Tomcat中的单一登录实施 [英] Single Sign on implementation in Tomcat

问题描述

我在启用了SSL/TLS的tomcat Web服务器上部署了三个jsf Web应用程序.现在，我想构建具有特定角色的某种SSO身份验证.在tomcat conf/server.xml中，有以下一行:

I have three jsf web application deployed on tomcat web server with SSL/TLS enabled. Now I want to build some kind of SSO authentication with particular roles. In tomcat conf/server.xml there is line:

<Valve className="org.apache.catalina.authenticator.SingleSignOn" />

所以我想到了tomcat可能有他自己的SSO实现.有人知道在哪里可以找到有关此示例代码或示例代码的更多信息吗?

so I got idea that tomcat maybe have his own SSO implementation. Does anyone know where to find more information about this or some code examples?

预先感谢

推荐答案

经过数小时的研究，我找到了解决方案，因此如果有人需要在Tomcat中进行SSO身份验证，我将在此处发布该解决方案. 首先在tomcat的安装目录中打开conf/server.xml文件，并添加以下行:

After many hours of research I found solution, so I will post it here in case someone need SSO authentication in tomcat. First of all open conf/server.xml file in tomcat installation directory and add following line:

<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
    </Host>

这样做，您已经打开了SSO阀.接下来，您需要在tomcat中设置角色.这可以通过编辑conf/tomcat-users.xml来完成.滚动到底部并添加角色，如下所示:

By doing this, you have opened SSO valve. Next, you need to set up roles in tomcat. That is done by editing conf/tomcat-users.xml. Scroll to the bottom and add roles, something like this:

   <role rolename="CUSTOMER"/>
   <role rolename="ADMIN"/>

现在，如果您想进行纯文本身份验证，还可以通过添加用户来添加用户:

Now, if you want plain text authentication you can add users also by adding :

<user username="admin" password="admin" roles="ADMIN"/>
<user username="customer" password="customer" roles="CUSTOMER"/>

或者，如果您有数据库，则可以在conf/server.xml中设置与数据库服务器的连接，我正在使用MySQL:

or, if you have database you can set up connection with database server in conf/server.xml, I'm using MySQL:

<Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="com.mysql.cj.jdbc.Driver"
   connectionURL="jdbc:mysql://localhost:3306/databaseName?user=serverUsername&amp;password=serverPassword"
       userTable="usersTable" userNameCol="usernameColumnName" userCredCol="passwordColumnName"
   userRoleTable="roleTable" roleNameCol="roleColumnName"/>

注意:您需要在tomcat lib目录中提供连接驱动程序. 有关更多信息: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JDBCRealm

最后，在您的一个或多个Web应用程序中，找到web.xml并添加安全约束:

Finally in your web app or apps, find web.xml and add security constrains:

<security-constraint>

 <web-resource-collection>
 <web-resource-name>Protected Context</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>

 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
 </user-data-constraint>

 <auth-constraint>
        <role-name>ADMIN</role-name>
    </auth-constraint>

 </security-constraint>

  <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>this is ignored currently</realm-name>
    </login-config>


<security-role>
    <role-name>ADMIN</role-name>
</security-role>

注意:如果您有自定义的登录"页面，则可以编辑<login-config>标记并更改为以下内容:

Note: if you have custom Login page you can edit <login-config> tag and change to following:

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>file</realm-name>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
</login-config>

干杯.

这篇关于Tomcat中的单一登录实施的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！