webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to Library

Enabling Basic HTTP authentication in CTP 

Mon August 09, 2021 05:43 AM

Steps to enable Basic HTTP authentication in Software AG Runtime (CTP) :

  1. Add the following in the /profiles/CTP/configuration/tomcat/conf/server.xml file’s Engine element next to <Realm className="org.apache.catalina.realm.LockOutRealm"/> : <Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="Default"/>

  2. Add the following in the /profiles/CTP/configuration/tomcat/conf/web.xml before the closing </web-app> tag:

     <security-constraint>
<web-resource-collection>
<!-- Choose your specific URL pattern -->
<url-pattern>/services/Version.VersionHttpSoap12Endpoint/</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>  
<role-name>superadmin</role-name>  
</auth-constraint> 
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Default</realm-name>
</login-config>
    • SINRealm class makes the connection between the CTP Tomcat and the Software AG Security Infrastructure
    • url-pattern should be per the Tomcat specification. The example displays how to secure SOAP web services deployed in the CTP (in /profiles/CTP/workspace/wsstack/repository/services), keep in mind that the Web Services Stack application responsible for the SOAP support in CTP is registered under the /wsstack path and the pattern here should begin after that - the example secures one of the endpoints of our out-of-the-box services - the Version service (http://:/wsstack/services/Version.VersionHttpSoap12Endpoint/). For example “/services/*” would secure all SOAP web services.
    • http-method is optional, can specify which methods should be secured, if it is not present it secures all http methods
    • realm-name points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In the example we have the default one which works with the internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.
    • role-name is a role from the common/conf/roles.xml

#webMethods
#basic-auth
#Software-AG-Runtime
#tomcat
#CTP
#wss

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads