This guide provides a tutorial for creating a shared authentication Realm between multiple webapps running in the same Tomcat(>=5.5) container.
Realms are configured in the Engine element of $CATALINA_HOME/conf/server.xml. Move the Jetspeed Realm element from $CATALINA_HOME/conf/Catalina/localhost/jetspeed.xml to $CATALINA_HOME/conf/server.xml replacng or commenting out the UserDatabase Realm.
<Realm className="org.apache.catalina.realm.JAASRealm" appName="Jetspeed" userClassNames="org.apache.jetspeed.security.impl.UserPrincipalImpl" roleClassNames="org.apache.jetspeed.security.impl.RolePrincipalImpl" useContextClassLoader="false" debug="0"/>
Uncomment the Tomcat single sign on Valve in $CATALINA_HOME/conf/server.xml.
<Host name="localhost" appBase="webapps"> <!-- Enable tomcat SSO *** --> <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> </Host>
Create a security-constraint in each webapp web.xml descriptor.
<security-constraint> <web-resource-collection> <web-resource-name>Whatever</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Jetspeed</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the Manager Application </description> <role-name>manager</role-name> </security-role>
1. The default Tomcat Realm must be replaced, removed, or commented out. A known side effect of this prevents the Tomcat manager application from working. It can be resolved by using the Jetspeed realm in $CATALINA_HOME/server/webapps/manager/manager.xml.
<login-config> <auth-method>BASIC</auth-method> <realm-name>Jetspeed</realm-name> </login-config>
2. Authentication must be made in Jetspeed before accessing other webapps.