Implemented with Tomcat SSO

Target: After the user login once, you can access different webapp on the same server and implement the Tomcat single sign-on implementation. These are mainly divided into the following steps:

Modify Tomcat Conf/server.xml Open SSO support

Add a value node under <Host> node

<valve classname= "org.apache.catalina.authenticator.SingleSignOn"

debug= " 0 "requirereauthentication=" false "/>

</Host>

Container certification Realm:user, role, Server.xml <Realm...> settings.

Tomcat's authentication mechanism has 2 elements: User and role.

User is the only recognition that distinguishes users.

Role is a number of abstract permission levels, such as "admin", "manager", "member", "Guest" and so on, can be defined by themselves. A user can have a variety of role.

"But how is tomcat going to get my user/role information?" All my data is in the database, huh? "This information can be read using <Realm> tag in Tomcat's Server.xml, and Tomcat provides 3, 4 out-of-the-box Realm implementations, which are read from the file, read from JDBC, read from DataSource, There are also from LDAP read. The specific realm, and several realm configuration methods available, can refer to Tomcat's own documentation, which is not described here. (Take Tomcat's Webapp:tomcat-docs.war, look inside the config/realm.html) if these ready-made configurations do not meet your requirements, then you can also consider writing a realm implementation class to meet the specific requirements. Here's an example of a JDBC realm configuration look:

<realm classname= "Org.apache.catalina.realm.JDBCRealm" debug=

"drivername=" "Your.jdbc.driver.here" Connectionurl= "Your.jdbc.url.here"

connectionname= "test"

connectionpassword= "test"

usertable= " Users "

usernamecol=" user_name "

usercredcol=" User_pass "

userroletable=" User_roles "rolenamecol="

"Role_name"/>

WebApp using SSO:

Tell Tomcat this webapp to pass container certification.