Valve-Based Security
Valves are plug-ins that you can use to access inbound request messages before they reach the security filter. You can use a set of valves in order to implement a <security-constraint> element. For information about security constraints, see the Oracle documentation. For information about valves, see the Apache Tomcat documentation.
To implement valve-based security using Application Platform, you must configure the security realms you require and declare security restrictions in your WAR projects.
Configuring Security Realms
Application Platform maps WAR security to Integration Server by using Tomcat realms. When you create Integration Server instances, you must add the required security realms to the server.xml file, located in Software AG_directory profiles/IntegrationServer/configuration/tomcat/server.xml and map them to the AppPlatformRealm. By default, only the LockOutRealm is added to the server.xml file.
To map the LockOutRealm to the AppPlatformRealm, add the following code to server.xml:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="com.softwareag.applatform.pls.security.jaas.AppPlatformRealm"
name="AppPlatformRealm"
userClassNames="com.softwareag.security.jaas.principals.SagUserPrincipal"
roleClassNames="com.softwareag.security.jaas.principals.SagRolePrincipal"
defaultRealm="AppPlatformRealm"/>
</Realm>
Application Platform enables you to implement client-certificate SSL authorization in your WAR projects. To enable client-certificate SSL authorization, you must update the META-INF/context.xml file your WAR project directory by adding the following code:
<Realm className="com.softwareag.applatform.pls.security.jaas.AppPlatformRealm"
name="AppPlatformRealm"
appName="AppPlatformRealm"
userClassNames="com.softwareag.security.jaas.principals.SagUserPrincipal"
roleClassNames="com.softwareag.security.jaas.principals.SagRolePrincipal"
defaultRealm="AppPlatformRealm"/>
Declaring Security Restrictions in WAR Projects
To declare the required security restrictions in your WAR project, do one of the following:
Add a
web.xml configuration file containing security constraints to your project. For more information about implementing security constraints using the
web.xml file, see the Oracle documentation.
Related Topics