I have following problem with Waffle and Kerberos.
I have Java Servlet application which works on Tomcat and has SSO on Kerberos for which I'm using waffle.
To make SSO work I had to enable:
<init-param>
<param-name>impersonate</param-name>
<param-value>true</param-value>
</init-param>
When I set impersonate to false the SSO does not work :(
And everything seems to work fine, users can login to my app with SSO.
But then I find out that impersonate changes tomcat user and application works not under administration rights but as userA or userB. So when userA creates file in my system (report, log, config file) he is the owner of file and then when userB log-in and is trying to access this file I get Access denied Exception.
I create file with following code:
File file = new File(fileName);
file.createNewFile();
file.setExecutable(true, false);
file.setReadable(true, false);
file.setWritable(true, false);
I want to application work without changing user, it should tomcat user create, read and append files (Administrator) not userA or userB.
I need Kerberos SSO with waffle, but i don't want this impersonation works this way. Is there any other way to make waffle work? Or maybe I can save files in any other way?
