I'm developing a java web project using tomcat. I've successfully implemented forms authentication in my project.
Is there a way to configure the Realm not in the server.xml?
I need to send my project to someone - and there is a demand that he wouldn't have to do such "extra" configuration.
Is there a way to put the Realm section somewhere in my project - like at web.xml?
Perhaps there is some other way that I can achieve that?
Thanks
Yes, you can put realm into server.xml but also into context.xml.
Moreover this is recommended configuration.
Please refer to the following document for details: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
Related
Am trying spring cloud config server and client as stand-alone separate applications.
on git, i have folder structure like below-
my-config
----projectfolder1
--------application.properties
----projectfolder2
--------application.properties
I would like that spring cloud client named "projectfolder1" should search application.properties within projectfolder1 on git from spring cloud server i.e
----projectfolder1
--------application.properties
and client "projectfolder2" should get the below mentioned properties from spring cloud config server
----projectfolder2
--------application.properties
My Spring Cloud Config server application.properties has-
spring.cloud.config.server.git.search-paths='{application}'
projectfolder1 in its bootstrap.properties has
spring.application.name=projectfolder1
and projectfolder2 in its bootstrap.properties has
spring.application.name=projectfolder2
According to spring cloud config documentation '{application}' in search path should find the files within the "resolved application name" folder on git. But the above '{application}' doesn't work for me. Clients projectfolder1 and projectfolder2 are not able to get any property at all.
pls assist. i know its possible duplicate of another question on stack overflow. but that question is not resolved and i do not have rights to comment on any question being a new user, So i created this as another question here.
I solved it myself.
The trick is to give search-path {application} without quotes as given below.
It was a little tricky as spring documentation mentions it as '{application}' , probably spring developers just wanted to highlight it with quotes.
spring.cloud.config.server.git.search-paths={application}
instead of
spring.cloud.config.server.git.search-paths='{application}'
I'm working on a Spring MVC project. When I run the application the URL is:
http://localhost:8080/insureYou/login
but I want:
http://localhost:8080/contextroot/insureYou/login
Is there any way of doing it without hardcoding?
In a spring-boot project you can set the context-root by specifying the following property in the application.properties file:
server.servlet.context-path=/yourcontextroot
Without spring-boot, it depends on the webserver and Tomcat offers a number of options.
I would personally opt for a META-INF/context.xml file in your war file containing the necessary information but you can also include the information in the server.xml file or in a ROOT.xml file.
See the following links for further guidance:
How to set the context path of a web application in Tomcat 7.0
https://tomcat.apache.org/tomcat-8.0-doc/config/context.html
https://www.baeldung.com/tomcat-root-application
This type of deployment however sometimes is handled separately, through an Apache server reverse-proxy or through URL rewriting.
I recommend you ascertain whether this type of need is already taken care of by your company's deployment procedures, as you may not need to deal with it at all.
I have an access problem in a Java web application and I think that it's because of the rights of JBoss.
I'm using JBoss 7.1. I found the files application-roles.properties and application-users.properties and I think that it's where we must assign the rights. Actually, I have nothing in these files.
I've searched about this conf but I don't find anything which can help me.
Can anybody help me to give all rights to any users please ? And maybe explain me how it works please.
Just adding users to file is not going to do the trick. Here are the basic steps in adding authentincation and authorization in Java Web App.
Create a login module and define a JNDI name for the login module in
the Java application server. There are many login modules to choose
from such as LDAP, Database, UserProperties, Certificate, etc. This is where you can point the login module to the application-user.properties for principal authentication and application-roles.properties for the roles definitions.
Then you need to add proper web application security-constraints in your web.xml along with authentication type of basic or form. This is pretty standard configuration.
Finally, add the login module JNDI name in the jboss-web.xml file under WEB-INF (for a WAR file) or META-INF (for a JAR or an EAR file).
You can follow along this example if you are planning to use the application-user and roles file for your application. Most organizations usually use LDAP or Database type of login modules for authentication since that's more scalable and secured. You can see a list of few other login modules here.
I implemented a custom login module I want to use with the JBoss AS 6. I followed some tutorial guidelines on the internet, namely http://x-techteam.blogspot.com/2007/04/jboss-custom-login-module-simple.html.
They write about configuring ${JBOSS_HOME}/server/default/conf/login-config.xml and deploy a JAR with the custom login module, but I don't like the idea of changing a configuration within the JBoss folder.
I really would like to have ALL configurations within my WAR file. The EE application I write will be sent to some customers and they should not have to worry about configuring some security contexts or roles via XML.
So my question is:
Can I have a local login-config.xml within my war that will be picked up by JBoss?
Can the custom login module class remain within my war, without having to deploy it to some JBoss folder?
Thank you in advance.
Use dynamic security domains:
link
I am trying to use JAAS for my servlet application. I could get a basic JAAS simple authentication (non-servlet) working.
But with the servlet where to i set this variable?
-Djava.security.auth.login.config=test_jaas.config
I also tried exporting JVM_OPTS to this as per this page http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
But I still keep getting, "No LoginModules configured" while creating LoginContex.
Any help is appreciated.
It depends on the servlet container. If you're using Tomcat you have to configure a JAAS realm. See the Tomcat configuration documentation under Realms.
instead you can go to java_home/conf/security/java.security and add your config location by adding the following
login.config.url.1=file:[test_jaas.config path]