Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Configuring security context for "/admin"(Is is possible to override the default security without changing the jar?)
icon5.gif  Configuring security context for "/admin" [message #1760981] Thu, 04 May 2017 20:36 Go to next message
Bill Mair is currently offline Bill MairFriend
Messages: 72
Registered: July 2009
Member
I would like to change the security configurations of WABs to use SPNEGO and LDAP roles without having to modify their contents.

I'm using "Virgo Server for Apache Tomcat" and I have tried all sorts of files like:

$KERNEL_HOME/configuration/web.xml
$KERNEL_HOME/configuration/context.xml.default
$KERNEL_HOME/configuration/Catalina/localhost/admin.xml

To be honest, I'm not even sure if I even created the files with the right content and the documentation and just about all the examples I could find were about editing the contents of the web.xml in the application being deployed. So after an afternoon of getting nowhere, I thought I'd ask the experts.

How can I set up the security as I need it through configuration and not modification?



P.S. Everything works if I modify the contents of the management console jar (WEB-INF/web.xml) as follows:

Original:
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Virgo Server Admin Console</web-resource-name>
      <url-pattern>/resources/*</url-pattern>
      <url-pattern>/content/*</url-pattern>
      <url-pattern>/jolokia/*</url-pattern>
      <url-pattern>/upload/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Virgo Admin Console</realm-name>
  </login-config>
  
  <security-role>
    <role-name>admin</role-name>
  </security-role>


Modified:
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Virgo Server Admin Console</web-resource-name>
      <url-pattern>/resources/*</url-pattern>
      <url-pattern>/content/*</url-pattern>
      <url-pattern>/jolokia/*</url-pattern>
      <url-pattern>/upload/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Virgo-Administrator</role-name>
      <role-name>Virgo-Operator</role-name>
    </auth-constraint>
  </security-constraint>
  
  <login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>Virgo Admin Console</realm-name>
  </login-config>
  
  <security-role>
    <role-name>Virgo-Administrator</role-name>
  </security-role>
  
  <security-role>
    <role-name>Virgo-Operator</role-name>
  </security-role>

Re: Configuring security context for "/admin" [message #1761205 is a reply to message #1760981] Mon, 08 May 2017 21:32 Go to previous messageGo to next message
Violeta Georgieva is currently offline Violeta GeorgievaFriend
Messages: 10
Registered: October 2016
Junior Member
Hi,

You should be able to provide your own global web.xml.

I tested this
$KERNEL_HOME/configuration/web.xml
and it is working.

Did you try to put the configuration above (the one that you changed in WEB-INF/web.xml for management console jar) in the $KERNEL_HOME/configuration/web.xml
What's happening?

Regards,
Violeta
Re: Configuring security context for "/admin" [message #1761208 is a reply to message #1761205] Mon, 08 May 2017 22:48 Go to previous messageGo to next message
Bill Mair is currently offline Bill MairFriend
Messages: 72
Registered: July 2009
Member
Hi Violeta,

I tried copying the modified web.xml to that location and it didn't work, I still got a BASIC authentication window popping up and some weirdness with JNDIRealm and windows AD.

When I did that it also broke just about all the other WABs that are installed (these are developed in house and they have their own roles and paths).

As I said, I probably got the contents completely wrong, could you please supply the file that you used to test it?

I want to be able to change it on a "per application" basis, so that individual applications can define their own roles and I can override them if they don't fit.
Re: Configuring security context for "/admin" [message #1761213 is a reply to message #1761208] Tue, 09 May 2017 05:40 Go to previous messageGo to next message
Violeta Georgieva is currently offline Violeta GeorgievaFriend
Messages: 10
Registered: October 2016
Junior Member
Bill Mair wrote on Mon, 08 May 2017 22:48

I want to be able to change it on a "per application" basis, so that individual applications can define their own roles and I can override them if they don't fit.


Then you have to change it as you did for the management console because the global web.xml will be applied to all web bundles.

Regards,
Violeta
Re: Configuring security context for "/admin" [message #1761229 is a reply to message #1761213] Tue, 09 May 2017 09:03 Go to previous message
Bill Mair is currently offline Bill MairFriend
Messages: 72
Registered: July 2009
Member
I was hoping for something similar to the context configuration but I can live with manually changing the security on the few external jars that are in use.

Thanks for the clarification Violeta.
Previous Topic:Disable recursive jar manifest 'Class-Path' verification
Next Topic:Minor change requested for dmk.sh
Goto Forum:
  


Current Time: Thu Nov 15 09:25:28 GMT 2018

Powered by FUDForum. Page generated in 0.02381 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top