J2EE Web Container Configuration

This page provides example web-container configuration for KeyMaster version 6.2.0 and versions prior to 6.2.0.

Configuring users and roles

The KeyMaster servlet delegates the task of user authentication and authorisation to the Java web container, allowing KeyMaster to integrate with your existing authentication system. KeyMaster reads the authenticated username from the J2EE HttpServletRequest.getRemoteUser method.

All web users that require access to Liberator also require access to the KeyMaster servlet. The KeyMaster servlet supplies users with the tokens they need to authenticate with Liberator.

The example web application descriptors on this page restrict access to the KeyMaster servlet by security role (trader, in the examples). Assign this role to all web users who require access to Liberator.

For information on configuring users and roles, consult the administration guide for your web application server.

Configuring the KeyMaster web application

This section provides a simple example descriptor (web.xml) for a KeyMaster web application. For a more detailed example appropriate to your version of KeyMaster, see the descriptor for the example web application distributed in the KeyMaster Java kit.

In the examples below, access to the KeyMaster servlet is restricted to users of role trader. The name of the role is arbitrary; you may use any role name you like.

For more information on restricting access to Java web applications, see Securing web applications in Oracle’s J2EE 6 tutorial.

KeyMaster 6.2.0+: example web application descriptor
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
  <display-name>Caplin KeyMaster</display-name>
  <description>Caplin KeyMaster Servlet</description>
  <servlet>
    <servlet-name>StandardKeyMaster</servlet-name>
    <servlet-class>com.caplin.keymaster.servlet.StandardKeyMasterServlet</servlet-class>
    <init-param>
      <param-name>caplin.keymaster.privatekey.filename</param-name>
      <param-value>private.pem</param-value>
      <description>Name of the private key filename</description>
    </init-param>
  </servlet>
  <servlet-mapping>
    <servlet-name>StandardKeyMaster</servlet-name>
    <url-pattern>/servlet/StandardKeyMaster</url-pattern>
  </servlet-mapping>
  <servlet>
    <servlet-name>Poll</servlet-name>
    <servlet-class>com.caplin.keymaster.servlet.Poll</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>Poll</servlet-name>
    <url-pattern>/servlet/Poll</url-pattern>
  </servlet-mapping>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>KeyMaster</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>trader</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
    <role-name>trader</role-name>
  </security-role>
</web-app>
KeyMaster < 6.2.0: example web application descriptor
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    version="3.0"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
  <servlet>
    <servlet-name>Poll</servlet-name>
    <servlet-class>com.caplin.keymaster.servlet.Poll</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>Poll</servlet-name>
    <url-pattern>/servlet/Poll</url-pattern>
  </servlet-mapping>
  <servlet>
    <servlet-name>StandardKeyMaster</servlet-name>
    <servlet-class>my.jndi.JndiKeyMasterServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>StandardKeyMaster</servlet-name>
    <url-pattern>/servlet/StandardKeyMaster</url-pattern>
  </servlet-mapping>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>KeyMaster</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>trader</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
    <role-name>trader</role-name>
  </security-role>
</web-app>

See also: