0

I have a Java application which runs on Tomcat and authenticates with active directory using Waffle. My requirement is to consume certain rest url hosted in this application without any authentication into picture.

The configuration settings are the following.

context.xml (Tomcat)

<Valve className="waffle.apache.NegotiateAuthenticator" 
    principalFormat="fqn" roleFormat="both"/>
<Realm className="waffle.apache.WindowsRealm"/>

web.xml

 <security-role>
      <role-name>Everyone</role-name>
 </security-role>

   <security-constraint>
   <display-name>Waffle Security Constraint</display-name>
      <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>Everyone</role-name>
      </auth-constraint>
    </security-constraint>

How can I achieve this?

jarlh
  • 42,561
  • 8
  • 45
  • 63
Vikram
  • 115
  • 1
  • 3
  • 11

1 Answers1

0

Just add a second constraint not-protected like this:

<security-constraint>
  <display-name>Login Page</display-name>
  <web-resource-collection>
    <web-resource-name>Unprotected Login Page</web-resource-name>
    <url-pattern>/login.jsp</url-pattern>
  </web-resource-collection>
</security-constraint>

I can be possibile that you'll also need to use mixed authentication in your context.xml file:

<Context>
  <Valve className="waffle.apache.MixedAuthenticator" />
  <Realm className="waffle.apache.WindowsRealm" />
</Context>

However, we can made it work also with waffle.apache.NegotiateAuthenticator.

see: https://github.com/dblock/waffle/blob/master/Docs/tomcat/TomcatMixedSingleSignOnAndFormAuthenticatorValve.md

mxb
  • 3,300
  • 4
  • 20
  • 25