Engwar

In getting started with webapp development on Java PaaS, I briefly mentioned how to handle authentication for your web applications. Configuration is the same when you’re trying to configure form based authentication in Tomcat.

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Jwitter Auth</realm-name>

    <form-login-config>
        <form-login-page>/profile.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>everyone</role-name>
</security-role>

<security-role>
    <role-name>admin</role-name>
</security-role>

<security-constraint>
    <display-name>Jwitter Security Constraint</display-name>

    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <url-pattern>/profile.jsp</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

After this, your application is tied to the authentication scheme Stratos provides. This allows you to authenticate against any user in your tenant. In other words, any user you add to your domain after logging in as admin will be able to login. As you probably guess a tenant and a domain are synonymous in this context. A user inside another domain will not be able to login to your application when you configure it like this.