Enabling Basic HTTP authentication in CTP

Knowledge base
, , , , ,
1

Steps to enable Basic HTTP authentication in Software AG Runtime (CTP) :

  1. Add the following in the /profiles/CTP/configuration/tomcat/conf/server.xml file’s Engine element next to <Realm className="org.apache.catalina.realm.LockOutRealm"/> : <Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="Default"/>

  2. Add the following in the /profiles/CTP/configuration/tomcat/conf/web.xml before the closing </web-app> tag:

     <security-constraint>
     <web-resource-collection>
         <!-- Choose your specific URL pattern -->
         <url-pattern>/services/Version.VersionHttpSoap12Endpoint/</url-pattern>
         <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>  
         <role-name>superadmin</role-name>  
     </auth-constraint> 
 </security-constraint>
 <login-config>
     <auth-method>BASIC</auth-method>
     <realm-name>Default</realm-name>
 </login-config>
    • SINRealm class makes the connection between the CTP Tomcat and the Software AG Security Infrastructure
    • url-pattern should be per the Tomcat specification. The example displays how to secure SOAP web services deployed in the CTP (in /profiles/CTP/workspace/wsstack/repository/services), keep in mind that the Web Services Stack application responsible for the SOAP support in CTP is registered under the /wsstack path and the pattern here should begin after that - the example secures one of the endpoints of our out-of-the-box services - the Version service (http://:/wsstack/services/Version.VersionHttpSoap12Endpoint/). For example “/services/*” would secure all SOAP web services.
    • http-method is optional, can specify which methods should be secured, if it is not present it secures all http methods
    • realm-name points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In the example we have the default one which works with the internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.
    • role-name is a role from the common/conf/roles.xml