Hello all,

In this tutorial we are going to configure JDBCRealm JAAS for tomcat 7 and mysql database server.

Let us first understand what exactly these terminologies mean.

JAAS : Java Authentication and Authorization Service is used for user authentication. This provides separation of concerns for user authentication so that they are managed independently

JDBCRealm: We can say this is used to look for users in provided relational database. All the user credentials will be retrieved by tomcat using JDBCRealm.

Form based authentication: This is a mechanism by which security is provided for web resources. If the user is authenticated, then resource will be served, otherwise it will lead to a login page where user can fill in login credentials and after successful login, the resource will be served.

We will follow these steps for configuration

1. Prepare database for user credentials and roles

2. Configure tomcat 7 server for JDBCRealm with our database

3. Create a web application in eclipse

4. Configure security for the resources which we want to protect in our web application

5. Run example

1. Prepare database:

Copy paste the following sql script and run from mysql command prompt

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
CREATE DATABASE tutorialsdb;
 
DROP DATABASE IF EXISTS tutorialsdb;
CREATE DATABASE tutorialsdb;
USE tutorialsdb;
CREATE TABLE users (
username varchar(20) NOT NULL PRIMARY KEY,
password varchar(20) NOT NULL
);
CREATE TABLE roles (
rolename varchar(20) NOT NULL PRIMARY KEY
);
CREATE TABLE users_roles (
username varchar(20) NOT NULL,
rolename varchar(20) NOT NULL,
PRIMARY KEY (username, rolename),
CONSTRAINT users_roles_fk1 FOREIGN KEY (username) REFERENCES users (username),
CONSTRAINT users_roles_fk2 FOREIGN KEY (rolename) REFERENCES roles (rolename)
);
INSERT INTO `tutorialsdb`.`users` (`username`, `password`) VALUES ('prasadkharkar', 'password');
INSERT INTO `tutorialsdb`.`roles` (`rolename`) VALUES ('user');
INSERT INTO `tutorialsdb`.`users_roles` (`username`, `rolename`) VALUES ('prasadkharkar', 'user');
COMMIT;

This will create the database and add data into it.

2. Configure tomcat 7 server.xml for JDBCRealm

Add a realm tag in tomcat_home/conf/server.xml file. Place mysql-connector-java.jar in tomcat_home/lib

 
1
2
3
4
5
6
7
8
9
10
<Realm  className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/tutorialsdb"
connectionName="root"
connectionPassword="root"
userTable="users"
userNameCol="username"
userCredCol="password"
userRoleTable="users_roles"
roleNameCol="rolename" />

3. Create a dynamic web project in eclipse.

Click File -> New -> Dynamic Web Project. Name it Tomcat7FormBasedJAAS. Also place mysql-connector-java.jar in WEB-INF/lib

Directory structure after creating project

4. Configure security for web application

Paste following content in web.xml

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    id="WebApp_ID" version="3.0">
    <display-name>Tomcat7FormBasedJAAS</display-name>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>secured</web-resource-name>
            <url-pattern>/protected/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>user</role-name>
    </security-role>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login_failure.jsp</form-error-page>
        </form-login-config>
    </login-config>
 
</web-app>

Create protected.jsp in Webcontent/protected folder and paste following code in it.

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
 
Hello <%= request.getUserPrincipal().getName().toString() %>
You are able to view this page because you are authenticated user.
 
</body>
</html>

Create login.jsp as follows

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
 
    <form method=post action="j_security_check">
        <p>
            <span>Username:</span> <br /> <input type="text" name="j_username">
        </p>
        <p>
            <span>Password:</span> <br /> <input type="password"
                name="j_password">
        </p>
        <p>
            <input type="submit" value="Login">
        </p>
    </form>
 
 
</body>
</html>

Note that the names for username, password and action must be j_username, j_password and j_security_check. It means we are using JAAS

Create a page if user authentication fails. Name it login_failure.jsp

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
 
You are not valid user
 
</body>
</html>

5. Run and test the application

Start tomcat 7 server and hit

 
1
http://localhost:8080/Tomcat7FormBasedJAAS/protected/protected.jsp

Now that we are trying to access a protected file based on url pattern, the container will take us to the login page as per our configuration in web.xml

The following page should be displayed when you hit above url.

Login Page

Now enter wrong credentials. say I enter username as prasadkharkar and password as 1234.

Now container will check whether these match the credentials specified in the database. If they don’t match it will redirect you to error page as follows

Login Error

When you enter correct credentials..i.e. username as “prasadkharkar” and password as “password”. Then you will be successfully redirected to the protected resource that you are trying to access because now you are a authenticated user.

Successful Login

reference from:

http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and-tomcat-7-with-form-based-authentication/

configure JDBCRealm JAAS for mysql and tomcat 7 with form based authentication--reference的更多相关文章

  1. 打包mysql、tomcat、jdk为一个软件

    打包mysql.tomcat.jdk为一个软件 博客分类: 成长中的点滴  . 我们在本地开发web应用的时候,直接在IDE里面就可以完成jdk.容器.数据库的配置和集成. 但是如果当我们把应用程序交 ...

  2. 微软云Linux服务器 Mysql、tomcat远程连接错误解决办法

    在微软云linux服务器成功配置好mysql.tomcat,通过外部链接却发现一直错误.Mysql 一直提示错误代码2003, tomcat连接一直提示EOF. 反复检查配置都无问题,最后得知是微软云 ...

  3. 性能测试二十六:环境部署之Mysql+Redis+Tomcat环境整合

    系统中使用了缓存+数据库,通用读取数据规则1.先从缓存读数据,如果有,直接返回数据:2.如果没有,去数据库中读,然后再插入到缓存中,再返回数据 Mysql+Redis+Tomcat环境整合 1.修改P ...

  4. Redis学习(1)--环境配置,安装JDK,MySQL,tomcat

    Linux上安装jdk,mysql,tomcat安装 rpm命令: 相当于Windows的安装/卸载程序.可以进行程序的安装,更新,卸载,查看. 本地程序安装:rpm -ivh 程序名 本地程序查看: ...

  5. 【JAVAWEB学习笔记】26_Linux基础:简介安装、常用命令和JDK、Mysql、Tomcat的安装

    Linux基础 学习目标 1.了解Linux的简介与安装 2.掌握Linux常用的命令 3.掌握Linux系统上JDK.Mysql.Tomcat的安装 一.Linux的简介 1.Linux的概述 Li ...

  6. linux下安装php报错configure: error: Cannot find MySQL header files under /usr/include/mysql.

    linux下安装php报错configure: error: Cannot find MySQL header files under /usr/include/mysql. 2013-03-04 1 ...

  7. 部署web服务器的配置——补充mysql和tomcat

    今天想到了关于mysql的一些配置,以后关于配置mysql和tomcat相关的内容也会补充在这里. tomcat: 1. 更改内存(要设置tomcat内存,解决内存溢出的问题):安装版tomcat,打 ...

  8. 解决mysql跟php不在同一台机器上,编译安装php服务报错问题:configure: error: Cannot find MySQL header files under /application/mysql.

    在编译安装php服务时报错: configure: error: Cannot find MySQL header files under /application/mysql. Note that ...

  9. mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication解决办法

    mysqlnd是个好东西.不仅可以提高与mysql数据库通信的效率,而且也可以方便的设置一些超时.如,连接超时,查询超时.但是,使用mysqlnd的时候,有个地方需要注意.就是服务端的密码格式不能使用 ...

随机推荐

  1. Start an installation from GRUB

    Start an installation from GRUB Description This tip will show you how to start an installation for ...

  2. PS证件照换背景

    综述 博主原创内容. 在PS里,对于抠图,比较有技术含量的便是抠头发丝了,下面为大家带来一个比较详细的抠头发丝的教程. 素材准备 在这里我们用这张图片作为抠图素材,下面让我们一步步来演示抠图的过程,并 ...

  3. 构建微服务:Spring boot

    构建微服务:Spring boot 在上篇文章构建微服务:Spring boot 提高篇中简单介绍了一下spring data jpa的基础性使用,这篇文章将更加全面的介绍spring data jp ...

  4. 《深入剖析Tomcat》阅读(三)

    这里要介绍下Tomcat的一个重要设计方法,Catalina设计方式. Servlet容器是一个复杂系统,但是,它有三个基本任务,对每个请求,servlet容器会为其完成以下三个操作: 1.创建一个R ...

  5. Flex时间操作

    小弟是Flex新手,最近一段时间领导要求使用Flex开发B/S的一些项目,需要用到时间上的一些操作.上网查询一番好多人都说不好操作,有的甚至非常麻烦.基于此,小弟整理了一些关于Flex时间操作的经验, ...

  6. 通过jquery获取后台传过来的值进行全选

    注:funs是从action中传过来的list<Function> 其中属性中有其子对象list<role> 下面通过s标签遍历 ,也可以通过c标签遍历 jsp页面中: < ...

  7. SCP和SFTP(都使用SSH。但SCP上传不能中断,而SFTP可以续传,这是最大区别)

    不管SCP还是SFTP,都是SSH的功能之一.都是使用SSH协议来传输文件的. 不用说文件内容,就是登录时的用户信息都是经过SSH加密后才传输的,所以说SCP和SFTP实现了安全的文件传输. SCP和 ...

  8. 2.5.1 使用alertDialog

    <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:layout ...

  9. git日志的查看与修改

    1.命令行中查看日志 git log 默认是显示所有的日志信息,之前出来的界面显示的日志,很少. 最后发现,只需要使用键盘上向下键↓,就可以继续浏览更多的日志 空格键,可以翻页浏览日志. 向左←  向 ...

  10. Linux Shell编程(27)——子shell

    运行一个shell脚本时会启动另一个命令解释器. 就好像你的命令是在命令行提示下被解释的一样, 类似于批处理文件里的一系列命令.每个shell脚本有效地运行在父shell(parent shell)的 ...