A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora. Named after the Norse goddess Syn.
This project requires Java 8 and can be built with Gradle. To build and test locally, use ./gradlew build.
Copy the JAR that was built above from build/libs/islandora-syn-X.X.X-all.jar and place into $TOMCAT_HOME/lib directory. Can be found in Ubuntu at: /var/lib/tomcat8/lib/. Note that this JAR is built to contain all the dependencies.
Now register the valve in Tomcat configuration file.
In Ubuntu this file is located at: /var/lib/tomcat8/conf/context.xml
<Valve className="ca.islandora.syn.valve.SynValve"
pathname="conf/syn-settings.xml" />where:
- pathname: The location of the settings file. Defaults to
$CATALINA_BASE/conf/syn-settings.xml.
The valve checks if requested URL is under security constraints. So, valve will activate only if the Fedora4 web.xml file contains something like:
<security-constraint>
<web-resource-collection>
<web-resource-name>Fedora4</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>islandora</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>fcrepo</realm-name>
</login-config>On Ubuntu this file can be found at:
/var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml
Modify the example configuration and move it to: $CATALINA_BASE/conf/syn-settings.xml.
Additional roles are passed to Fedora via a HTTP header, this is configured via the header attribute to the <config> element in the syn-settings.xml.example file. You must also configure Fedora to read this header via its HeaderProvider.
Further documentation for this module is available on the Islandora 8 documentation site.
Having problems or solved a problem? Check out the Islandora google groups for a solution.
Current maintainers:
If you would like to contribute, please get involved by attending our weekly Tech Call. We love to hear from you!
If you would like to contribute code to the project, you need to be covered by an Islandora Foundation Contributor License Agreement or Corporate Contributor License Agreement. Please see the Contributors pages on Islandora.ca for more information.
We recommend using the islandora-playbook to get started.