Steps to enable Basic HTTP authentication in Software AG Runtime (CTP) :
-
Add the following in the
/profiles/CTP/configuration/tomcat/conf/server.xml
file’sEngine
element next to<Realm className="org.apache.catalina.realm.LockOutRealm"/>
:<Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="Default"/>
-
Add the following in the
/profiles/CTP/configuration/tomcat/conf/web.xml
before the closing</web-app>
tag:<security-constraint> <web-resource-collection> <!-- Choose your specific URL pattern --> <url-pattern>/services/Version.VersionHttpSoap12Endpoint/</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>superadmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Default</realm-name> </login-config>
- SINRealm class makes the connection between the CTP Tomcat and the Software AG Security Infrastructure
- url-pattern should be per the Tomcat specification. The example displays how to secure SOAP web services deployed in the CTP (in /profiles/CTP/workspace/wsstack/repository/services), keep in mind that the Web Services Stack application responsible for the SOAP support in CTP is registered under the /wsstack path and the pattern here should begin after that - the example secures one of the endpoints of our out-of-the-box services - the Version service (http://:/wsstack/services/Version.VersionHttpSoap12Endpoint/). For example “/services/*” would secure all SOAP web services.
- http-method is optional, can specify which methods should be secured, if it is not present it secures all http methods
- realm-name points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In the example we have the default one which works with the internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.
- role-name is a role from the common/conf/roles.xml