Introduction Tomcat Configuration
Before starting we need to understand the Tomcat configuration (Context) hierarchy. Tomcat configuration can be placed in three places.
- In $CATALINA_BASE/conf/server.xml. - In application /META-INF/context.xml. - In $CATALINA_BASE/conf/[enginename]/[hostname]/[appname].xml. The default enginename is Catalina. The default hostname is localhost. Which resolves above path to $CATALINA_BASE/conf/Catalina/localhost/[appname].xml. [http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context]
The recommended alternative is the last, externally the application, but not intrusive the Tomcat server.
This seperation makes also automated configuration more easily:
- One package with standardised Tomcat configuration.
- And another package for each application and their seperated configuration.
Next step is to do the actual Authentication configuration which is done by a Realm component.
"A Catalina container (Engine, Host, or Context) may contain no more than ONE Realm element" [http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#Introduction]
So a Realm is kind of like a singletone, but it also have scoope, depending where we place it.
- Inside an
element - This Realm will be shared across ALL web applications on ALL virtual hosts, UNLESS it is overridden by a Realm element nested inside a subordinate or element. - Inside a element - This Realm will be shared across ALL web applications for THIS virtual host, UNLESS it is overridden by a Realm element nested inside a subordinate element. - Inside a element - This Realm will be used ONLY for THIS web application. [http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#Configuring_a_Realm]
Tomcat comes with several authentication modules (Realm) out of the boxes. Here we will use the LDAP authentication module org.apache.catalina.realm.JNDIRealm.
To test this we create a simple web application.