Step Defining the realms
The second step is to define a realm in the Web container's server.xml file. A realm identifies a set of users, their passwords, and their associated roles. Four types of realms are possible, depending on how you set up your user information:
I UserDatabaseRealm: The simplest but least flexible and secure choice. In this scenario, usernames, passwords, and roles are kept in a static file that is loaded into the Web container's memory at startup. For Tomcat, this file defaults to tomcat-users.xml.
i JDBCRealm: If you keep your username, passwords, and roles in an SQL or other database, using JDBCRealm makes sense. You must have two tables for user information: one for usernames and passwords and the other for the associated roles given to users.
i JNDIRealm: Use this realm if you use an LDAP (Lightweight Directory Access Protocol) server. JNDI (Java Naming and Directory Interface) is the standard for Java access to LDAP servers. JNDIRealm gives you all the options you need to look up usernames, passwords, and roles from the LDAP server.
I JAASRealm: JAAS (Java Authentication and Authorization Service) provides an implementation of the PAM (Pluggable Authentication Module) framework that allows applications to remain independent of the authentication and authorization implementation. You can find this service in J2EE SDK 1.4 and above.
Suppose that you have a database that contains all your users, their login names, and their passwords. Because JDBCRealm covers this type of database, you would choose JDBCRealm in the server.xml file. To accommodate the roles, you need to create a new database table to hold the same login names and their associated roles. If a user has more than one role, you need one row containing the user name and role for each role. The table structures would look like Figure 12-1.
Figure 12-1:
Table structures for users and roles.
userRoies user_name, varchar 2B
user_pass, varchar 10
user_logons, int user_name, varchar 2B
user role, varchar 15
users
Here are some example rows of data for each table:
users table userRoles table user_name user_pass user_name role_name bjohnson indigo bjohnson admin clrook lucy12$ clrook depthead
After you defined and populated the tables, you need to define JDBCRealm for the database you're using in the server.xml file. The server.xml file already has definitions (commented out) for several of the most common databases — MySQL, Oracle, and the generic database connected with ODBC. In Listing 12-2, we modify the sample JDBCRealm definition for MySQL and put it into use.
Post a comment