TomcatKerberosConfigOnly

HomePage | RecentChanges | Preferences

Changing Tomcat 5.0's jsp-examples webapp from UserDatabase? to Kerberos by modifying only config files

Currently, the URL http://localhost:8080/jsp-examples/security/protected/index.jsp is protected by form-based authentication. Users and Roles are configured in tomcat-users.xml.

This page explains how to use Kerberos for authentication by modifying only configuration files. For other options, see: TomcatKerberos.

Tomcat {
  com.sun.security.auth.module.Krb5LoginModule required;
};

set JAVA_OPTS=-Djava.security.krb5.realm=<your realm> 
              -Djava.security.krb5.kdc=<your kdc:port> 
              -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.conf

      <Realm className="org.apache.catalina.realm.JAASRealm"
                 appName="Tomcat"
                 userClassNames="javax.security.auth.kerberos.KerberosPrincipal"
                 roleClassNames="javax.security.auth.kerberos.KerberosPrincipal"
                 useContextClassLoader="true"
                 debug="99"/>

    <!-- Anyone with one of the listed roles may access this area -->
    <security-constraint>
      ...
      <auth-constraint>
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
         <role-name>wsmoak@ASU.EDU</role-name>   <!-- added -->
      </auth-constraint>
    </security-constraint>

    <!-- Security roles referenced by this web application -->
    <security-role>
      <role-name>role1</role-name>
    </security-role>
    <security-role>
      <role-name>tomcat</role-name>
    </security-role>
    <security-role>
      <role-name>wsmoak@ASU.EDU</role-name>  <!-- added -->
    </security-role>    


HomePage | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited January 3, 2007 1:57 pm by WendySmoak (diff)
Search: