How do I secure LDAP Realm Definitions in Tomcat's server.xml
Question
In order to have my J2EE webapp to authenticate via Active directory, I need to modify both the app's web.xml file and the Server's server.xml file.
Someone raised the concern that within server.xml the LDAP credentials are store in plain text, as the example below:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="CN=LDAPSERVER,OU=MON,OU=ServiceAccount,OU=Exchange 2003,DC=DOMAIN"
connectionPassword="secret"
connectionURL="ldap://myLDAPhost-xxx:389"
alternateURL="ldap://myLDAPhost-xxx:389"
referrals="follow"
userBase="OU=USERGROUP,DC=DOMAIN"
userSearch="(sAMAccountName={0})"
userSubtree="true"
userRoleName="memberOf"
<Realm/>
Is there an alternative to storing the password to the LDAP connection in plain text, or refer to an encrypted string?
Thanks in advance.
1 answers
solution1
0 2014-02-20 01:17:44
You don't need to modify server.xml. You can define it as a Resource element within your web-app's Context.xml file, assuming you're talking about Tomcat or Glassfish, as you seem to be.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.