Versions Compared

Old Version 14

changes.mady.by.user Andrew Woods

Saved on

compared with

New Version 15

changes.mady.by.user Andrew Woods

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Tomcat

    • Create or edit your $CATALINA_HOME/conf/tomcat-users.xml file.  It has entries of the form
       <user name="principal" password="password" roles="role1, role2, ..." />

      where:

      • name is the user's login id (the principal)
      • password is the user's password
      • roles are the servlet roles they are assigned upon login;  tomcat allows you to specify any number of roles (or no role at all).  Fedora currently supports two roles:  fedoraAdmin, which is the superuser role, and has rights to do everything;  and fedoraUser, which is a user role, and must be granted permissions by the Policy Enforcement Point to perform actions.

      Sample tomcat-users.xml file that contains three users, two of whom are regular users, and the third of whom (fedoraAdmin) is a Fedora superuser:

      Code Block
      languagexml
      titletomcat-users.xml
      <tomcat-users>
  <role rolename="fedoraUser" />
  <role rolename="fedoraAdmin" />
  <user name="testuser" password="password1" roles="fedoraUser" />
  <user name="adminuser" password="password2" roles="fedoraUser" />
  <user name="fedoraAdmin" password="secret3" roles="fedoraAdmin" />
</tomcat-users>

    • Configure your Tomcat login realm.
      Modify your file $CATALINA_HOME/conf/server.xml file to configure the login realm with the Fedora 4 webapp context:

      Code Block
      languagexml
      titleTomcat server.xml Realm
      <Context>
...
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
         resourceName="UserDatabase" />
</Context>

      See the Tomcat Realms documentation for more details.
       

    • Configure your web.xml

      Modify fcrepo-webapp/src/main/webapp/WEB-INF/web.xml by uncommenting the security configuration

      Code Block
        <!--Uncomment section below to enable Basic-Authentication-->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Fedora4</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>PUT</http-method>
      <http-method>HEAD</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>PATCH</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>fedoraUser</role-name>
      <role-name>fedoraAdmin</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>fcrepo</realm-name>
  </login-config>

      Note, the "auth-constraint" element must contain the roles previously defined in your server.xml file.

...