Integrating Tomcat with Microsoft Active Directory (AD)

-

Pre-requiste for Integrating LDAP with Tomcat:

Operating System : Windows with Active Directory 2003 and above

Java : Jdk 1.6 and above

Application Server : Tomcat 6.0 and above

Populate LDAP

We will set the security to permit a specific group of users to access Webapps Deployed. This group needs a name, which is configured within LDAP. You may already have an appropriate group.

  1. Create users in Active Directory for Application to validate.
  2. Create a group eg: TomcatUsersGroup and Associate users with this group in Active Directory using the wizard.

Configuring Tomcat to Use LDAP

Next, we need to configure tomcat to connect to ldap. This is specified in this document :http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm

This is the difficult step. It requires adding an entry to server.xml, found in the conf folder for Tomcat. For our example, the entry is as follows:

Comment the following lines in the server.xml:

<!– <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

resourceName="UserDatabase"/>

–>

To comment native Tomcat-users.xml and to use LDAP Credentials:

<!– <GlobalNamingResources>

Editable user database that can also be used by

UserDatabaseRealm to authenticate users

<Resource name="UserDatabase" auth="Container"

type="org.apache.catalina.UserDatabase"

description="User database that can be updated and saved"

factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

pathname="conf/tomcat-users.xml" />

</GlobalNamingResources>

–>

 

Add the Following Line to the Server.xml for LDAP Configuration:

 

        <Realm className="org.apache.catalina.realm.JNDIRealm"                    connectionURL="ldap://ldapserver.lucidtechsol.com:389"                  authentication="simple"                  referrals="follow"                    connectionName="ldapsearch@lucidtechsol.com"                  connectionPassword="enter password here"                    userSearch="(sAMAccountName={0})"                  userBase="CN=Users,DC=lucidtechsol,DC=com"                  userSubtree="true"                    roleSearch="(member={0})"                  roleName="cn"                  roleSubtree="true"                  roleBase="CN=Users,DC=lucidtechsol,DC=com"                          />

 

Configuring Application in deployed Webapps Folder to Use AD (or) LDAP Settings:

Finally, add a security constraint to application in the web.xml file:

eg: Tomcat_Installed_Directory\webapps\application\web.xml

<security-constraint>    <display-name>Example Security Constraint</display-name>      <web-resource-collection>        <web-resource-name>Protected Area</web-resource-name>  <!-- Define the context-relative URL(s) to be protected -->         <url-pattern>/*</url-pattern>  <!-- If you list http methods, only those methods are protected -->        <http-method>DELETE</http-method>          <http-method>GET</http-method>        <http-method>POST</http-method>        <http-method>PUT</http-method>    </web-resource-collection>      <auth-constraint>  <!-- Anyone with one of the listed roles may access this area -->        <role-name>TomcatUsersGroup</role-name>    </auth-constraint>  </security-constraint>    <!-- Default login configuration uses basic authentication -->    <login-config>    <auth-method>BASIC</auth-method>    <realm-name>Tomcat LDAP Integrated Applicaiton</realm-name>  </login-config>           <!-- Security roles referenced by this web application -->    <security-role>    <descriptions>LDAP Users</descriptions>    <role-name>TomcatUsersGroup</role-name>  </security-role>    Test your users is getting validated by login to application with LDAP (or) AD Credentials after restarting   the Tomcat Server

 



Popular posts from this blog

Shrink you container size up to 95%.

-
BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment. https://github.com/negativa-ai/BLAFS?tab=readme-ov-file
Read more

alma linux: dnf Module yaml error: Unexpected key in data

-
While applying recent updates to a server running Rocky Linux 8, an error presented itself. Module yaml error: Unexpected key in data: static_context [line 9 col 3] Module yaml error: Unexpected key in data: static_context [line 9 col 3] The solution turned out to be a simple one. Update the libmodulemd first to correct the problem then perform the dnf updates as usual. dnf update libmodulemd For a detailed explanation as to the cause of this problem.
Read more