RE: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms

Tue, 23 Mar 2004 02:50:06 -0800 

Hi,

> How does the GlobalNamingResources relate to the REALM specified in the
> engine element ? Can someone
> tell me if the UserBase as specified in the GlobalNamingResources is being
> used by for the JSP security
> stuff ? (for example the
> /webapps/jsp-examples/security/protected/login.jsp)

In my thoughts, a realm in the context (or engine) overwrites the global
realm. So if you have defined a security-constraint in your
localhost-applicaions web.xml the user and roles used there for access
control are taken from the database. The memory-realm /tomcat-users.xml
won't be used. The security-constraints in the web.xml looks like:

        <security-constraint>
        <display-name>Admin Authentication</display-name>
        <web-resource-collection>
                <web-resource-name>Protected Area</web-resource-name>
                <url-pattern>/*</url-pattern>
                <http-method>DELETE</http-method>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
                <role-name>admin</role-name>
        </auth-constraint>
        </security-constraint>

hth.

Marco

---
http://www.druckerpatronen--preisvergleich.de
http://www.tintenpatronen-preisvergleich.de

> -----Urspr�ngliche Nachricht-----
> Von: Leonard Wolters [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 23. M�rz 2004 11:21
> An: Tomcat Users List
> Betreff: RE: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
>
>
> Thanks marco,
>
>
> However, can I also set this datasource for the <Engine>
> element ? (I thought I read something about a bug, although
> I'm not quite sure).
>
> Then, after I specified this new datasource in the either
> context or engine element, how do i confiugre the UserDatabase
> in the JNDI lookup ? For example:
>
>
>       <GlobalNamingResources>
>               <Environment name="simpleValue"
> type="java.lang.Integer" value="30"/>
>               <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase" description="User
> database that can
> be updated and saved">
>               </Resource>
>               <ResourceParams name="UserDatabase">
>                       <parameter>
>                               <name>factory</name>
>
> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
>                       </parameter>
>                       <parameter>
>                               <name>pathname</name>
>                               <value>conf/tomcat-users.xml</value>
>                       </parameter>
>               </ResourceParams>
>       </GlobalNamingResources>
>
>       <!-- Define the Tomcat Stand-Alone Service -->
>       <Service name="Catalina">
>
>               <!-- Define a non-SSL Coyote HTTP/1.1 Connector on
> port 8080 -->
>               <Connector port="8080" maxThreads="150" minSpareThreads="25"
> maxSpareThreads="75" enableLookups="false" redirectPort="8443"
> acceptCount="100" debug="0" connectionTimeout="20000"
> disableUploadTimeout="true"/>
>
>               <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
>               <Connector port="8009" enableLookups="false"
> redirectPort="8443" debug="0"
> protocol="AJP/1.3"/>
>
>               <!-- Define the top level container in our
> container hierarchy -->
>               <Engine name="Catalina" defaultHost="localhost" debug="0">
>                       <Logger
> className="org.apache.catalina.logger.FileLogger"
> prefix="catalina_log." suffix=".txt" timestamp="true"/>
>               <Realm
> className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.gjt.mm.mysql.Driver"
>
> connectionURL="jdbc:mysql://localhost/build_jplanner"
> connectionName="*******" connectionPassword="******"
>                               userTable="JT_USER"
> userNameCol="LOGINNAME" userCredCol="PASSWORD"
>                               userRoleTable="JT_GROUP"
> roleNameCol="NAME"/>
>                       <Host name="localhost" debug="0"
> appBase="webapps" unpackWARs="true"
> autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
>                               <Logger
> className="org.apache.catalina.logger.FileLogger"
> directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/>
>                       </Host>
>               </Engine>
>       </Service>
>
> How does the GlobalNamingResources relate to the REALM specified in the
> engine element ? Can someone
> tell me if the UserBase as specified in the GlobalNamingResources is being
> used by for the JSP security
> stuff ? (for example the
> /webapps/jsp-examples/security/protected/login.jsp)
>
> T.i.a,
>
> Leonard
>
>
> -----Original Message-----
> From: Marco P�hler [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 23, 2004 10:45 AM
> To: Tomcat Users List
> Subject: AW: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
>
>
> Hi Leonard,
>
> this works for me:
>
>   <Context path="" docBase="/home/user1/trustedfeed" debug="0">
>       <ResourceLink name="jdbc/db" global="jdbc/db"
> type="javax.sql.DataSource" />
>       <Realm className="org.apache.catalina.realm.DataSourceRealm"
> debug="99"
>           dataSourceName="jdbc/db"
>           userTable="users" userNameCol="username" userCredCol="password"
>           userRoleTable="roles" roleNameCol="rolename"/>
>   </Context>
>
> Of course, you have to define the jdbc/db Datasource in the
> GlobalNamingResources, too.
>
> hth
>
> Marco
>
> ---
> http://www.optik-preisvergleich.de
> http://www.kontaktlinsen-preisvergleich.de
>
>
> > -----Urspr�ngliche Nachricht-----
> > Von: Leonard Wolters [mailto:[EMAIL PROTECTED]
> > Gesendet: Dienstag, 23. M�rz 2004 09:22
> > An: [EMAIL PROTECTED]
> > Betreff: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
> >
> >
> > Hi,
> >
> > I've got a question concerning the different REALM available for
> > Tomcat 5.x.
> > The main (basic) question is that I want to secure my context
> > annex websites
> > / jsp
> > pages. I have some experience with JAAS (JBOSS) and was
> investigating the
> > possibility
> > to use / implement JAAS for Tomcat. After some efforts I stopped
> > since I to
> > noticed it
> > would take me to much pain ;-( (I needed to create to much source
> > code hence
> > it would
> > take me to much time).
> >
> > Then I investigated the JDBC Realm and was trying to use this
> for securing
> > my website.
> > The question: Tomcat 5 delivers a pre-installed security JSP example
> > (/jsp-examples/security/protected) which (as stated in the
> documentation)
> > only works with
> > the MemoryRealm. Well, I want this to work with the JDBCRealm
> (or even my
> > own implementation)
> > as well.
> >
> > Does anyone can provide me some configurations of how to achieve this ?
> > Basically, I think
> > I need to change the default JNDI UserBase (MemoryRealm) with my own one
> > (JDBCRealm for example).
> > However, is this the only thing I need to do ? If so, please
> provide me a
> > server.xml configuration
> >
> > T.i.a,
> >
> > Leonard
> >
> > Leonard Wolters
> >
> > JTeam B.V.
> > E: [EMAIL PROTECTED]
> > T: +31(0)20 486 20 36
> > M: +31(0)6 24 111 401
> > F: +31(0)8 48 370 000
> > W: www.jteam.nl
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to