tags:

views:

7929

answers:

3
+7  Q: 

Configuring Tomcat to authenticate using Windows Active Directory

What is the best way to configure Tomcat 5.5 or later to authenticate users from Windows Active Directory?

+8  A: 

from www.jspwiki.org

See : ActiveDirectoryIntegration

Try this in the server.xml with your ldap-settings :

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

           connectionURL="ldap://youradsserver:389"
           alternateURL="ldap://youradsserver:389"         
           userRoleName="member"
           userBase="cn=Users,dc=yourdomain"
           userPattern="cn={0},cn=Users,dc=yourdomain"
           roleBase="cn=Users,dc=yourdomain"
           roleName="cn"
           roleSearch="(member={0})"
           roleSubtree="false"
           userSubtree="true" 
   />

and define the role in the tomcat-users.xml and the web.xml of your application

edit webapp_root/WEB_INF/Web.xml file as follows: 

<security-constraint>
   <display-name>your web app display name</display-name>
   <web-resource-collection>
     <web-resource-name>Protected Area</web-resource-name>
     <url-pattern>*.jsp</url-pattern>
     <url-pattern>*.html</url-pattern>
     <url-pattern>*.xml</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>yourrolname(ADS Group)</role-name>
   </auth-constraint>
 </security-constraint>
 <login-config>
   <auth-method>FORM</auth-method>
   <form-login-config>
     <form-login-page>/login.jsp</form-login-page>
     <form-error-page>/error.jsp</form-error-page>
   </form-login-config>
 </login-config>
 <security-role>
   <description>your role description</description>
   <role-name>yourrolename(i.e ADS group)</role-name>
 </security-role>
Blauohr  2008-11-06 08:03:10
The link is broken
Antonio  2010-10-05 14:18:46
New Link to www.jspwiki.org (Thanks Antonio)
Blauohr  2010-10-08 08:23:02
+1  A: 

Hi Does anyone know if Tomcat running on Unix (solaris) can authenticate against Windows Active Directory?

Or does Tomcat have to reside on Windows before it can?

 2008-12-24 09:36:26
Yes, that does work.
nhnb  2010-06-29 20:35:17
+1  A: 

The LDAP based authentication works without any additional steps on any operating system.

http://spnego.sf.net can be used for silent authentication of users logged into the Windows Domain. This needs an domain account that is registered in the domain to be authoritative for the provided service. It works on both Windows and Linux.

nhnb  2009-12-14 09:08:08

related questions

Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
How to avoid temporary file creation on server-side when pushing back full HTML content to clients?
What tools are there for timed batch processes in J2EE?
Eclipse - How can I change a 'Project Facet' from Tomcat 6 to Tomcat 5.5?
What must I do to make content such as images served over HTTPS be cached client-side?
Packaging up Tomcat
What is the Simplest Tomcat/Apache Connector (Windows)?
Wildcards for resources in a Tomcat Servlet's context.xml
How to debug a JSP tomcat service using eclipse?
Why does Tomcat 5.5 (with Java 1.4, running on Windows XP 32-bit) suddenly hang?
In Tomcat how can my servlet determine what connectors are configured?
tomcat5 fails to start on CentOS 5 with NoClassDefFoundError exception
Accessing Tomcat Context Path from Servlet
Unit-testing servlets
Some Tomcat webapps not opening
Java ConnectionPool connection not closing, stuck in 'sleep'
Tomcat vs Weblogic JNDI Lookup
Tomcat doFilter() invoked with committed response
Difference between the Apache HTTP Server and Apache Tomcat?
Should you run one or multiple applications per tomcat cluster?
Invalid <url-pattern> servlet mapping in tomcat 6.0
How do you configure tomcat to bind to a single ip address (localhost) instead of all addresses?
Java+Tomcat, Dying databse connection?
Arrays of Arrays in Java