Apache web server will act as a proxy for Tomcat protecting the tomcat application.
Explanation is for Tomcat server however it works for JBoss server as well with little or no modification.
Download the Tomcat connector from http://tomcat.apache.org/connectors-doc/
Install the Tomcat connector.
Copy the DLL (or .so) file downloaded as the connector to your Apache modules folder.
Path: Apache2\modules
Create a mod_jk.conf file file
In Tomcat 6.0\conf folder create (or edit) a mod_jk.conf file.
Enter the following information into the file
LoadModule jk_module <name of the tomcat connector with full path>
JkWorkersFile "<Root folder of tomcat installation>/conf/workers.properties"
JkLogFile " <Full path and name of the logfile you wish to use>"
JkLogLevel info/debug/Error # select one of them as per requirement.
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
Finally add the line:
JkMount / [your application name] smworker
JkMount / [your application name] /* smworker
This will redirect everything sent to the application name you specify to tomcat, For example:
JkMount /example smworker
JkMount /example/* smworker
will send all requests received by apache on http://myserver.ca.com/example to be redirected to tomcat.
Edit the webservers httpd.conf file.
On a windows system this is commonly located in C:\Program Files\Apache Group\Apache2\conf
At the end of this file add the line:
include " [tomcat install folder] /conf/mod_jk.conf"
Where [tomcat install folder] is the location of your tomcat installation.
Create a worker.properties file in [Tomcat root folder] /conf
Paste the following information into this file:
# Define 1 real worker named smworker
worker.list=smworker
# Set properties for worker named smworker to use ajp13 protocol,
# and run on port 8009
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300
In the server.xml file (located in [Tomcat root folder] /conf) ensure the have the following line uncommented.
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Start apache with the new module using these commands:
apache -k install
apache -k start
Finally start the tomcat server.
Install the Siteminder Apache Webagent.
Install the Siteminder Apache webagent using the installation wizard as you would normally.
Protect the application.
using the Siteminder administrative interface create a realm with the appropriate resource filter to protect the application mounted with the jkmount command earlier.
Then create rules. policies and responses to protect the application as you would normally.
Configure the Siteminder Apache Webagent.
Use the webagent configuration wizard to configure the Apache2 agent as you would normally.
Restart the Apache HTTP server.
Test the install.
The tomcat application is now protected using Apache webserver webagent.
You should be prompted by Siteminder to provide credentials when accessing the application.
CA Siteminder
ReplyDeleteFor Enquiry - contact@21cssindia.com ---- Call Us +919000444287
21st Century SiteMinder Training Synopsis:
Through a combination of presentations and hands-on lab work, the students will go through a complete SiteMinder implementation project, including installation, configuration, deploying agents, protecting applications, maintaining, and troubleshooting.Employees to learn at their own pace and maintain control of learning “where, when and how” with boundless access 24/7by 21st Century Software Solutions.
http://www.21cssindia.com/courses/ca-siteminder-online-training-190.html