I ended having to write a custom JDBC Realm since i have used a salt for
users passwords.
import org.apache.catalina.realm.JDBCRealm;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import
org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import java.security.Principal;
/**
* @author
*/
public class EazyregnskabRealm extends JDBCRealm {
private static final Log log =
LogFactory.getLog(EazyregnskabRealm.class);
ShaPasswordEncoder encoder = new ShaPasswordEncoder(256);
@Override
protected String getName() {
return this.getClass().getSimpleName();
}
@Override
public synchronized Principal authenticate(String username, String
credentials) {
String unDigestedPassword = credentials;
String digestedPassword =
encoder.encodePassword(unDigestedPassword, username);
return super.authenticate(username, digestedPassword);
}
}
web.xml
<login-config>
<auth-method>BASIC
</auth-method>
<realm-name>Monitoring</realm-name>
</login-config>
<security-role>
<role-name>USER</role-name>
</security-role>
<security-role>
<role-name>MONITOR</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Monitoring</web-resource-name>
<url-pattern>/monitoring</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MONITOR</role-name>
</auth-constraint>
</security-constraint>
server.xml
<Realm className="dk.eazyit.eazyregnskab.system.EazyregnskabRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://<host>:<port>/<database>?user=<user>&password=<password>"
userTable="users" userNameCol="username" userCredCol="password"
userRoleTable="user_roles" roleNameCol="role"/>
The EazyregnskabRealm.class must be made into a jar, this and all other
dependencies should be put in the tomcat lib folder. Hope someone else can
use this.
Med venlig hilsen / Best regards
Tommy Sadiq Hinrichsen
Selvstændig IT-udvikler
HD-ØP
Humlebækgade 16, 1.tv.
2200 København N
Tlf: 26 24 14 36
Mangler du en billig anlægsgartner, så prøv http://www.sl-haveanlaeg.dk
2013/8/19 Tommy Sadiq Hinrichsen <[email protected]>
> I use for authorizing wicket pages, but javaMelody's monitoring page is
> not a wicket page.
>
>
> Med venlig hilsen / Best regards
>
> Tommy Sadiq Hinrichsen
> Selvstændig IT-udvikler
> HD-ØP
>
> Humlebækgade 16, 1.tv.
> 2200 København N
> Tlf: 26 24 14 36
>
> Mangler du en billig anlægsgartner, så prøv http://www.sl-haveanlaeg.dk
>
>
> 2013/8/19 Martin Grigorov <[email protected]>
>
>> Hi,
>>
>>
>> On Mon, Aug 19, 2013 at 1:09 PM, Tommy Sadiq Hinrichsen <
>> [email protected]> wrote:
>>
>> > Hi
>> >
>> > I'm using Wicket security for authorization and authentication.
>> >
>>
>> Do you already use it for authorizing other pages ?
>>
>>
>> >
>> > I have included java melody to monitor the tomcat server where the web
>> app
>> > is running and i would like to limit access to the monitoring page. Is
>> > there some way to do that with wicket security?
>> >
>>
>> Just like for authorizing any other page.
>>
>>
>> Check http://wicketguide.comsysto.com/guide/chapter19.html for intro to
>> security in Wicket.
>>
>>
>> >
>> > Med venlig hilsen / Best regards
>> >
>> > Tommy Sadiq Hinrichsen
>> > Selvstændig IT-udvikler
>> > HD-ØP
>> >
>> > Humlebækgade 16, 1.tv.
>> > 2200 København N
>> > Tlf: 26 24 14 36
>> >
>> > Mangler du en billig anlægsgartner, så prøv http://www.sl-haveanlaeg.dk
>> >
>>
>
>
