Tuesday 27 September 2011
Monday 19 September 2011
Tomcat LDAP authentication
1. allow SSL connections, adding the LDAP server root certificate to the cacerts
file of the Tomcat JRE. It can be found in your $JAVA_HOME/lib/security directory.
Use the java keytool command to add the certs:
List the existing certificates:
keytool -list -v -keystore cacert
Import certificate:
keytool -importcert -alias HELLO -file <path>/trustedrootcert.cer -keystore <path>/lib/security/cacerts
Password is: changeit
2. verify the configuration in <CATALINA_BASE>/conf/Catalina/localhost/<webapp>.xml:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://ldap.company.org:636"
connectionName="cn=user,ou=serviceusers,ou=services,o=ORG"
connectionPassword="pwd"
userBase="o=ORG"
userSubtree="true"
userSearch="(cn={0})"
roleBase="ou=Functions,ou=GROUPS,o=ORG"
roleName="cn"
roleSearch="(member={0})"
/>
3. verify the configuration in web.xml:
<security-constraint>
<display-name>LDAP security constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyRequiredGroup</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat auth</realm-name>
</login-config>
<security-role>
<role-name>MyRequiredGroup</role-name>
</security-role>
file of the Tomcat JRE. It can be found in your $JAVA_HOME/lib/security directory.
Use the java keytool command to add the certs:
List the existing certificates:
keytool -list -v -keystore cacert
Import certificate:
keytool -importcert -alias HELLO -file <path>/trustedrootcert.cer -keystore <path>/lib/security/cacerts
Password is: changeit
2. verify the configuration in <CATALINA_BASE>/conf/Catalina/localhost/<webapp>.xml:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://ldap.company.org:636"
connectionName="cn=user,ou=serviceusers,ou=services,o=ORG"
connectionPassword="pwd"
userBase="o=ORG"
userSubtree="true"
userSearch="(cn={0})"
roleBase="ou=Functions,ou=GROUPS,o=ORG"
roleName="cn"
roleSearch="(member={0})"
/>
3. verify the configuration in web.xml:
<security-constraint>
<display-name>LDAP security constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyRequiredGroup</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat auth</realm-name>
</login-config>
<security-role>
<role-name>MyRequiredGroup</role-name>
</security-role>
Apache LDAP Authentication
<IfModule !mod_auth_ldap.c>
LoadModule auth_ldap_module modules/auth_ldap.so
</IfModule>
<IfModule mod_auth_ldap.c>
LDAPSharedCacheFile logs/ldap_cache
</IfModule>
<Directory /caps/wwwstatus/>
AuthName "My Restricted Area"
AuthType Basic
# AuthLDAPURL should point to your ldap server
AuthLDAPURL ldap://localhost:389/o=ORG?cn
# LDAP Login
AuthLDAPBindDN cn=auser,ou=serviceusers,ou=services,o=ORG
AuthLDAPBindPassword pwd
# AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
require group cn=GROUP,ou=GROUPS,o=ORG
</Directory>
<Directory /caps/wwwstatus/data/>
# Allow access to Javadoc without authentication - needed to link when generating javadoc
Satisfy Any
Allow from all
</Directory>
LoadModule auth_ldap_module modules/auth_ldap.so
</IfModule>
<IfModule mod_auth_ldap.c>
LDAPSharedCacheFile logs/ldap_cache
</IfModule>
<Directory /caps/wwwstatus/>
AuthName "My Restricted Area"
AuthType Basic
# AuthLDAPURL should point to your ldap server
AuthLDAPURL ldap://localhost:389/o=ORG?cn
# LDAP Login
AuthLDAPBindDN cn=auser,ou=serviceusers,ou=services,o=ORG
AuthLDAPBindPassword pwd
# AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
require group cn=GROUP,ou=GROUPS,o=ORG
</Directory>
<Directory /caps/wwwstatus/data/>
# Allow access to Javadoc without authentication - needed to link when generating javadoc
Satisfy Any
Allow from all
</Directory>
Thursday 15 September 2011
Remove GIF background with Photoshop
- Convert the GIF file from indexed to RGB: Image > Mode > RGB
- Remove the background with the magic wand tool, clicking on the background
- Invert your selection: Select > invert
- In the Layer window double click your Background Layer. It will convert it in a layer (the name will not be in italics anymore)
- At the bottom of the Layer window there is an icon for creating a new mask. Click on it and your selection should be converted into a mask, letting the background transparent for your logo. The transparent background in photoshop is represented with little grey squares
- Save it as a PSD file
- Save it as GIF file
Wednesday 14 September 2011
Force logging programmatically
Logger.getLogger("some.package.and.class").setLevel(Level.FINEST);
Logger.getLogger("").getHandlers()[0].setLevel(Level.ALL);
Logger.getLogger("").getHandlers()[0].setLevel(Level.ALL);
Friday 9 September 2011
Flex Builder - WTP Project Integration
+ Install Flash Player Debug (Firefox, IE and SA)
+ Copy ROOT
+ Add manager.xml:
<Context docBase="${catalina.home}/webapps/manager" antiResourceLocking="false" privileged="true"/>
+ Configure logging (instead of JDK)
+ Copy ROOT
+ Add manager.xml:
<Context docBase="${catalina.home}/webapps/manager" antiResourceLocking="false" privileged="true"/>
+ Configure logging (instead of JDK)
+ Create a Java project and Add Flex project type or edit ".flexProperties":
serverContextRoot, serverRoot and serverRootURL
and save, refresh and recompile the project
Thursday 8 September 2011
Tomcat in Eclipse
Default server settings
+ check "Publish module contexts to separate XML file"
+ copy ROOT to wtpwebapps
Subscribe to:
Posts (Atom)