Thanks! Why share an account? Sign
everybody up!
OK, First off, WebLogic is a full-stack
JEE server. Tomcat is not. It supports
servlets, JSPs, and a few odds and ends, but does not have built-in support for things like EJBs, JavaMail, JMS or even JavaServer Faces. You can run that kind of stuff in Tomcat, but only by adding extra components to the webapp that full-stack server get from the server itself. Case in point: I also moderate the
JSF forum and have been using JSF continuously since 2006, but usually I house the apps in Tomcat, despite its lack of built-in JSF support.
So, in short, before migrating apps to Tomcat. make sure that you aren't depending on any of the full-stack features that WebLogic was providing you that Tomcat doesn't. If you do, then you'll have to work around that. Incidentally, Tomcat isn't the only limited server. Jetty also lacks the full stack and is very popular. But that's another forum...
Secondly. One of the "odds and ends" that Tomcat
does support is the J2EE/JEE standard Container Managed Security system. Which is good, since that's what drives the getRemoteUser() method, among other things. In Tomcat, the security provider is injected as a Tomcat security
Realm module. WebLogic has recently come up with a different sort of "realm", but it's not related to security Realms. So don't get confused.
The Realm is a plug-replaceable component. As shipped, Tomcat shows a sample Realm (commented out) in the conf/server.xml file for a Memory Realm. Originally, it was
the MemoryRealm module, but that Realm was extremely limited (you had to restart Tomcat just to edit users or passwords), so an extended version of MemoryRealm is the default now. I forget its name, but it's not important, because what you want is an LDAP Realm.
Active Directory is a slightly stripped-down implementation of LDAP, so that's why you want that Realm. And the Tomcat Realm docs should have some useful samples of how to configure it. I also use the LDAP Realm, although not with Windows, so I'm fairly familiar with it.
Tomcat allows Realms to be defined at two different levels. You can either define one globally within the server.xml and it will apply to all webapps for that virtual host. Or, and this is probably more common, you can define a Realm for a single webapp (Context). In which case you'd normally be defining a separate Context XML file for the webapp.
Also, since Realms are plug-replaceable, it's perfectly possible (and very useful) to use a "quick-and-dirty" Realm such as MemoryRealm for
testing and still configure a database, LDAP server or web service as a Realm for the production system. No changes to the code or WAR are required to swap Realms in and out.