Apache Tomcat

Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies.

As J2EE servlet container, Tomcat provides standard security feature, like authentication: the application deployed in Tomcat can delegate its authentication to Tomcat.

By default, Tomcat provides a file called users.xml to manage authentication:

<?xml version='1.0' encoding='utf-8'?>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>

LL::NG provides a valve, available on download page. This valve will check an HTTP header to set the authenticated user on the J2EE container.


Copy ValveLemonLDAPNG.jar in <TOMCAT_HOME>/server/lib:

cp ValveLemonLDAPNG.jar server/lib/


Add on your server.xml file a new valve entry like this (in host section):

<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows=""/>

Configure attributes:

Required :

Configure your tomcat home in build.properties files.

Be careful for Windows user, path must contains “/”. Example:

c:/my hardisk/tomcat/

Next run ant command:


ValveLemonLDAPNG.jar is created under /dist directory.