J2EE Web Container Configuration

To deploy the KeyMaster servlet, you must protect it behind your existing Single Sign-on (SSO) system. Your SSO system is responsible for authenticating the user and passing the username on to the KeyMaster servlet, so that it can generate a login token. Configurations will need to be made for the KeyMaster Java servlet by editing the web.xml file (see this section) for your web server. The additional XML configuration below serves as a basic example that you can use to secure KeyMaster and your web server.

Authenticating users and securing your web server

After the first time a user is authenticated using your single sign-on system, the authenticated user name will be used by the KeyMaster credentials token to log into the Liberator for as long as the user's session remains active. You will need to secure the KeyMaster servlet using standard Java Authentication - if you are using standard Java Authentication, the KeyMaster servlet will obtain the user name using the JavaEE getRemoteUser() method of HttpServletRequest.

To define a user role to be authorised for logging in, you will need to add a security constraint to your servers web.xml config file - see this JavaEE tutorial for more information on specifiying security constraints.

Here's an example:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>KeyMaster</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>trader</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>trader</role-name>
</security-role>

The security role "trader" needs to be configured in your Java web server (the variable 'trader' may be anything you wish). You will need a user with that role in order to log in, and for you to test the authentication and deployment of the servlet using the validation guide.

Recommendation: When adding users to your server, you should consult the relevant documentation for your Java web container.

Complete XML configurations

The following are complete example of how the web.xml would be configured for the KeyMaster servlet. You can use these XML configs as a basis for your own implementation

KeyMaster 6.2.0 Onwards

<?xml version="1.0" encoding="UTF-8"?>

<web-app>
    <display-name>Caplin KeyMaster</display-name>
    <description>Caplin KeyMaster Servlet</description>
    <servlet>
        <servlet-name>StandardKeyMaster</servlet-name>
        <servlet-class>com.caplin.keymaster.servlet.StandardKeyMasterServlet</servlet-class>
        <init-param>
            <param-name>caplin.keymaster.privatekey.filename</param-name>
                <param-value>private.pem</param-value>
                <description>Name of the private key filename</description>
        </init-param>
    </servlet>
    <servlet-mapping>
        <servlet-name>StandardKeyMaster</servlet-name>
        <url-pattern>/servlet/StandardKeyMaster</url-pattern>
    </servlet-mapping>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>KeyMaster</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>trader</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
        <role-name>trader</role-name>
    </security-role>
</web-app>

KeyMaster Pre- 6.2.0

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <servlet>

        <servlet-name>Poll</servlet-name>

        <servlet-class>com.caplin.keymaster.servlet.Poll</servlet-class>

    </servlet>

    <servlet-mapping>

        <servlet-name>Poll</servlet-name>

        <url-pattern>/servlet/Poll</url-pattern>

    </servlet-mapping>

    <servlet>

        <servlet-name>StandardKeyMaster</servlet-name>

        <servlet-class>my.jndi.JndiKeyMasterServlet</servlet-class>

    </servlet>

    <servlet-mapping>

        <servlet-name>StandardKeyMaster</servlet-name>

        <url-pattern>/servlet/StandardKeyMaster</url-pattern>

    </servlet-mapping>

    <security-constraint>

        <web-resource-collection>

            <web-resource-name>KeyMaster</web-resource-name>

            <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <auth-constraint>

            <role-name>trader</role-name>

        </auth-constraint>

    </security-constraint>

    <login-config>

        <auth-method>BASIC</auth-method>

    </login-config>

    <security-role>

        <role-name>trader</role-name>

    </security-role>

</web-app>

 

See also: