Table of Contents

Background

VIVO is not written to use the standard JEE or Tomcat authentication systems, so using a Tomcat Realm would require some customization. This doesn't seem very difficult, it just hasn't been a priority for us.

...

I don't know of anyone who has tried to use a Tomcat Realm to accomplish external authentication in VIVO. I think it would require some small modification of the VIVO code, perhaps a change to ExternalAuthHelper.getExternalAuthId(). Tomcat would use the Realm to create a Principal object in the HTTP request, and VIVO would get the user ID from that Principal instead of looking in an HTTP header. Web.xml would be modified to secure the page, as you have already done.

Testing

Zut alors! It really was just that easy!

I added these lines to ExternalAuthHelper.getExternalAuthId(), right after the check for a null request object:

Principal p = request.getUserPrincipal();

if (p != null) {

   log.debug("Found a UserPrincipal in the request: " + p);

   String userId = p.getName();

   if (StringUtils.isNotEmpty(userId))

 {
       log.debug("Got external auth from UserPrincipal: " + userId);

       return userId;
   }
}

I added these lines to the end of web.xml, just before the closing </web-app>:

<security-constraint>

    <web-resource-collection>

        <web-resource-name>ExternalAuthPage</web-resource-name>

        <url-pattern>/loginExternalAuthReturn</url-pattern>

    </web-resource-collection>

    <auth-constraint>

        <role-name>tomcat</role-name>

    </auth-constraint>

</security-constraint>

<login-config>

    <auth-method>BASIC</auth-method>

</login-config>

I set this property in deploy.properties:

externalAuth.buttonText = Log in using basic Tomcat

And voila, my tomcat-users.xml file is my external authentication system!

...