debugging, this valve can print some helpful information
in debug level. See `how configure logging in
Tomcat <http://tomcat.apache.org/tomcat-5.5-doc/logging.html>`__ .
The sources are available on :doc:`download page</download>`.
Required :
- ant
- jre > 1.4
- tomcat >= 5.5
Configure your tomcat home in ``build.properties`` files.
.. important::
Be careful for Windows user, path must contains "/".
c:/my hardisk/tomcat/
Next run ant command:
``ValveLemonLDAPNG.jar`` is created under ``/dist`` directory.
.. |image0| image:: /applications/tomcat_logo.png
:class: align-center