A user has recently tried to integrate Tomcat’s manager application with Waffle and got puzzling results. It took me a while to figure it out, revealing some creative thinking in Tomcat’s demo apps.
Configure Tomcat SSO
Let’s configure Tomcat to use waffle for SSO. First, copy waffle-jna.jar, jna.jar, platform.jar, commons-logging-1.1.1.jar and guava-r07.jar (we’re using Waffle 1.4 beta) to tomcat’s lib folder.
Add the Waffle valve.
Replace UserDatabaseRealm with the Waffle dummy realm.
Protect all pages from unauthenticated users.
You may declare the group as a role.
You can now navigate to https://localhost:8080/ and perform single sign-on. In the logs you’ll see something like this.
Nov 30, 2010 10:17:02 AM waffle.apache.NegotiateAuthenticator authenticate
INFO: successfully logged in user: server\username
Configure Tomcat Manager
Replace the authentication constraint to the users that should be able to access the manager application. For my example I’ll allow all authenticated users. You may also declare the group as a role (see above).
Remove the entire login-config block.
Remove the following line of code.
It’s an interesting way to force a basic authentication popup. If you fail authentication, you get this popup every time, even if you changed BASIC authentication for something else. I believe it’s part of some clever evil plot to cause users many hours of frustration.