alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Tomcat example source code file (fs-jdbc-realm.xml)

This example Tomcat source code file (fs-jdbc-realm.xml) is included in the DevDaily.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Java - Tomcat tags/keywords

apis, catalina, current, current, dependencies, for, functionality, if, if, jdbc, jdbc, jdbcrealm, license, license

The Tomcat fs-jdbc-realm.xml source code

<?xml version="1.0"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!DOCTYPE document [
  <!ENTITY project SYSTEM "project.xml">
]>
<document url="fs-jdbc-realm.html">

  &project;

  <properties>
    <author email="craigmcc@apache.org">Craig McClanahan
    <title>JDBCRealm
    <revision>$Id: fs-jdbc-realm.xml 562814 2007-08-05 03:52:04Z markt $
  </properties>

<body>


<section name="Overview">


  <subsection name="Introduction">

    <p>The purpose of the JDBCRealm implementation is to
    provide a mechanism by which Tomcat 5 can acquire information needed
    to authenticate web application users, and define their security roles,
    from a relational database accessed via JDBC APIs.  For integration
    with Catalina, the resulting class(es) must implement the
    <code>org.apache.catalina.Realm interface.

<p>This specification reflects a combination of functionality that is already present in the <code>org.apache.catalina.realm.JDBCRealm class, as well as requirements for enhancements that have been discussed. Where appropriate, requirements statements are marked <em>[Current] and [Requested] to distinguish them.

<p>The current status of this functional specification is <strong>PROPOSED. It has not yet been discussed and agreed to on the TOMCAT-DEV mailing list.</p> </subsection> <subsection name="External Specifications"> <p>The implementation of this functionality depends on the following external specifications:</p> <ul> <li>Java Database Connectivity</a> (version 2.0 or later) <li>Java Database Connectivity Optional Package</a> (version 2.0 or later) </ul> </subsection> <subsection name="Implementation Requirements"> <p>The implementation of this functionality shall conform to the following requirements:</p> <ul> <li>Be realized in one or more implementation classes. <li>Implement the org.apache.catalina.Realm interface. [Current]</li> <li>Implement the org.apache.catalina.Lifecycle interface. [Current]</li> <li>Subclass the org.apache.catalina.realm.RealmBase base class.</li> <li>Live in the org.apache.catalina.realm package. [Current]</li> <li>Support a configurable debugging detail level. [Current] <li>Log debugging and operational messages (suitably internationalized) via the <code>getContainer().log() method. [Current] </ul> </subsection> </section> <section name="Dependencies"> <subsection name="Environmental Dependencies"> <p>The following environmental dependencies must be met in order for JDBCRealm to operate correctly:</p> <ul> <li>The desire to utilize JDBCRealm must be registered in <code>$CATALINA_HOME/conf/server.xml, in a <code><Realm> element that is nested inside a corresponding <code><Engine>, <Host>, or <code><Context> element. </ul> </subsection> <subsection name="Container Dependencies"> <p>Correct operation of JDBCRealm depends on the following specific features of the surrounding container:</p> <ul> <li>Interactions with JDBCRealm will be initiated by the appropriate <code>Authenticator implementation, based on the login method that is selected.</li> <li>JDBCRealm must have the JDBC standard API classes available to it. For a JDK 1.2 or later container, these APIs are included in the standard platform.</li> <li>When connection pooling is implemented, JDBCRealm must have the JDBC Optional Package (version 2.0 or later) APIs available to it. This library is available as a separate download (and will be included in Tomcat binary distributions).</li> </ul> </subsection> </section> <section name="Functionality"> <subsection name="Overview of Operation"> <p>The main purpose of JDBCRealm is to allow Catalina to authenticate users, and look up the corresponding security roles, from the information found in a relational database accessed via JDBC APIs. For maximum flexibility, the details of how this is done (for example, the names of the required tables and columns) should be configurable.</p> <p>Each time that Catalina needs to authenticate a user, it will call the <code>authenticate() method of this Realm implementation, passing the username and password that were specified by the user. If we find the user in the database (and match on the password), we accumulate all of the security roles that are defined for this user, and create a new <code>GenericPrincipal object to be returned. If the user is not authenticated, we return <code>null instead. The <code>GenericUser object caches the set of security roles that were owned by this user at the time of authentication, so that calls to <code>isUserInRole() can be answered without going back to the database every time.</p> </subsection> <subsection name="Detailed Functional Requirements"> <h3>Configurable Properties <p>The implementation shall support the following properties that can be configured with JavaBeans property setters:</p> <ul> <li>Configuration parameters defining the JDBC driver to use, the database connection URL to be accessed, and the username/password to use for logging in. [Current]</li> <li>Configuration parameters describing the connection pool to be created to support simultaneous authentications. [Requested]</li> <li>Name of the tables to be searched for users and roles. [Current] <li>Name of the columns to be used for usernames, passwords, and role names. [Current]</li> </ul> <h3>Lifecycle Functionality <p>The following processing must be performed when the start() method is called:</p> <ul> <li>Establish a connection to the configured database, using the configured username and password. [Current]</li> <li>Configure and establish a connection pool of connections to the database. [Requested]</li> </ul> <p>The following processing must be performed when the stop() method is called:</p> <ul> <li>Close any opened connections to the database. </ul> <h3>Method authenticate() Functionality <p>When authenticate() is called, the following processing is required:</p> <ul> <li>Acquire the one and only connection [Current] or acquire a connection from the connection pool [Requested].</li> <li>Select the one and only row from the user's table for this user, and retrieve the corresponding password column. If zero rows (or more than one row) are found, return <code>null. <li>Authenticate the user by comparing the (possibly encrypted) password value that was received against the password presented by the user. If there is no match, return <code>null. <li>Acquire a List of the security roles assigned to the authenticated user by selecting from the roles table.</li> <li>Construct a new instance of class <code>org.apache.catalina.realm.GenericPrincipal, passing as constructor arguments: this realm instance, the authenticated username, and a <code>List of the security roles associated with this user.</li> <li>WARNING - Do not attempt to cache and reuse previous <code>GenericPrincipal objects for a particular user, because the information in the directory server might have changed since the last time this user was authenticated.</li> <li>Return the newly constructed GenericPrincipal. </ul> <h3>Method hasRole() Functionality <p>When hasRole() is called, the following processing is required:</p> <ul> <li>The principal that is passed as an argument SHOULD be one that we returned (instanceof class <code>org.apache.catalina.realm.GenericPrincipal, with a <code>realm property that is equal to our instance. <li>If the passed principal meets these criteria, check the specified role against the list returned by <code>getRoles(), and return true if the specified role is included; otherwise, return <code>false. <li>If the passed principal does not meet these criteria, return <code>false. </ul> </subsection> </section> <section name="Testable Assertions"> <p>In addition the the assertions implied by the functionality requirements listed above, the following additional assertions shall be tested to validate the behavior of <code>JDBCRealm:

<ul> </ul> </section> </body> </document>
... this post is sponsored by my books ...

#1 New Release!

FP Best Seller

 

new blog posts

 

Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.