Sometimes an LAS installer will be asked to provide user authentication for access to data that is not (yet) released to the public. This page describes the configuration steps needed for the simplest form of authentication -- single login password protection.
A good overview of Tomcat security can be found at the cafesoft tomcat security page.
Note that this method is not considered particularly secure as the username and password are sent unencrypted. It also provides no granularity -- an entire site is password protected rather than individual datasets or products. Nevertheless, for many cases this level of security is sufficient.
To harness Tomcat's native authentication you will need to modify three configuration files -- two associated with Tomcat and one associated with your LAS web application. Here are the files that need to be modified:
- $TOMCAT_HOME/conf/server.xml
- Find the <ValveclassName="org.apache.catalina.authenticator.SingleSignOn" /> linein and uncomment it.
- $TOMCAT_HOME/conf/tomcat-users.xml
- Add a <role .../> and <user .../> to match the <role-name .../> defined in your LAS installation's web.xml file (see below.)
<role rolename="your-role"/>
<user username="user1" password="my_password" roles="your-role"/>
- $LAS_HOME/conf/web.xml
- Add the following section near the top to easily find what you've added:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>LAS UI/Product Server</web-resource-name>
<url-pattern>/servlets/*</url-pattern>
<url-pattern>/ProductServer.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>your-role</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
After making these changes you will need to restart Tomcat:
cd $LAS_HOME
./rebootserver.sh
The next time you attempt to access your LAS installation you will prompted with your browser's user/password form into which you should enter: user=user1, password=my_password.