Configure the Delivery Tier to Use Basic Authentication - BloomReach Experience - Open Source CMS
07-01-2019

Configure the Delivery Tier to Use Basic Authentication

Introduction

Goal

Configure the delivery tier to use HTTP Basic authentication.

Background

Hippo's delivery tier is configured for form-based authentication by default. This page describes how to configure HTTP Basic authentication instead.

BASIC Authentication Configuration

To use Basic authentication instead of form-based authentication, replace the default FormAuthenticator valve with the BasicAuthenticator valve in your application context configuration:

site/webapp/src/main/webapp/META-INF/context.xml

<Valve className="org.apache.catalina.authenticator.BasicAuthenticator" />

In the site module's web.xml, replace the default security-constraint and login-config elements with ones similar to those in the following example:

site/webapp/src/main/webapp/WEB-INF/web.xml

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Preview</web-resource-name>
      <url-pattern>/preview/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>everybody</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>HSTSITE</realm-name>
  </login-config>

The configuration above sets the protected web resource path ( /preview), which is protected by the servlet container with enabling BASIC Authentication. Also, only for demonstration purpose, the default role, ' everybody', is required for the protected web resource path ( /preview).

Please note that you should configure all the URL paths to protect when you are using BASIC Authentication option. Please see SRV.12.8 in the Servlet Specification for more detail.

Now, if you restart your application, you can test the login.

Visit the /preview page path. For example: http://localhost:8080/site/preview.

Your browser will pop up a login dialog. Enter a CMS username and password to sign in. You will be authenticated.

In your custom delivery tier components, you can check if the current user is authenticated by using HttpServletRequest#getUserPrincipal(). If the method returns a non-null value, the current user is authenticated!

If you enter a wrong user name or password, then the servlet container will return an HTTP 401 error.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?