Monday, February 20, 2006

Tomcat WebApplication Context File

You can deploy tomcat web application by creating a <webapp>.xml file. This method is handy while you are developing the WebApplication (where you don't want to build the war file, deploy it to Tomcat/webapps) and it also allows reloading the context for the web application when any class file (in WEB-INF/classes) directory changes.
For this to work, you should have the xml file (name same as "application path"+ ".xml") in Tomcat/conf/Catalina/localhost directory, you don't need to put the war file under Tomcat/webapps.

Let say, our web application directory is "/home/prasad/apps/TestApp/web" and
we like to access it as "http://localhost:8080/testapp". Then, you have to create the "testapp.xml" in Tomcat/conf/localhost directory with the following content in it:

<xml version="1.0">
<Context path="/testapp"
 docBase="/home/prasad/apps/TestApp/web"
 reloadable="true" />

The reloadable attribute is the one the allows reloading of context when the class file changes. docBase attribute should point to the web directory (which has child directory named WEB-INF), otherwise Tomcat can delete the context file, as its not valid.

Creation of context file is useful when you want to secure you web application, ie. apply security constraints to access files of you web application and you want to Tomcat to use your tables to authenticate user access. Here is how you can setup Tomcat's JDBC authentication:

<?xml version="1.0"?>
<Context path="/testapp"
 docBase="/home/prasad/apps/TestApp/web"
 reloadable="true">
  <Realm className="org.apache.catalina.realm.JDBCRealm"
   driverName="jdbc.DatabaseDriver"
   connectionURL="jdbc:protocol:appauthdb"
   connectionName="admin" connectionPassword="admin"
   userTable="utable" userNameCol="uname" userCredCol="passwd"
   userRoleTable="rtable" roleNameCol="rname"/>
</Context>

Table Structure:
create table utable (uname varchar(255), passwd varchar(255), primary key(uname, passwd))
create table rtable (uname varchar(255), rname varchar(255))

This basically sets up Realm for this web application. [By default, there is Realm defined for entire Engine or Host in Tomcat/conf/server.xml] You are basically setting the context to use JDBC Realm and acess appauthdb database tables utable and rtable to authenticate the user.

To check out the Realm usage you have to define the security-constraint in web.xml file in (/home/prasad/apps/TestApp/WEB-INF/web.xml).

<security-constraint>
 <web-resource-collection>
  <web-resource-name>Entire Application</web-resource-name>
  <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
  <role-name>appuser</role-name>
 </auth-constraint>
</security-constraint>

<login-config>
 <auth-method>BASIC</auth-method>
 <!-- Commented
 <auth-method>FORM</auth-method>
  <form-login-config>
   <form-login-page>/login.html</form-login-page>
   <form-error-page>/error.html</form-error-page>
  </form-login-config>
 -->
</login-config>

We defined the security contraint for the entire web application (url-pattern) and all user with role (role-name) appuser can access the resource of web application. Once done add values to utable and rtable.

insert into utable(uname, passwd) values ('prasad', 'somepwd')
insert into rtable(uname, rname) values ('prasad', 'appuser')

When you visit, http://localhost:8080/testapp, you get a HTTP Authentication dialog box, and you can see only 'prasad' is allowed to use the application.

Hope this piece of information is useful.

Comments:
Thank you very much for this very good and concise example. I could find out how to create the basic =Realm= element from the official tomcat docs, but they did not have any explanation at all about how to implement them.
 
It took me (literally) hours of fruitless searching to find this.

Now that I have, I'd just like to thank you for the single most useful piece of Realm info I've read.

Very much appreciated
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?