Sharing the Jetspeed Realm Across Tomcat Webapps

This guide provides a tutorial for creating a shared authentication Realm between multiple webapps running in the same Tomcat(>=6) container.

1. The Jetspeed Realm

Realms are configured in the Engine element of $CATALINA_HOME/conf/server.xml. Move the Jetspeed Realm element from $CATALINA_HOME/conf/Catalina/localhost/jetspeed.xml to $CATALINA_HOME/conf/server.xml replacng or commenting out the UserDatabase Realm.

<Realm className="org.apache.catalina.realm.JAASRealm"

2. Enable the Tomcat SingleSignOn Valve

Uncomment the Tomcat single sign on Valve in $CATALINA_HOME/conf/server.xml.

<Host name="localhost" appBase="webapps">
    <!-- Enable tomcat SSO *** -->
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

3. Each web.xml

Create a security-constraint in each webapp web.xml descriptor.


  <!-- Define the Login Configuration for this Application -->

  <!-- Security roles referenced by this web application -->
        The role that is required to log in to the Manager Application

4. Known Issues

1. The default Tomcat Realm must be replaced, removed, or commented out. A known side effect of this prevents the Tomcat manager application from working. It can be resolved by using the Jetspeed realm in $CATALINA_HOME/server/webapps/manager/manager.xml.


2. Authentication must be made in Jetspeed before accessing other webapps.