Setting up authentication for secure server access

Corticon Server: Integration & Deployment Guide : Secure servers with authentication and encryption : Implementing deployment security : Setting up authentication for secure server access

Try Corticon Now

To define the authentication mechanism and constraints, update the security configuration defined in the web.xml file inside the web archive on the Corticon Server. In a default installation that location is [CORTICON_SERVER_WORK_DIR]\pas\server\webapps\axis\WEB-INF\web.xml.

Within the web.xml is a commented-out block that defines common security constraints. Uncommenting this block enables basic authentication when you restart the server.

<security-constraint>
<web-resource-collection>
<web-resource-name>All Corticon SOAP Servlet Access</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ROLE_CorticonAdmin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Corticon Server Realm</realm-name>
</login-config>

<security-role>
<role-name>*</role-name>
</security-role>

Note: If you already uncommented this section to enable HTTPS, review the web-resource-collection defined, and then add the auth-constraint block, and uncomment the login-config and security-role sections.

With the above configuration, every time a user tries to access the server through a URL, a valid username/password must be supplied and verified. You need to decide whether to restrict defined user roles to specified URLs – the endpoints that perform specific actions. That is described in the next topic.

The default user definitions used by a PAS server are defined in the tomcat-users.xml file (in a default installation its location is [CORTICON_SERVER_WORK_DIR]\pas\server\conf\tomcat-users.xml) as follows:

You can modify the passwords and add additional users to this file.

In this section:

Securing Server endpoints