This article demonstrates the procedure for integrating Flux security with Tomcat security using the JAASMemoryLoginModule. Integrating your Flux engine with Tomcat's user base allows you to manage your users using Tomcat instead of Flux.

To configure Flux to use Tomcat's security, you first need to set your Flux configuration options. As Flux will be using the policy and configuration specified by Tomcat, we want to use the following configuration options:
<code>
config.setSecurityPolicyOverrideEnabled(false);
config.setSecurityPolicyFile(null);
config.setSecurityConfigurationFile(null);

config.setSecurityConfigurationFileEntry("TOMCAT_SECURITY_LOGIN");
</code>

Second, you will need to create a fluxjaas.config file in your JRE_HOME\lib\security
directory with the following statement:

TOMCAT_SECURITY_LOGIN
{
org.apache.catalina.realm.JAASMemoryLoginModule required debug=false;
};

We also need to grant the appropriate permissions to your servlet's codeBase by adding the following to the CATALINA_HOME\conf\catalina.policy file. The catalina.policy file is located where your servlet (startsecuretomcat) is, in this case in the exploded war file containing our connecting servlet.

grant codeBase "file:${catalina.home}/webapps/startsecuretomcat/-"
{
permission java.security.AllPermission;
};

Next, you will want to add the following line to the JRE_HOME\lib\security\java.security file.

login.config.url.1=file:${jre.home}/lib/security/fluxjaas.config

Now, you can create or manage your users, roles and passwords in the CATALINA_HOME\conf\tomcat-users.xml file. For instance, with the default Tomcat user entries you should be able to login to a secure engine with the following:

flux = secureInterface.login("tomcat", "tomcat");

You will want to make sure that the JAASMemoryLoginModule is included in your classpath. This can often be found in the Catalina-optional.jar, additionally, you may need to include tomcat-util.jar and Catalina.jar. These are typically located in CATALINA_HOME\common\lib.

Below is an example servlet that creates a secure engine using the JAASMemoryLoginModule, and users defined in the tomcat-users.xml file.

import flux.*;
 
import javax.servlet.http.HttpServlet;
import javax.servlet.ServletException;
 
public class startsecuretomcat extends HttpServlet {
 
 Engine flux;
 Factory fluxFactory = Factory.makeInstance();
 RemoteSecurity secureInterface;
 
 
 public void init() throws ServletException {
 
  try
   {
       System.out.println("setting up the configuration");
       Configuration config = fluxFactory.makeConfiguration();
       config.setSecurityEnabled(true);
       config.setRegistryPort(1199);
 
       config.setSecurityPolicyOverrideEnabled(false);
       config.setSecurityPolicyFile(null);
       config.setSecurityConfigurationFile(null);
 
       config.setDatabaseType(DatabaseType.MYSQL);
       config.setJdbcUsername("fake");
       config.setJdbcPassword("fake");
       config.setMaxConnections(5);
       config.setDriver("com.mysql.jdbc.Driver");
       config.setUrl("jdbc:mysql://localhost:3306/fluxtest");
 
       config.setSecurityConfigurationFileEntry("TOMCAT_SECURITY_LOGIN");
 
      System.out.println(?Making the Engine?);
      flux = fluxFactory.makeEngine(config);
      System.out.println("factory.makeRemoteSecurity(conifguration,engine");
      secureInterface = fluxFactory.makeRemoteSecurity(config,flux);
 
 
      System.out.println("\nenginge secured"+flux.isSecured()+"\n");
      System.out.println("secureInterface.login(tomcat,tomcat)");
 
 
      flux = secureInterface.login("tomcat", "tomcat");
      System.out.println("engine.start()");
      flux.start();
      System.out.println("engine started");
  }
   catch (Throwable e)
   {
      e.printStackTrace();
      System.out.println("printing cause");
      e.getCause().printStackTrace();
      throw new ServletException(e.getMessage());
    } // catch
  }//end of init
 
   public void destroy()
    {
      try{
      flux.dispose();
      }//end of try
      catch (Throwable d)
        {
          d.printStackTrace();
         }//end of catch
    }//end of destroy()
}//end of class startsecuretomcat