Configuring security context for "/admin" [message #1760981] |
Thu, 04 May 2017 20:36 |
|
I would like to change the security configurations of WABs to use SPNEGO and LDAP roles without having to modify their contents.
I'm using "Virgo Server for Apache Tomcat" and I have tried all sorts of files like:
$KERNEL_HOME/configuration/web.xml
$KERNEL_HOME/configuration/context.xml.default
$KERNEL_HOME/configuration/Catalina/localhost/admin.xml
To be honest, I'm not even sure if I even created the files with the right content and the documentation and just about all the examples I could find were about editing the contents of the web.xml in the application being deployed. So after an afternoon of getting nowhere, I thought I'd ask the experts.
How can I set up the security as I need it through configuration and not modification?
P.S. Everything works if I modify the contents of the management console jar (WEB-INF/web.xml) as follows:
Original:
<security-constraint>
<web-resource-collection>
<web-resource-name>Virgo Server Admin Console</web-resource-name>
<url-pattern>/resources/*</url-pattern>
<url-pattern>/content/*</url-pattern>
<url-pattern>/jolokia/*</url-pattern>
<url-pattern>/upload/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Virgo Admin Console</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
Modified:
<security-constraint>
<web-resource-collection>
<web-resource-name>Virgo Server Admin Console</web-resource-name>
<url-pattern>/resources/*</url-pattern>
<url-pattern>/content/*</url-pattern>
<url-pattern>/jolokia/*</url-pattern>
<url-pattern>/upload/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Virgo-Administrator</role-name>
<role-name>Virgo-Operator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>Virgo Admin Console</realm-name>
</login-config>
<security-role>
<role-name>Virgo-Administrator</role-name>
</security-role>
<security-role>
<role-name>Virgo-Operator</role-name>
</security-role>
|
|
|
|
Re: Configuring security context for "/admin" [message #1761208 is a reply to message #1761205] |
Mon, 08 May 2017 22:48 |
|
Hi Violeta,
I tried copying the modified web.xml to that location and it didn't work, I still got a BASIC authentication window popping up and some weirdness with JNDIRealm and windows AD.
When I did that it also broke just about all the other WABs that are installed (these are developed in house and they have their own roles and paths).
As I said, I probably got the contents completely wrong, could you please supply the file that you used to test it?
I want to be able to change it on a "per application" basis, so that individual applications can define their own roles and I can override them if they don't fit.
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03256 seconds