dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8a4e23f6a5
lemonldap-ng/contribs/lemonldap-valve-tomcat/INSTALL.TXT
Clément Oudot fad235974f Reformat documentation
2009-06-29 11:28:44 +00:00

66 lines
2.3 KiB
Plaintext
Raw Blame History

This valve is only available for tomcat 5.5 or greater
An up2date documentation can be found here:
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppTomcatValve
COMPILATION
=====================================
Required:
* ant
* jre > 1.6
* tomcat >= 5.5
Configure your tomcat home in build.properties file (be careful of path for windows user)
Path must contains "/". For example:
c:/my hardisk/tomcat/
Run ant command:
$ ant
ValveLemonLDAPNG.jar is created under /dist directory.
INSTALLATION
======================================
Copy ValveLemonLDAPNG.jar in <TOMCAT_HOME>/server/lib
Add on your server.xml file a new valve entry like this (in host section):
<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1" passThrough="true"/>
Configure attributes :
- userKey: Key in the HTTP header sent by LemonLDAP::NG containing user login
- roleKey: Key in the HTTP header sent by LemonLDAP::NG containing roles. If LemonLDAP send some roles split by some commas, use roleSeparator
* roleSeparator: See above
* allows: You can filter remote IP. IP defined in this attribute are allowed (use "," separator for multiple IP). Just set the LemonLDAP::NG server IP in this attribute in order to add more security. If this attribute is missed, all hosts are allowed.
* passThrough: Allow anonymous access or not. When it takes "false", HTTP headers have to be sent by LemonLDAP::NG to make authentication and if the user is not recognized or HTTP headers not present, a 403 error is send. If "true", HTTP requests without headers will pass trough the valve (use with caution).
(-) Required attributes
(*) Optional attributes
QUICK TEST AN DEBUGGING TIPS
=======================================
Download for example probe application (great administration tool for tomcat) at http://www.lambdaprobe.org
Install valve and configure it.
Send via LemonLDAP::NG a user with the role "probeuser" or "manager"
Probe doesn't ask authentification, you're logged.
For debugging, this valve can print some helpfull information in debug level. Configure logging in tomcat (see tomcat.apache.org/tomcat-5.5-doc/logging.html)
CONTACT
=======================================
swapon666 (at) users.sourceforge.net
http://lemonldap.ow2.org
Reference in New Issue View Git Blame Copy Permalink