Enabling Basic HTTP authentication in CTP

Esin_Yakub · August 9, 2021, 9:43am

Steps to enable Basic HTTP authentication in Software AG Runtime (CTP) :

Add the following in the /profiles/CTP/configuration/tomcat/conf/server.xml file’s Engine element next to <Realm className="org.apache.catalina.realm.LockOutRealm"/> : <Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="Default"/>
Add the following in the /profiles/CTP/configuration/tomcat/conf/web.xml before the closing </web-app> tag:
```
 <security-constraint>
     <web-resource-collection>
         
         <url-pattern>/services/Version.VersionHttpSoap12Endpoint/</url-pattern>
         <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>  
         <role-name>superadmin</role-name>  
     </auth-constraint> 
 </security-constraint>
 <login-config>
     <auth-method>BASIC</auth-method>
     <realm-name>Default</realm-name>
 </login-config>
```
- SINRealm class makes the connection between the CTP Tomcat and the Software AG Security Infrastructure
- url-pattern should be per the Tomcat specification. The example displays how to secure SOAP web services deployed in the CTP (in /profiles/CTP/workspace/wsstack/repository/services), keep in mind that the Web Services Stack application responsible for the SOAP support in CTP is registered under the /wsstack path and the pattern here should begin after that - the example secures one of the endpoints of our out-of-the-box services - the Version service (http://:/wsstack/services/Version.VersionHttpSoap12Endpoint/). For example “/services/*” would secure all SOAP web services.
- http-method is optional, can specify which methods should be secured, if it is not present it secures all http methods
- realm-name points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In the example we have the default one which works with the internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.
- role-name is a role from the common/conf/roles.xml

Topic		Replies	Views
Enabling LDAP basic authentication in CTP Knowledge base webMethods , LDAP , CTP , basic-auth , WSS	0	893	September 24, 2021
SOAP Basic HTTP authentication with a policy in CTP Knowledge base webMethods , soap , CTP , Software-AG-Runtime , basic-auth , WSS , Web-Services-Stack	0	1667	August 9, 2021
how to set up web application authentication webMethods , webMethods-General , Integration-Server-and-ESB	6	26414	April 2, 2021
SOAP authentication example webMethods , Integration-Server-and-ESB , Flow-and-Java-services	8	7902	April 2, 2021
login or application entry webMethods , API-Management , Tamino	3	5629	April 2, 2021

Enabling Basic HTTP authentication in CTP

Related topics