• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Security Implementation in Tomcat 6

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI guys

i implementing security via ldap in tomcat 6 .. to do this i need to copy login.jsp,index.jsp and error of jsp . but i am not able to figure out in which folder i should copy this

in

webapps/myapplication/WEB-INF/ folder

or Apacheserver/conf folder

or any other folder..

if anybody has implemented security in tomcat6 please help me .

Regards,

dev
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Devender, welcome to JavaRanch

Devender Narula wrote:HI guys

i implementing security via ldap in tomcat 6 .. to do this i need to copy login.jsp,index.jsp and error of jsp . but i am not able to figure out in which folder i should copy this


Do those pages belong to your application? If yes, then they should be packaged within your war file (i.e. myapplication).
 
Devender Narula
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI Jai

thanks for reply.. no they don't belong to my application .. actually i want to implement security for one page in my application .. if anybody try to access that page they should first authenticated via ldap server and then should able to see it

i am following

http://craeser.wordpress.com/2010/07/21/java-tomcat-security-protected-example/

link ..

please see if you have any other way to implement security in tomcat without changing devlopers code.

Regards,

Devender
 
Saloon Keeper
Posts: 24310
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tomcat implements the J2EE standard container-managed security framework. As its name says, it's a security framework that is managed by the application container (meaning Tomcat). So to protect one or more web pages, no application security code is required. Just define a URL pattern in web.xml and limit the security roles that can access it. The container will automatically display the login form if anyone goes to access the protected URL if the user wasn't already logged in. Once again, no user-supplied security programming required.

You connect this up to LDAP by selecting the JNDI Tomcat security Realm, which is documented in the Tomcat documentation along with the other standard security realms. Because Realms are plug-in components, you can use the tomcat-users.xml file while testing the webapp and not need an actual LDAP server during development. Since there is no application security code, no changes are required to switch to LDAP for production. It's all done in Tomcat settings.
 
Devender Narula
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI Tim

thanks for reply.. i tried following the documentation for JNDI but its really confusing for me .. being having very little knowledge of tomcat not sure where i am wrong.. if anybody got small steps documented somewhere which i can follow that will be great.. any steps or set of instructions will really help me allot

Regards,

Dev

 
Tim Holloway
Saloon Keeper
Posts: 24310
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can probably make it easier by breaking the job into 2 parts.

First, get the J2EE security itself working. This is easy to test, since all you have to to is uncomment the Tomcat MemoryRealm definition in server.xml, edit the TOMCAT_HOME/conf/tomcat-users.xml file to define test user(s) and role(s). Then add the definitions for security to web.xml.

Once the MemoryRealm works, use the Tomcat docs as a guideline for configuring the JNDI Realm and swap it for the MemoryRealm. The hardest part about this Realm is understanding the LDAP itself.

There are 2 ways you can authenticate against LDAP. One is by attempting to bind (login) directly with a user DN and password (or similar secuurity tokens). The other is by binding using a common ID and doing an LDAP lookup.

The first method does a pass/fail on login. If the bind fails, then the user doesn't log in.

The second method does a lookup. An LDAP search is done using user ID plus password and if the search returns nothing, the user does not login. This is the method most commonly used for Tomcat logins.

The tricky part in both cases is to get the proper bind and search arguments created. The config parameters for the JNDIRealm accept various bits and pieces (such as the base DN) that are used to construct the actual LDAP requests.

It actually works pretty well once you get the hang of it.
 
Devender Narula
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi tim

thanks for this detail info .. i will try to follow this ..

will update you what will be the outcome.

Regards,

Devender
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic