wiki:tap

Version 6 (modified by vegasm, 7 years ago) (diff)

--

What is TAP

The aim of the Thredds Admin Portal (TAP) project lies in the idea of solving the huge problem existing in the Unidata Thredds application with the management of users, roles and dataset access. The Thredds user authentication is delegated to Tomcat Basic which gets users and roles from a given Realm. In order to authorize users, Thredds checks whether the dataset is restricted and if so, gets the user roles to make a decision. TAP manages the datasource mentioned to control user access to protected datasets.

Environment setup

This environment consists of:

  • Thredds 4.5.5
  • TAP 2.4
  • Apache derby network 10.11.1.1
  • Apache Tomcat 7.0.59

Attached is a preconfigured environment instance. You only need to change the ports and paths in server.xml and start the derby instance. If you are not familiar please read on the following instructions.

Expose our datasource in Tomcat

Tomcat gets users and roles from conf/tomcat-users.xml by default. We are going to change this in order to get users and roles from a given database. For this purpose, we need to add a new resource called “jdbc/admin” in GlobalNamingResurces?.

<Resource name="jdbc/adminDB" auth="Container" type="javax.sql.DataSource" factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
    validationQuery="SELECT count(*) FROM users" maxActive="20" maxIdle="10" username="password" password="secret"
    driverClassName="org.apache.derby.jdbc.ClientDriver" url="jdbc:derby://localhost:port//derbypath/derbydb" readOnly="false"/>

Set the realm

A Realm is a “database” of usernames and passwords that identify valid users of a web application (or set of web applications), plus an enumeration of the list of roles associated with each valid user. The servlet container will be connected to the database and it also be aware of the username and the corresponding roles. Define this realm inside <Engine> in your server.xml:

<Realm className="org.apache.catalina.realm.DataSourceRealm" digest="MD5" debug="0" dataSourceName="jdbc/adminDB" 
    userTable="USERS" userNameCol="USERNAME" userCredCol="PASSWORD" userRoleTable="V_USERS_ROLES" roleNameCol="ROLENAME"/>

Attachments (13)