By dave | March 22, 2015

Following on from Setting up role based security in tomcat, we now switch from using a memory realm to one backed by a database. Memory realms are great for testing but in any real application is would probably not be acceptable. Normally user credentials are stored in a database, so for this purpose there is a realm based on a datasource.

Depending on your view of things, you will either edit server.xml in the tomcat-home/conf directory, or you will edit the context file for the specific application. There are a few choices here, all of which are explained in the tomcat 7.0 documentation. For the purpose of this article we will edit server.xml.

 

In this case we want the realm to be the global realm, so it can be shared across all our web applications, so we need to define it as a global resource. Open file server.xml in the conf directory and move down to the section GlobalNamingResources, under here we need to add a datasource, we will call it authdb, and for the example we used MySQL, but you could use any other database. Change the values to suit your database.

<Resource name="jdbc/authdb" auth="Container"
          type="javax.sql.DataSource"
          maxActive="5"</code> maxIdle="2" maxWait="10000"
          username="user" password="pass"
          driverClassName="com.mysql.jdbc.Driver"
          url="jdbc:mysql://server:port/dbname?autoReconnect=true"/>
<code>

 

Now further down in the file, move to the Engine section with a name of Catalina, and find the Realm definition. We need to comment out the old memory based realm, and change it to use a datasource backed one:

<!--Realm className="org.apache.catalina.realm.UserDatabaseRealm"
     resourceName="UserDatabase"/-->
<Realm className="org.apache.catalina.realm.DataSourceRealm"
       debug="99" dataSourceName="jdbc/authdb"
       userTable="auth_user" userNameCol="login_id"
       userCredCol="password" userRoleTable="user_role"
       roleNameCol="role_name" digest="MD5" />

 So what we did above, is to create a datasource, which points at our database, we then created a realm (that does the credential checking) to use this database to perform authentication for the whole server. Also note that I have added a digest attribute, that is set to MD5, this means that passwords stored in the database will be an MD5 checksum that is not reversable. To use plain text passwords (not recommended) remove the digest entry.

For the realm to work, you will need two tables, a table for users to be stored in and a table for user roles. There can be many roles for each user, hence why the relation is declared on role. For clarity in the example SQL I have not introduced any indexes, restrictions or primary keys.

       create table auth_user (
             login_id <code>varchar(32),
             password varchar(255)
        );

        create table user_role (
             role_name varchar(32),
             login_id varchar(32)
        );
   </code>

Next we need to insert a user and role into the database. if you decided to use digest MD5 security, then you will need to encrypt the password before inserting any rows as follows (from the tomcat-home/bin directory):

$ digest -a md5 changeme
changeme:4cb9c8a8048fd02294477fcb1a41191a

And then insert the following values for a user called test with password of changeme, and a single role entry called manager.

insert into auth_user(login_id, password) values('test', '4cb9c8a8048fd02294477fcb1a41191a');
insert into user_role(login_id, role_name) values('test', 'manager');

OK, we are almost ready to start the tomcat server, but before you do, ensure you have installed the appropriate JDBC driver onto the library path. Once started you should be able to authenticate using the database realm.

Other pages within this category

comments powered by Disqus

This site uses cookies to analyse traffic, and to record consent. We also embed Twitter, Youtube and Disqus content on some pages, these companies have their own privacy policies.

Our privacy policy applies to all pages on our site

Should you need further guidance on how to proceed: External link for information about cookie management.

Send a message
X

Please use the forum for help with UI & libraries.

This message will be securely transmitted to our servers.