• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Migrate from WebLogic to Tomcat

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All.

I am new to Tomcat. I have been supporting an application running on WebLogic which uses getRemoteUser() to find the logged in user and allow access to the application. The client wants to migrate from WebLogic to Tomcat and have the users re-enter their credentials to access the application - eliminates walk-by users from using an unlocked desktop.

I see two issues here:
1. Authenticate the Tomcat instance to AD to authorize the application and allow inquiries.
2. Present entered credentials to AD for validation.

I realize this may be a trivial matter to a Tomcat SME, but I have never developed under this platform. Could someone point me to a Tomcat<->AD for dummies article or give me the basics? I am an experienced developer of many years and I should be able to follow it.

Also, other than case sensitivity issues (hit that already) does anyone know the gotchas I might encounter migrating from WebLogic?

Thanks.
Jerry
Scomage Information Services
www.scomage.com
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I can tell all. But there's a catch.

Here at the Ranch, we have very few rules, but one of the ones we do take seriously is that you have to use an actual person's name for a display name. A company name, pet's name, "handle" or anything obviously synthetic won't do. Meaning that if your name really is Humphrey Bogart, you need to convince us of that fact.

If you can correct that little detail, all will be revealed.
 
Jerry Williams
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry about that. I actually put my first name in my signature. I am just so used to creating "company" accounts on boards like this so they can be easily shared among all of us. I have updated my profile.

Jerry Williams
Scomage Information Services
www.scomage.com
 
Tim Holloway
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks! Why share an account? Sign everybody up!

OK, First off, WebLogic is a full-stack JEE server. Tomcat is not. It supports servlets, JSPs, and a few odds and ends, but does not have built-in support for things like EJBs, JavaMail, JMS or even JavaServer Faces. You can run that kind of stuff in Tomcat, but only by adding extra components to the webapp that full-stack server get from the server itself. Case in point: I also moderate the JSF forum and have been using JSF continuously since 2006, but usually I house the apps in Tomcat, despite its lack of built-in JSF support.

So, in short, before migrating apps to Tomcat. make sure that you aren't depending on any of the full-stack features that WebLogic was providing you that Tomcat doesn't. If you do, then you'll have to work around that. Incidentally, Tomcat isn't the only limited server. Jetty also lacks the full stack and is very popular. But that's another forum...

Secondly. One of the "odds and ends" that Tomcat does support is the J2EE/JEE standard Container Managed Security system. Which is good, since that's what drives the getRemoteUser() method, among other things. In Tomcat, the security provider is injected as a Tomcat security Realm module. WebLogic has recently come up with a different sort of "realm", but it's not related to security Realms. So don't get confused.

The Realm is a plug-replaceable component. As shipped, Tomcat shows a sample Realm (commented out) in the conf/server.xml file for a Memory Realm. Originally, it was the MemoryRealm module, but that Realm was extremely limited (you had to restart Tomcat just to edit users or passwords), so an extended version of MemoryRealm is the default now. I forget its name, but it's not important, because what you want is an LDAP Realm.

Active Directory is a slightly stripped-down implementation of LDAP, so that's why you want that Realm. And the Tomcat Realm docs should have some useful samples of how to configure it. I also use the LDAP Realm, although not with Windows, so I'm fairly familiar with it.

Tomcat allows Realms to be defined at two different levels. You can either define one globally within the server.xml and it will apply to all webapps for that virtual host. Or, and this is probably more common, you can define a Realm for a single webapp (Context). In which case you'd normally be defining a separate Context XML file for the webapp.

Also, since Realms are plug-replaceable, it's perfectly possible (and very useful) to use a "quick-and-dirty" Realm such as MemoryRealm for testing and still configure a database, LDAP server or web service as a Realm for the production system. No changes to the code or WAR are required to swap Realms in and out.
 
Jerry Williams
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Whoa there big fella!

Thanks for the reply. There's a lot of information there, but on first read it does not mean a lot. I guess I will have to wait until I get into it and get my hands dirty a little. We are just in the quote phase. The good news is I don't think the app uses any of the components Tomcat does not support except for Javamail. I will need to find an addin to support it. The system only consists of 45 java modules and 25 jsp pages so it is not that large. Right now I am just trying to get enough info to accurately quote the effort.
 
Tim Holloway
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey, when I say "all", I mean all.

Yes, Tomcat apps can send mail. Check and see if Apache James is what I'm thinking of. If not, at least there's something because I've got apps that use it.

Short of it is that as long as your WebLogic apps adhered to the JEE security standards, Tomcat can handle it.
 
reply
    Bookmark Topic Watch Topic
  • New Topic