If you want to use tomcat authentication, you can do that. Generally you should not use the tomcat-users.xml file (use grouper built-in authn instead), if you use LDAP or something else it could be useful.
Note that in v2.5+ the container uses tomee which is essentially tomcat (same authn config)
If you are using tomcat ldap authn, manage users in your ldap. This is an example using tomcat-users.xml file which is not convenient in container, but as an example
<user username="THE_PRINCIPAL" password="THE_PASSWORD" roles="grouper,grouper_user"/> |
Note the file locations in the container are listed in the v2.5 container documentation
File | Value | Description | |
---|---|---|---|
grouper.hibernate.properties | grouper.is.ws.basicAuthn=false | This is the default provided with container, do not overlay | |
web.xml | Make sure the appropriate security configs are there, this is an example in the v2.5 container
| Overlay this, and do not include any servlet mappings etc | |
server.xml | ajp 8009 connector element: tomcatAuthentication="true" | Tomcat is doing authn so that attribute needs to be true | |
server.xml | add in any other configs, e.g. for ldap authn
| See the tomcat documentation for correct location | |
grouper-ws.properties | ws.security.non-rampart.authentication.class = | This should be blank (get remote_user) This is the default provided with container, do not overlay | |
grouper-www.conf | Has no auth directives | This is the default provided with container, do not overlay for authn reasons |