This section examines two of the Tomcat Configuration Files (found in the ${tomcat_home}/conf
directory) and how to modify them for use with the TDS.
Note:
This section assumes you have successfully installed the JDK and Tomcat Servlet Container as outlined in the Installation of Java and Tomcat section.
${tomcat_home}/conf/server.xml
- XML file (well-formed syntax is important).
- Tomcat’s main configuration file.
- Changes to
server.xml
do not take effect until Tomcat is restarted. - Where we make changes to enhance TDS security.
Important elements in server.xml
Examine the elements in server.xml
.
Move into the ${tomcat_home}/conf
directory and examine the server.xml
file (${tomcat_home}
is /usr/local
in this example):
# cd /usr/local/tomcat/conf
# less server.xml
Tag Name | Instances | How it relates to the TDS |
---|---|---|
<Server> |
1…1 | Not modified unless you want to change the port number Tomcat listens for a SHUTDOWN command. (Enabled by default.) |
<GlobalNamingResources> |
0…* | Needed to contain the UserDatabase that corresponds to the UserDatabaseRealm used to authenticate users. (Enabled by default.) |
<Resource> |
0…* | Editable user database (tomcat-users.xml ) used by UserDatabaseRealm to authenticate users. (UserDatabaseRealm Resource enabled by default.) |
<Service> |
1…* | Not modified unless you wish to establish more than one service. (Catalina Service enabled by default.) |
<Connector> |
1…* | Used to establish HTTP and SSL connections. Also will communicate with an web server for proxying requests. (HTTP connector enabled by default on port 8080.) |
<Engine> |
1…1 | Not modified unless you specify a Host other than localhost . (Enabled by default.) |
<Realm> |
0…* | The UserDatabaseRealm uses the UserDatabase configured in the global JNDI Resource. (UserDatabaseRealm enabled by default.) |
<Valve> |
0…* | The RemoteAddrValve is used to filter access to the TDS based on IP address. (NOT enabled by default. You will need to add this if you want to use IP Filtering.) |
<Host> |
1…* | Not modified unless you specify a Host other than localhost . (localhost enabled by default.) |
<Valve> |
0…* | We modify the AccessLogValve to customize the access logs generated by Tomcat. (NOT enabled by default. You will need to add this if you want to enable access logging. ) |
${tomcat_home}/conf/tomcat-users.xml
- XML file (well-formed syntax is important).
- Stores user names, passwords and roles.
- Changes to
tomcat-users.xml
do not take effect until Tomcat is restarted. - What the TDS uses for user authentication and access control.
Important elements in tomcat-users.xml
Examine the elements in tomcat-users.xml
:
# pwd
/usr/local/tomcat/conf
# less tomcat-users.xml
Reference the table below to see how the tomcat-users.xml elements relate to configuring TDS (mouse-over the element for a description):
Tag Name | Instances | How it relates to the TDS |
---|---|---|
<tomcat-users> |
1…1 | Not modified. (The only tag you get by default.) |
<role> |
1…* | You will have at least two of these: one for the Tomcat manager application and one for the TDS. (You will need to add if you want to enable role-based authentication.) |
<user> |
1…* | You will need to create an entry for each user who needs access to the Tomcat manager application and/or the restricted areas of the TDS. (You will need to add if you want to enable user authentication.) |
Next Step
Next, we’ll see how to obtain and deploy the TDS in the Tomcat Servlet Container.