66 lines
2.3 KiB
Plaintext
66 lines
2.3 KiB
Plaintext
This valve is only available for tomcat 5.5 or greater
|
|
|
|
An up2date documentation can be found here:
|
|
http://wiki.lemonldap.objectweb.org/xwiki/bin/view/NG/DocAppTomcatValve
|
|
|
|
|
|
COMPILATION
|
|
=====================================
|
|
|
|
Required:
|
|
* ant
|
|
* jre > 1.6
|
|
* tomcat >= 5.5
|
|
|
|
Configure your tomcat home in build.properties file (be careful of path for windows user)
|
|
|
|
Path must contains "/". For example:
|
|
c:/my hardisk/tomcat/
|
|
|
|
Run ant command:
|
|
$ ant
|
|
|
|
ValveLemonLDAPNG.jar is created under /dist directory.
|
|
|
|
|
|
INSTALLATION
|
|
======================================
|
|
|
|
Copy ValveLemonLDAPNG.jar in <TOMCAT_HOME>/server/lib
|
|
|
|
Add on your server.xml file a new valve entry like this (in host section):
|
|
|
|
<Valve className="org.lemonLDAPNG.SSOValve" userKey="AUTH-USER" roleKey="AUTH-ROLE" roleSeparator="," allows="127.0.0.1" passThrough="true"/>
|
|
|
|
Configure attributes :
|
|
- userKey: Key in the HTTP header sent by LemonLDAP::NG containing user login
|
|
- roleKey: Key in the HTTP header sent by LemonLDAP::NG containing roles. If LemonLDAP send some roles split by some commas, use roleSeparator
|
|
* roleSeparator: See above
|
|
* allows: You can filter remote IP. IP defined in this attribute are allowed (use "," separator for multiple IP). Just set the LemonLDAP::NG server IP in this attribute in order to add more security. If this attribute is missed, all hosts are allowed.
|
|
* passThrough: Allow anonymous access or not. When it takes "false", HTTP headers have to be sent by LemonLDAP::NG to make authentication and if the user is not recognized or HTTP headers not present, a 403 error is send. If "true", HTTP requests without headers will pass trough the valve (use with caution).
|
|
|
|
(-) Required attributes
|
|
(*) Optional attributes
|
|
|
|
|
|
QUICK TEST AN DEBUGGING TIPS
|
|
=======================================
|
|
|
|
Download for example probe application (great administration tool for tomcat) at http://www.lambdaprobe.org
|
|
|
|
Install valve and configure it.
|
|
|
|
Send via LemonLDAP::NG a user with the role "probeuser" or "manager"
|
|
|
|
Probe doesn't ask authentification, you're logged.
|
|
|
|
For debugging, this valve can print some helpfull information in debug level. Configure logging in tomcat (see tomcat.apache.org/tomcat-5.5-doc/logging.html)
|
|
|
|
|
|
CONTACT
|
|
=======================================
|
|
|
|
swapon666 (at) users.sourceforge.net
|
|
|
|
http://lemonldap.ow2.org
|