More on Realm Authentication with Tomcat

Okay, so I had a play with Realm Authentication…

First things was where the <Realm> tag should go. Umm, I’m a little unfamiliar with Tomcat. Tracked it down eventually – lots of examples of realm tags in server.xml. Not the right place still – I just want this to apply to my single web application – but good enough for now.

The realm tag I used was:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost/jtest"
connectionName="root" connectionPassword="password"
userTable="tusers" userNameCol="cUser" userCredCol="cPwd" userRoleTable="troles" roleNameCol="cRole"/>

Naturally, this requires the MySQL JDBC driver from Mysql.com. Download it, and place it into the $Tomcatcommonlib directory (still with me?)

Careful that you actually enter the correct password – some idiots try to configure the JDBC connection with the wrong password

Next up, set up some tables in MySQL:

Table tusers:
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| cUser | varchar(32) | | PRI | | |
| cPwd | varchar(32) | | | | |
+-------+-------------+------+-----+---------+-------+

Table troles:
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| cUser | varchar(32) | | MUL | | |
| cRole | varchar(32) | | | | |
+-------+-------------+------+-----+---------+-------+

And populate with data:
+-------+-------+
| cUser | cPwd |
+-------+-------+
| Alice | bingo |
| Bob | chuck |
| Eve | daily |
+-------+-------+

+-------+-------+
| cUser | cRole |
+-------+-------+
| Alice | user |
| Alice | admin |
| Bob | user |
+-------+-------+

So, we’ve got our user and role tables set up, Tomcat configured to query it – only 2 more essential components to configure. What, you ask, with baited breath. (Actually, would baited breath not smell? I digress…)

We need content to apply our permissions to, and a web deployment descriptor (web.xml) to describe the security applied to these resources.

I created 2 html files. That’s right, just HTML, not servlets, not JSP, just static html. I created user.html and admin.html :
<html>
<head><title>UserAuth</title></head>
<body>User Perm Authenticated</body>
</html>

Admin.html is the same, just with ‘admin’ where it says ‘user’.

In my $Tomcatwebapps directory, I created a new directory ‘test’. Beneath this, I created a directory ‘html’ and I put the html files in there. It just seemed like a good idea, though I guess you could stick it under the root – just you’ve have to specify a different <security-constraint>. See below, you’ll get what I mean.

I also created a WEB-INF directory for the web.xml file. I then wrote my web.xml file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<description>
JSP 2.0 Examples.
</description>
<display-name>JSP 2.0 Examples</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>userstuff</web-resource-name>
<url-pattern>/html/user.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>adminstuff</web-resource-name>
<url-pattern>/html/admin.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>test</realm-name>
</login-config>

<security-role>
<role-name>user</role-name>
<role-name>admin</role-name>
</security-role>

</web-app>
Things to notice – I have seperate <security-constraints> for the two html files, though as it is a pattern match on the path, you don’t have to. And I have two roles, user and admin.

That’s it, really. Try going to the path for each of the files and logging in as Alice, Bob and Eve. ‘Nuff said.

Advertisements
More on Realm Authentication with Tomcat

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s