Skip to content
/ Syn Public

Tomcat valve for JWT Authentication

License

Notifications You must be signed in to change notification settings

Islandora/Syn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

eb8c1d5 · Sep 13, 2022

History

47 Commits
Sep 13, 2022
Aug 31, 2020
Mar 7, 2017
Feb 7, 2020
May 3, 2017
Oct 5, 2021
Mar 3, 2017
Oct 5, 2021
Jul 13, 2021
Mar 3, 2017
Mar 3, 2017

Repository files navigation

Syn Syn

Build Status Contribution Guidelines LICENSE codecov

Introduction

A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora. Named after the Norse goddess Syn.

Requirements

This project requires Java 8 and can be built with Gradle. To build and test locally, use ./gradlew build.

Installation

Copy Syn JAR

Copy the JAR that was built above from build/libs/islandora-syn-X.X.X-all.jar and place into $TOMCAT_HOME/lib directory. Can be found in Ubuntu at: /var/lib/tomcat8/lib/. Note that this JAR is built to contain all the dependencies.

Register Valve

Now register the valve in Tomcat configuration file. In Ubuntu this file is located at: /var/lib/tomcat8/conf/context.xml

<Valve className="ca.islandora.syn.valve.SynValve" 
	  		 pathname="conf/syn-settings.xml" />

where:

  • pathname: The location of the settings file. Defaults to $CATALINA_BASE/conf/syn-settings.xml.

Enable security-constraint

The valve checks if requested URL is under security constraints. So, valve will activate only if the Fedora4 web.xml file contains something like:

<security-constraint>
    <web-resource-collection>
      <web-resource-name>Fedora4</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-role>
    <role-name>islandora</role-name>
</security-role>
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>fcrepo</realm-name>
</login-config>

On Ubuntu this file can be found at: /var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml

Setup Syn Configuration

Modify the example configuration and move it to: $CATALINA_BASE/conf/syn-settings.xml.

Header principals

Additional roles are passed to Fedora via a HTTP header, this is configured via the header attribute to the <config> element in the syn-settings.xml.example file. You must also configure Fedora to read this header via its HeaderProvider.

Documentation

Further documentation for this module is available on the Islandora 8 documentation site.

Troubleshooting/Issues

Having problems or solved a problem? Check out the Islandora google groups for a solution.

Maintainers

Current maintainers:

Development

If you would like to contribute, please get involved by attending our weekly Tech Call. We love to hear from you!

If you would like to contribute code to the project, you need to be covered by an Islandora Foundation Contributor License Agreement or Corporate Contributor License Agreement. Please see the Contributors pages on Islandora.ca for more information.

We recommend using the islandora-playbook to get started.

License

MIT