配置Tomcat以使用Windows Active Directory进行身份验证 [英] Configuring Tomcat to authenticate using Windows Active Directory
本文介绍了配置Tomcat以使用Windows Active Directory进行身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
配置Tomcat 5.5或更高版本以从Windows Active Directory认证用户的最佳方法是什么?
What is the best way to configure Tomcat 5.5 or later to authenticate users from Windows Active Directory?
推荐答案
来自www.jspwiki.org
请参阅: ActiveDirectoryIntegration
使用ldap-settings在server.xml中尝试此操作:
Try this in the server.xml with your ldap-settings :
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://youradsserver:389"
alternateURL="ldap://youradsserver:389"
userRoleName="member"
userBase="cn=Users,dc=yourdomain"
userPattern="cn={0},cn=Users,dc=yourdomain"
roleBase="cn=Users,dc=yourdomain"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>
并在应用程序的tomcat-users.xml和web.xml中定义角色
and define the role in the tomcat-users.xml and the web.xml of your application
按如下所示编辑webapp_root/WEB_INF/Web.xml文件:
edit webapp_root/WEB_INF/Web.xml file as follows:
<security-constraint>
<display-name>your web app display name</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.xml</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>yourrolname(ADS Group)</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>your role description</description>
<role-name>yourrolename(i.e ADS group)</role-name>
</security-role>
这篇关于配置Tomcat以使用Windows Active Directory进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文