lemonldap-ng/contribs/lemonldap-valve-tomcat/INSTALL.TXT

This valve is only available for tomcat 5.5 or greater

An up2date documentation can be found here:
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppTomcatValve


COMPILATION
=====================================

Required: 
	* ant
	* jre > 1.6
	* tomcat >= 5.5

Configure your tomcat home in build.properties file (be careful of path for windows user)

Path must contains "/". For example:
	c:/my hardisk/tomcat/

Run ant command:
	$ ant 

ValveLemonLDAPNG.jar is created under /dist directory.


INSTALLATION
======================================

Copy ValveLemonLDAPNG.jar in <TOMCAT_HOME>/server/lib

Add on your server.xml file a new valve entry like this (in host section):

<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1" passThrough="true"/>

Configure attributes :
- userKey: Key in the HTTP header sent by LemonLDAP::NG containing user login
- roleKey: Key in the HTTP header sent by LemonLDAP::NG containing roles. If LemonLDAP send some roles split by some commas, use roleSeparator
* roleSeparator: See above
* allows: You can filter remote IP. IP defined in this attribute are allowed (use "," separator for multiple IP).  Just set the LemonLDAP::NG server IP in this attribute in order to add more security. If this attribute is missed, all hosts are allowed.
* passThrough: Allow anonymous access or not. When it takes "false", HTTP headers have to be sent by LemonLDAP::NG to make authentication and if the user is not recognized or HTTP headers not present, a 403 error is send. If "true", HTTP requests without headers will pass trough the valve (use with caution).

(-) Required attributes
(*) Optional attributes 

	
QUICK TEST AN DEBUGGING TIPS
=======================================

Download for example probe application (great administration tool for tomcat) at http://www.lambdaprobe.org

Install valve and configure it.

Send via LemonLDAP::NG a user with the role "probeuser" or "manager"

Probe doesn't ask authentification, you're logged.

For debugging, this valve can print some helpfull information in debug level. Configure logging in tomcat (see tomcat.apache.org/tomcat-5.5-doc/logging.html)


CONTACT
=======================================

	swapon666 (at) users.sourceforge.net

	http://lemonldap.ow2.org
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00			`This valve is only available for tomcat 5.5 or greater`

			`An up2date documentation can be found here:`
			`http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppTomcatValve`

Reformat documentation 2009-06-29 13:28:44 +02:00
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00			`COMPILATION`
			`=====================================`

Reformat documentation 2009-06-29 13:28:44 +02:00			`Required:`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00			`* ant`
add possibility to allow anonymous access 2009-06-19 14:52:58 +02:00			`* jre > 1.6`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00			`* tomcat >= 5.5`

Reformat documentation 2009-06-29 13:28:44 +02:00			`Configure your tomcat home in build.properties file (be careful of path for windows user)`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`Path must contains "/". For example:`
			`c:/my hardisk/tomcat/`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`Run ant command:`
			`$ ant`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`ValveLemonLDAPNG.jar is created under /dist directory.`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00

			`INSTALLATION`
			`======================================`

Reformat documentation 2009-06-29 13:28:44 +02:00			`Copy ValveLemonLDAPNG.jar in <TOMCAT_HOME>/server/lib`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`Add on your server.xml file a new valve entry like this (in host section):`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
add possibility to allow anonymous access 2009-06-19 14:52:58 +02:00			`<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1" passThrough="true"/>`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`Configure attributes :`
			`- userKey: Key in the HTTP header sent by LemonLDAP::NG containing user login`
			`- roleKey: Key in the HTTP header sent by LemonLDAP::NG containing roles. If LemonLDAP send some roles split by some commas, use roleSeparator`
			`* roleSeparator: See above`
			`* allows: You can filter remote IP. IP defined in this attribute are allowed (use "," separator for multiple IP). Just set the LemonLDAP::NG server IP in this attribute in order to add more security. If this attribute is missed, all hosts are allowed.`
			`* passThrough: Allow anonymous access or not. When it takes "false", HTTP headers have to be sent by LemonLDAP::NG to make authentication and if the user is not recognized or HTTP headers not present, a 403 error is send. If "true", HTTP requests without headers will pass trough the valve (use with caution).`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`(-) Required attributes`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00			`(*) Optional attributes`
Reformat documentation 2009-06-29 13:28:44 +02:00
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
			`QUICK TEST AN DEBUGGING TIPS`
			`=======================================`

Reformat documentation 2009-06-29 13:28:44 +02:00			`Download for example probe application (great administration tool for tomcat) at http://www.lambdaprobe.org`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
			`Install valve and configure it.`

Reformat documentation 2009-06-29 13:28:44 +02:00			`Send via LemonLDAP::NG a user with the role "probeuser" or "manager"`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`Probe doesn't ask authentification, you're logged.`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00
Reformat documentation 2009-06-29 13:28:44 +02:00			`For debugging, this valve can print some helpfull information in debug level. Configure logging in tomcat (see tomcat.apache.org/tomcat-5.5-doc/logging.html)`
Tomcat valve from P. Pejac 2008-07-21 14:00:35 +02:00

			`CONTACT`
			`=======================================`

			`swapon666 (at) users.sourceforge.net`

Reformat documentation 2009-06-29 13:28:44 +02:00			`http://lemonldap.ow2.org`