We wanted to configure Lambda Probe to use Cas to authenticate its users and use the Group Manager for authorization using the Cas Tomcat Integration software.
It was easy to configure the Tomcat container to use the Cas Realm for authentication but there was a complication:
- We have monitoring tools that use Lambda probe Quick Check in XML format to assess the general status of a server. These tools rely on the basic Tomcat authentication in which username and password are passed in clear text.
To solve this problem we decided to have a version of the Quick Check in XML format that is not password protected. To do this we had to make some changes to the probe distribution:
- probe used to be deployed as a war file in common/webapps/probe.war and loaded in /common/conf/StandardContext.xml with:
<Context path="/probe" docBase="/u/gl/glast/tomcat-new/BASE60/common/webapps/probe.war" privileged="true" unpackWAR="true">
- we now unpack probe.war in common/webapps/probe
- modify WEB-INF/web.xml to remove the Tomcat Security Constraint to all the basic pages by commenting out the following xml code:
<!-- <security-constraint> <web-resource-collection> <web-resource-name>Probe User URLs</web-resource-name> <url-pattern>*.htm</url-pattern> <url-pattern>*.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>probeuser</role-name> <role-name>poweruser</role-name> <role-name>manager</role-name> <role-name>poweruserplus</role-name> </auth-constraint> </security-constraint> --> - add a new Quick Check in XML format in a non-protected area by editing the file WEB-INF/spring-controllers.xml and adding the following bean:
The Monitoring tools can now check the status of a server at probe/safe/quickcheck.xml.htm.
<bean name="/safe/quickcheck.xml.htm" class="org.jstripe.tomcat.probe.controllers.TomcatAvailabilityController"> <property name="containerWrapper" ref="containerWrapper"/> <property name="containerListenerBean" ref="containerListener"/> <property name="viewName" value="quickcheck.xml"/> </bean>