配置Tomcat以使用Windows Active Directory进行身份验证 [英] Configuring Tomcat to authenticate using Windows Active Directory

问题描述

配置Tomcat 5.5或更高版本以从Windows Active Directory认证用户的最佳方法是什么?

What is the best way to configure Tomcat 5.5 or later to authenticate users from Windows Active Directory?

推荐答案

来自www.jspwiki.org

请参阅: ActiveDirectoryIntegration

使用ldap-settings在server.xml中尝试此操作:

Try this in the server.xml with your ldap-settings :

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

           connectionURL="ldap://youradsserver:389"
           alternateURL="ldap://youradsserver:389"         
           userRoleName="member"
           userBase="cn=Users,dc=yourdomain"
           userPattern="cn={0},cn=Users,dc=yourdomain"
           roleBase="cn=Users,dc=yourdomain"
           roleName="cn"
           roleSearch="(member={0})"
           roleSubtree="false"
           userSubtree="true" 
   />

并在应用程序的tomcat-users.xml和web.xml中定义角色

and define the role in the tomcat-users.xml and the web.xml of your application

按如下所示编辑webapp_root/WEB_INF/Web.xml文件:

edit webapp_root/WEB_INF/Web.xml file as follows:

<security-constraint>
   <display-name>your web app display name</display-name>
   <web-resource-collection>
     <web-resource-name>Protected Area</web-resource-name>
     <url-pattern>*.jsp</url-pattern>
     <url-pattern>*.html</url-pattern>
     <url-pattern>*.xml</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>yourrolname(ADS Group)</role-name>
   </auth-constraint>
 </security-constraint>
 <login-config>
   <auth-method>FORM</auth-method>
   <form-login-config>
     <form-login-page>/login.jsp</form-login-page>
     <form-error-page>/error.jsp</form-error-page>
   </form-login-config>
 </login-config>
 <security-role>
   <description>your role description</description>
   <role-name>yourrolename(i.e ADS group)</role-name>
 </security-role>

这篇关于配置Tomcat以使用Windows Active Directory进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！