Tomcat中的单一登录实施 [英] Single Sign on implementation in Tomcat
问题描述
我在启用了SSL/TLS的tomcat Web服务器上部署了三个jsf Web应用程序.现在,我想构建具有特定角色的某种SSO身份验证.在tomcat conf/server.xml中,有以下一行:
I have three jsf web application deployed on tomcat web server with SSL/TLS enabled. Now I want to build some kind of SSO authentication with particular roles. In tomcat conf/server.xml there is line:
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
所以我想到了tomcat可能有他自己的SSO实现.有人知道在哪里可以找到有关此示例代码或示例代码的更多信息吗?
so I got idea that tomcat maybe have his own SSO implementation. Does anyone know where to find more information about this or some code examples?
预先感谢
推荐答案
经过数小时的研究,我找到了解决方案,因此如果有人需要在Tomcat中进行SSO身份验证,我将在此处发布该解决方案. 首先在tomcat的安装目录中打开conf/server.xml文件,并添加以下行:
After many hours of research I found solution, so I will post it here in case someone need SSO authentication in tomcat. First of all open conf/server.xml file in tomcat installation directory and add following line:
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</Host>
这样做,您已经打开了SSO阀.接下来,您需要在tomcat中设置角色.这可以通过编辑conf/tomcat-users.xml来完成.滚动到底部并添加角色,如下所示:
By doing this, you have opened SSO valve. Next, you need to set up roles in tomcat. That is done by editing conf/tomcat-users.xml. Scroll to the bottom and add roles, something like this:
<role rolename="CUSTOMER"/>
<role rolename="ADMIN"/>
现在,如果您想进行纯文本身份验证,还可以通过添加用户来添加用户:
Now, if you want plain text authentication you can add users also by adding :
<user username="admin" password="admin" roles="ADMIN"/>
<user username="customer" password="customer" roles="CUSTOMER"/>
或者,如果您有数据库,则可以在conf/server.xml中设置与数据库服务器的连接,我正在使用MySQL:
or, if you have database you can set up connection with database server in conf/server.xml, I'm using MySQL:
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.cj.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/databaseName?user=serverUsername&password=serverPassword"
userTable="usersTable" userNameCol="usernameColumnName" userCredCol="passwordColumnName"
userRoleTable="roleTable" roleNameCol="roleColumnName"/>
注意:您需要在tomcat lib目录中提供连接驱动程序. 有关更多信息: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JDBCRealm
最后,在您的一个或多个Web应用程序中,找到web.xml并添加安全约束:
Finally in your web app or apps, find web.xml and add security constrains:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>this is ignored currently</realm-name>
</login-config>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
注意:如果您有自定义的登录"页面,则可以编辑<login-config>
标记并更改为以下内容:
Note: if you have custom Login page you can edit <login-config>
tag and change to following:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
干杯.
这篇关于Tomcat中的单一登录实施的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!