A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora4. Named after the Norse goddess Syn.
This project requires Java 8 and can be built with Gradle. To build and test locally, use ./gradlew build.
Copy the JAR that was built above from build/libs/islandora-syn-X.X.X-all.jar and place into $TOMCAT_HOME/lib directory. Can be found in Ubuntu at: /var/lib/tomcat8/lib/. Note that this JAR is built to contain all the dependancies.
Now register the valve in Tomcat configuration file.
In Ubuntu this file is located at: /var/lib/tomcat8/conf/context.xml
<Valve className="ca.islandora.syn.valve.SynValve"
pathname="conf/syn-settings.xml" />where:
- pathname: The location of the settings file. Defaults to
$CATALINA_BASE/conf/syn-settings.xml.
The valve checks if requested url is under security contraints. So, valve will activate only if the Fedora4 web.xml file contains something like:
<security-constraint>
<web-resource-collection>
<web-resource-name>Fedora4</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>islandora</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>fcrepo</realm-name>
</login-config>On ubuntu this file can be found at:
/var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml