82 lines
2.0 KiB
Plaintext
82 lines
2.0 KiB
Plaintext
This valve is only available for tomcat 5.5 or greater
|
|
|
|
An up2date documentation can be found here:
|
|
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppTomcatValve
|
|
|
|
COMPILATION
|
|
=====================================
|
|
|
|
Required :
|
|
* ant
|
|
* jre > 1.4
|
|
* tomcat >= 5.5
|
|
|
|
Configure your tomcat home in build.properties files (be crareful for windosw user ...
|
|
path must contains "/" . exemple c:/my hardisk/tomcat/
|
|
|
|
|
|
run ant command.
|
|
|
|
ValveLemonLDAPNG.jar is created under /dist directory
|
|
|
|
|
|
INSTALLATION
|
|
======================================
|
|
|
|
|
|
Copy ValveLemonLDAPNG.jar on <TOMCAT_HOME>/server/lib
|
|
|
|
Add on your server.xml file a new valve entry like this (in host section) :
|
|
|
|
<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1"/>
|
|
|
|
Configure attributes.
|
|
|
|
userKey : Key in the http header send by lemonLDAP in order to store user login
|
|
|
|
roleKey : Key in the http header send by lemonLDAP in order to store roles. If lemonLDAP send some roles split by some commas, use
|
|
roleSeparator
|
|
|
|
*roleSeparator : see above
|
|
|
|
*allows: You can filter remote IP, IP defined in this attributes are allows (use "," separator for multiple IP).
|
|
Just set the lemonLDAP on this attribute in order to add more security. If this attribute is missed
|
|
all hosts are allowed
|
|
|
|
|
|
(*) Optional attributes
|
|
|
|
QUICK TEST AN DEBUGGING TIPS
|
|
=======================================
|
|
|
|
|
|
Download for exemple probe application (great administration tool for tomcat) http://www.lambdaprobe.org
|
|
|
|
Install valve and configure it.
|
|
|
|
Send via lemonLDAP user with role = probeuser ... or other user with role = manager
|
|
|
|
|
|
Probe doesn't ask authentification, you're logged...
|
|
|
|
|
|
|
|
For debugging, this valve can print some helpfull information in debug level. Configure logging in tomcat
|
|
(see tomcat.apache.org/tomcat-5.5-doc/logging.html )
|
|
|
|
|
|
|
|
CONTACT
|
|
=======================================
|
|
|
|
|
|
swapon666 (at) users.sourceforge.net
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|