You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by Krishnakumar B <ww...@gmail.com> on 2006/04/20 08:06:02 UTC
SSO in Tomcat
Hi,
I have a ? related to SSO in tomcat.
I can build geronimo configuring a SSO Valve and use this in web
applications deployed in Tomcat. This works.
If i deploy a new Valve along with a web application this does not work.
Can valves be deployed at application level so that it works for some
web applications? I dont need to have a pre-built Valve enabled with
the Server if this works.
Regards
Krish
Re: SSO in Tomcat
Posted by Krishnakumar B <ww...@gmail.com>.
Hi Jeff,
I have tried this change but same results. Still does not work.
The SSOValve GBean is running.
J2EEApplication=null,J2EEModule=test/web/1,J2EEServer=geronimo,j2eeType=TomcatValve,name=SSOValve
[running]
Any other changes i need to make?
Regards
Krish
On 4/20/06, Jeff Genender <jg...@apache.org> wrote:
> Looks like the syntax may be off...and you are missing a namespace...
>
> Try:
>
> <container-config>
> <!-- Tomcat Specific Container Declarations -->
> <tomcat
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0/config">
> <valve-chain>SSOValve</valve-chain>
> <tomcat-realm>TomcatJAASRealm</tomcat-realm>
> </tomcat>
> </container-config>
>
>
> Krishnakumar B wrote:
> > hi Jeff,
> >
> > Thanks for the reply. I have tried this but am not able to get it to work.
> >
> > My plan looks like this for test/web/1 and test/web/2. Both apps use
> > same Realm and Valve.
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <web-app xmlns="http://geronimo.apache.org/xml/ns/web"
> > xmlns:sec="http://geronimo.apache.org/xml/ns/security"
> > configId="test/web/2">
> > <context-root>/web2</context-root>
> > <context-priority-classloader>false</context-priority-classloader>
> > <container-config container="Tomcat">
> > <config-param name="TomcatRealm">TomcatJAASRealm</config-param>
> > <config-param name="TomcatValveChain">SSOValve</config-param>
> > </container-config>
> > <security-realm-name>geronimo-properties-realm</security-realm-name>
> > <security>
> > <default-principal realm-name="properties-realm">
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > name="system" />
> > </default-principal>
> > <role-mappings>
> > <role role-name="admin">
> > <realm realm-name="properties-realm">
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> > name="admin" designated-run-as="true" />
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > name="system" />
> > </realm>
> > </role>
> > <role role-name="users">
> > <realm realm-name="properties-realm">
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> > name="users" designated-run-as="true" />
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > name="user1" />
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > name="user2" />
> > </realm>
> > </role>
> > <role role-name="guest">
> > <realm realm-name="properties-realm">
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> > name="guest" designated-run-as="true" />
> > <principal
> > class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > name="guest1" />
> > </realm>
> > </role>
> > </role-mappings>
> > </security>
> >
> > <gbean name="SSOValve" class="org.apache.geronimo.tomcat.ValveGBean">
> > <attribute
> > name="className">org.apache.catalina.authenticator.SingleSignOn</attribute>
> > </gbean>
> > </web-app>
> >
> > Regards
> > Krish
> >
> > On 4/20/06, Jeff Genender <jg...@apache.org> wrote:
> >> Yes, you should be able to do this. Look at the geronimo-web.xml for
> >> the Tomcat descriptor. There is a xml tag that lets you reference a
> >> valve in the geronimo-web.xml.
> >>
> >> Krishnakumar B wrote:
> >>> Hi,
> >>>
> >>> I have a ? related to SSO in tomcat.
> >>>
> >>> I can build geronimo configuring a SSO Valve and use this in web
> >>> applications deployed in Tomcat. This works.
> >>>
> >>> If i deploy a new Valve along with a web application this does not work.
> >>>
> >>> Can valves be deployed at application level so that it works for some
> >>> web applications? I dont need to have a pre-built Valve enabled with
> >>> the Server if this works.
> >>>
> >>> Regards
> >>> Krish
>
Re: SSO in Tomcat
Posted by Krishnakumar B <ww...@gmail.com>.
hi Jeff,
Thanks for the reply. I have tried this but am not able to get it to work.
My plan looks like this for test/web/1 and test/web/2. Both apps use
same Realm and Valve.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/web"
xmlns:sec="http://geronimo.apache.org/xml/ns/security"
configId="test/web/2">
<context-root>/web2</context-root>
<context-priority-classloader>false</context-priority-classloader>
<container-config container="Tomcat">
<config-param name="TomcatRealm">TomcatJAASRealm</config-param>
<config-param name="TomcatValveChain">SSOValve</config-param>
</container-config>
<security-realm-name>geronimo-properties-realm</security-realm-name>
<security>
<default-principal realm-name="properties-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system" />
</default-principal>
<role-mappings>
<role role-name="admin">
<realm realm-name="properties-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" designated-run-as="true" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system" />
</realm>
</role>
<role role-name="users">
<realm realm-name="properties-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="users" designated-run-as="true" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user1" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user2" />
</realm>
</role>
<role role-name="guest">
<realm realm-name="properties-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="guest" designated-run-as="true" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest1" />
</realm>
</role>
</role-mappings>
</security>
<gbean name="SSOValve" class="org.apache.geronimo.tomcat.ValveGBean">
<attribute
name="className">org.apache.catalina.authenticator.SingleSignOn</attribute>
</gbean>
</web-app>
Regards
Krish
On 4/20/06, Jeff Genender <jg...@apache.org> wrote:
> Yes, you should be able to do this. Look at the geronimo-web.xml for
> the Tomcat descriptor. There is a xml tag that lets you reference a
> valve in the geronimo-web.xml.
>
> Krishnakumar B wrote:
> > Hi,
> >
> > I have a ? related to SSO in tomcat.
> >
> > I can build geronimo configuring a SSO Valve and use this in web
> > applications deployed in Tomcat. This works.
> >
> > If i deploy a new Valve along with a web application this does not work.
> >
> > Can valves be deployed at application level so that it works for some
> > web applications? I dont need to have a pre-built Valve enabled with
> > the Server if this works.
> >
> > Regards
> > Krish
>
Re: SSO in Tomcat
Posted by Jeff Genender <jg...@apache.org>.
Yes, you should be able to do this. Look at the geronimo-web.xml for
the Tomcat descriptor. There is a xml tag that lets you reference a
valve in the geronimo-web.xml.
Krishnakumar B wrote:
> Hi,
>
> I have a ? related to SSO in tomcat.
>
> I can build geronimo configuring a SSO Valve and use this in web
> applications deployed in Tomcat. This works.
>
> If i deploy a new Valve along with a web application this does not work.
>
> Can valves be deployed at application level so that it works for some
> web applications? I dont need to have a pre-built Valve enabled with
> the Server if this works.
>
> Regards
> Krish