Enabling Basic HTTP authentication in CTP

Steps to enable Basic HTTP authentication in Software AG Runtime (CTP) :

  1. Add the following in the /profiles/CTP/configuration/tomcat/conf/server.xml file’s Engine element next to <Realm className="org.apache.catalina.realm.LockOutRealm"/> : <Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="Default"/>

  2. Add the following in the /profiles/CTP/configuration/tomcat/conf/web.xml before the closing </web-app> tag:

     <security-constraint>
         <web-resource-collection>
             <!-- Choose your specific URL pattern -->
             <url-pattern>/services/Version.VersionHttpSoap12Endpoint/</url-pattern>
             <http-method>POST</http-method>
         </web-resource-collection>
         <auth-constraint>  
             <role-name>superadmin</role-name>  
         </auth-constraint> 
     </security-constraint>
     <login-config>
         <auth-method>BASIC</auth-method>
         <realm-name>Default</realm-name>
     </login-config>
    
    • SINRealm class makes the connection between the CTP Tomcat and the Software AG Security Infrastructure
    • url-pattern should be per the Tomcat specification. The example displays how to secure SOAP web services deployed in the CTP (in /profiles/CTP/workspace/wsstack/repository/services), keep in mind that the Web Services Stack application responsible for the SOAP support in CTP is registered under the /wsstack path and the pattern here should begin after that - the example secures one of the endpoints of our out-of-the-box services - the Version service (http://:/wsstack/services/Version.VersionHttpSoap12Endpoint/). For example “/services/*” would secure all SOAP web services.
    • http-method is optional, can specify which methods should be secured, if it is not present it secures all http methods
    • realm-name points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In the example we have the default one which works with the internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.
    • role-name is a role from the common/conf/roles.xml