This guide provides a tutorial for creating a shared authentication Realm between multiple webapps running in the same Tomcat(>=6) container.
Realms are configured in the Engine element of $CATALINA_HOME/conf/server.xml. Move the Jetspeed Realm element from $CATALINA_HOME/conf/Catalina/localhost/jetspeed.xml to $CATALINA_HOME/conf/server.xml replacng or commenting out the UserDatabase Realm.
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="Jetspeed"
userClassNames="org.apache.jetspeed.security.impl.UserPrincipalImpl"
roleClassNames="org.apache.jetspeed.security.impl.RolePrincipalImpl"
useContextClassLoader="false"
debug="0"/>
Uncomment the Tomcat single sign on Valve in $CATALINA_HOME/conf/server.xml.
<Host name="localhost" appBase="webapps">
<!-- Enable tomcat SSO *** -->
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</Host>
Create a security-constraint in each webapp web.xml descriptor.
<security-constraint>
<web-resource-collection>
<web-resource-name>Whatever</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Jetspeed</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>manager</role-name>
</security-role>
1. The default Tomcat Realm must be replaced, removed, or commented out. A known side effect of this prevents the Tomcat manager application from working. It can be resolved by using the Jetspeed realm in $CATALINA_HOME/server/webapps/manager/manager.xml.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Jetspeed</realm-name>
</login-config>
2. Authentication must be made in Jetspeed before accessing other webapps.