Enabling Basic HTTP authentication in CTP

 View Only
Mon August 09, 2021 05:43 AM

Steps to enable Basic HTTP authentication in Software AG Runtime (CTP) :

  1. Add the following in the /profiles/CTP/configuration/tomcat/conf/server.xml file’s Engine element next to <Realm className="org.apache.catalina.realm.LockOutRealm"/> : <Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="Default"/>

  2. Add the following in the /profiles/CTP/configuration/tomcat/conf/web.xml before the closing </web-app> tag:

     <security-constraint>
<web-resource-collection>
<!-- Choose your specific URL pattern -->
<url-pattern>/services/Version.VersionHttpSoap12Endpoint/</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>  
<role-name>superadmin</role-name>  
</auth-constraint> 
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Default</realm-name>
</login-config>
    • SINRealm class makes the connection between the CTP Tomcat and the Software AG Security Infrastructure
    • url-pattern should be per the Tomcat specification. The example displays how to secure SOAP web services deployed in the CTP (in /profiles/CTP/workspace/wsstack/repository/services), keep in mind that the Web Services Stack application responsible for the SOAP support in CTP is registered under the /wsstack path and the pattern here should begin after that - the example secures one of the endpoints of our out-of-the-box services - the Version service (http://:/wsstack/services/Version.VersionHttpSoap12Endpoint/). For example “/services/*” would secure all SOAP web services.
    • http-method is optional, can specify which methods should be secured, if it is not present it secures all http methods
    • realm-name points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In the example we have the default one which works with the internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.
    • role-name is a role from the common/conf/roles.xml

#webMethods
#basic-auth
#Software-AG-Runtime
#tomcat
#CTP
#wss