I am trying to use JAAS for my servlet application. I could get a basic JAAS simple authentication (non-servlet) working.
But with the servlet where to i set this variable?
-Djava.security.auth.login.config=test_jaas.config
I also tried exporting JVM_OPTS to this as per this page http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
But I still keep getting, "No LoginModules configured" while creating LoginContex.
Any help is appreciated.
It depends on the servlet container. If you're using Tomcat you have to configure a JAAS realm. See the Tomcat configuration documentation under Realms.
instead you can go to java_home/conf/security/java.security and add your config location by adding the following
login.config.url.1=file:[test_jaas.config path]
Related
I'm working on a Spring MVC project. When I run the application the URL is:
http://localhost:8080/insureYou/login
but I want:
http://localhost:8080/contextroot/insureYou/login
Is there any way of doing it without hardcoding?
In a spring-boot project you can set the context-root by specifying the following property in the application.properties file:
server.servlet.context-path=/yourcontextroot
Without spring-boot, it depends on the webserver and Tomcat offers a number of options.
I would personally opt for a META-INF/context.xml file in your war file containing the necessary information but you can also include the information in the server.xml file or in a ROOT.xml file.
See the following links for further guidance:
How to set the context path of a web application in Tomcat 7.0
https://tomcat.apache.org/tomcat-8.0-doc/config/context.html
https://www.baeldung.com/tomcat-root-application
This type of deployment however sometimes is handled separately, through an Apache server reverse-proxy or through URL rewriting.
I recommend you ascertain whether this type of need is already taken care of by your company's deployment procedures, as you may not need to deal with it at all.
I am running a java spring application on Jboss EAP 6.1
X-FRAME-OPTIONS in the request header when performing a file upload is DENY and I receive the following errors. The file upload also does not appear on the page.
All of the solutions I see online say that I should try setting this value to SAMEORIGIN. They also show how to configure this in Apache but does anyone know how I set this option for Jboss?
Ok the other way is to create a HTTP filter.
Create a class that implements javax.servlet.Filter
Annotate the class with #WebFilter("/*") or the context you need.
In the doFilter method set the HTTP header you need and do not forget to call chain.doFilter(request, response); afterwards.
Build this class into a JAR and make sure it is placed in your WEB-INF/lib directory.
See the answer to this question system-properties In standalone-full.xml
In your standalone XML you can set the Apache Catalina properties like this:
<system-properties>
<property name="org.apache.tomcat.util.http.Parameters.MAX_COUNT" value="5000"/>
</system-properties>
I'm developing a java web project using tomcat. I've successfully implemented forms authentication in my project.
Is there a way to configure the Realm not in the server.xml?
I need to send my project to someone - and there is a demand that he wouldn't have to do such "extra" configuration.
Is there a way to put the Realm section somewhere in my project - like at web.xml?
Perhaps there is some other way that I can achieve that?
Thanks
Yes, you can put realm into server.xml but also into context.xml.
Moreover this is recommended configuration.
Please refer to the following document for details: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
I'm trying to integrate Web SSO via JAAS in my web application under Apache Tomcat.
I've worked through Apache documentation and other stuff to get inside.
Common approach is to implement login module, configure web application (web.xml to be exact), configure server (jaas.config, server.xml) as described at http://jakarta.apache.org/slide/howto-jaas.html.
On my company environment I've faced issue with configuring server. Configuring environment variables as proposed by Apache is even worse.
Is there any way to make all configuration inside my web application?
PS. I do know about Spring security framework.
Thanks.
You are looking for http://spnego.sourceforge.net. There is a filter which does true SSO and JAAS.
There is a way to implement all security inside web app, except the security realm properties files (or LDAP / DB if you prefer). Read up on Java security. Also about tomcat's SSO valve
My Spring MVC application is runnning on a Tomcat behind an Apache 2 acting as a proxy. I access my app directly in tomcat via an url like http://localhost:8080/myapp. I access my app via proxy with an url like http://localhost/tomcat/myapp.
The second url makes my app behave incorrectly, because it supposes it lives in /myapp context path, but via the proxy it should live in /tomcat/myapp.
Is there a variable in Spring or Servlet API, that holds /tomcat/myapp if I am accessing it via the proxy, and /myapp if I am accessing it directly?
Thanx
I think you need to enable proxy support then. This link might help you or give a little hint in this regards.
http://tomcat.apache.org/tomcat-6.0-doc/proxy-howto.html
Just stumbled upon this post while searching for the config setting for tomcat.
There is a much easier way to configure tomcat to handle the exact situation you are experiencing. See:
http://tomcat.apache.org/tomcat-5.5-doc/proxy-howto.html
Simple configure a connector for the proxy in tomcat, and the servlet/struts context path issues will resolve.
-edit: Obviously I didn't read #2 comment...
I mean when I redirect to "/index.jsp"
it actually redirects to
"http://localhost/myapp/index.jsp"
instead of
"http://localhost/tomcat/myapp/index.jsp"
Redirect to index.jsp instead of /index.jsp
When you redirect to /index.jsp this acts as an absolute url and it gets redirected to myapp/index.jsp. index.jsp is a relative url and will redirect to tomcat/myapp/index.jsp