Application Platform 10.3 | Application Platform API | Adding Single Sign-On Authentication to Application Platform Projects | Web Application Layer Security | Valve-Based Security
 
Valve-Based Security
Valves are plug-ins that you can use to access inbound request messages before they reach the security filter. You can use a set of valves in order to implement a <security-constraint> element. For information about security constraints, see the Oracle documentation. For information about valves, see the Apache Tomcat documentation.
To implement valve-based security using Application Platform, you must configure the security realms you require and declare security restrictions in your WAR projects.
Configuring Security Realms
Application Platform maps WAR security to Integration Server by using Tomcat realms. When you create Integration Server instances, you must add the required security realms to the server.xml file, located in Software AG_directory profiles/IntegrationServer/configuration/tomcat/server.xml and map them to the AppPlatformRealm. By default, only the LockOutRealm is added to the server.xml file.
To map the LockOutRealm to the AppPlatformRealm, add the following code to server.xml:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="com.softwareag.applatform.pls.security.jaas.AppPlatformRealm"
name="AppPlatformRealm"
userClassNames="com.softwareag.security.jaas.principals.SagUserPrincipal"
roleClassNames="com.softwareag.security.jaas.principals.SagRolePrincipal"
defaultRealm="AppPlatformRealm"/>
</Realm>
Application Platform enables you to implement client-certificate SSL authorization in your WAR projects. To enable client-certificate SSL authorization, you must update the META-INF/context.xml file your WAR project directory by adding the following code:
<!--Alternatively, place this code in the server, host, or engine configuration.-->
<!--If the name is not correct, the web page will fail with an invalid-->
<!--configuration error 60 seconds after the service tracker gives up-->
<!--com.softwareag.platform.catalina.auth.SINRealm-->
<Realm className="com.softwareag.applatform.pls.security.jaas.AppPlatformRealm"
name="AppPlatformRealm"
appName="AppPlatformRealm"
userClassNames="com.softwareag.security.jaas.principals.SagUserPrincipal"
roleClassNames="com.softwareag.security.jaas.principals.SagRolePrincipal"
defaultRealm="AppPlatformRealm"/>
Declaring Security Restrictions in WAR Projects
To declare the required security restrictions in your WAR project, do one of the following:
*Use the annotations provided by Application Platform. For more information, see OSGi Service Layer Security.
*Add a web.xml configuration file containing security constraints to your project. For more information about implementing security constraints using the web.xml file, see the Oracle documentation.