Configuring an Embedded Tomcat Instance.

An ongoing project I’m working on involves setting up SAML based Single Sign On (SSO). At the core of this task is a legacy REST system that uses Netty and has its own http request dispatch system along with a tightly coupled persistence framework. Essentially the system does not have an application server that could have been used to process SAML’s Web Browser profile – a widely used means of obtaining authorisation from a SAML Identity Provider (IdP). I decided to investigate running Tomcat in embedded mode and so be able to use it for handling SAML messages.

So this post contains details of how to setup an embedded Tomcat (Tomcat 7.0.75) instance and have it host whatever web applications are needed. Later posts will give details on how to write and configure a SAML based IdP and also the steps needed to create and host a SSO Service Provider (SP).

The objective is to start an embedded Tomcat instance and load into it an (exploded) web app that is on the local filesystem in a location given by, say, “conf/webapp”. This webapp will have servlets and jsp etc. specified by the usual web.xml and also have static content to be served from “conf/webapp”. Furthermore the Tomcat instance should also work over https.

The first code snippet is the Maven dependencies:

The class TomcatRunner shows the code needed

and the key to it is the overridden method addWebapp which configures Tomcat with the “web.xml” held in “conf/webapp” as per the line:

The method sslConnector() creates the SSL settings and it very much follows what would be done when modifying Tomcats’ server.xml file.

The final bit of the puzzle, serving static content, is enabled by having Tomcat’s default servlet enabled for the serving of static content. This is done by having this snippet in the web.xml file.

Finally, to start an embedded Tomcat, just create a new TomcatRunner and call the startTomcat() method. (In production you may want to consider only attempting to start Tomcat if one has not already been started.)

No doubt there are probably ways of doing all this programatically but personally I could not find complete documentation about setting up servlets, jsp pages, jsp error pages etc. in a programmatic way.

Leave a Reply

Your email address will not be published. Required fields are marked *

ˆ Back To Top