Over a million developers have joined DZone.

Enabling CLIENT-CERT based authorization on Tomcat – Part 2

· Java Zone

Discover how AppDynamics steps in to upgrade your performance game and prevent your enterprise from these top 10 Java performance problems, brought to you in partnership with AppDynamics.

In continuation of my earlier blogs Enabling CLIENT-CERT based authorization on Tomcat and Enabling SSL in Tomcat, in this blog I will demonstrate, how you can configure multiple application to control access to their web resources using CLIENT-CERT mechanism. Please read both the above blogs, before reading further.

There are 2 tomcat web applications in the code base in GitHub called “client1″ and “client2″, if you go to web.xml of client1 it looks as below,

<security-constraint>
<web-resource-collection>
<web-resource-name>Demo App</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>secureconn</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Demo App</realm-name>
</login-config>

<security-role>
<role-name>secureconn</role-name>
</security-role>

If you notice, there is a web resource called “/secure” it will be only accessed by a user with role “secureconn”. And in “client2″ web.xml you have,

<security-constraint>
<web-resource-collection>
<web-resource-name>Demo App</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>secureconn1</role-name>
</auth-constraint>
</security-constraint>

Again, if you notice in client2, there is a web resource called “/secure” it will be only accessed by a user with role “secureconn1″.

In a typical enterprise, you will use a LDAPRealm and users with secureconn role can access client1 web resource and users with secureconn1 role can access client2 web resource. But in this demo we will use MemoryRealm and configure tomcat-users.xml with these users and roles as below,

<role rolename="secureconn"/>
<user username="CN=client1, OU=Application Development, O=GoSmarter, L=Bangalore, ST=KA, C=IN" password="null"  roles="secureconn"/>
<role rolename="secureconn1"/>
<user username="CN=client2, OU=Application Development, O=GoSmarter, L=Bangalore, ST=KA, C=IN" password="null"  roles="secureconn1"/>

I hope this blog helped you.



The Java Zone is brought to you in partnership with AppDynamics. AppDynamics helps you gain the fundamentals behind application performance, and implement best practices so you can proactively analyze and act on performance problems as they arise, and more specifically with your Java applications. Start a Free Trial.

Topics:

Published at DZone with permission of Krishna Prasad , DZone MVB .

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}