English 中文(简体)
question about GlassFish/Tomcat security realms
原标题:

I have GlassFish set up to use "JDBCRealm". The configuration looks like this and it works fine:

<JDBCRealm userTable="users" userNameCol="user_name" 
userCredCol="user_pass" userRoleTable="user_roles" 
roleNameCol="role_name" ... />

My database currently looks like this:

- USERS -
USER_NAME | USER_PASS
steve | password1

- USER_ROLES -
USER_NAME | ROLE_NAME
steve | ADMIN

My question is, if I want to normalize the data in the database, how do I configure a realm that can understand the new database design? Do I have to write a custom "realm" object or something like that?

Instead, I want my database to look something this:

- USERS -
USER_ID | USER_NAME | USER_PASS
1 | steve | password1

- ROLES -
ROLE_ID | ROLE_NAME
2 | ADMIN

- USER_ROLES -
USER_ID | ROLE_ID
1 | 2

Any help is greatly appreciated!

最佳回答

It should work straightforward. I just did it a few days ago for Glassfish server. But I think it should be similar for Tomcat. I have 3 tables:

  • user (login (pk), password, ...)
  • group (group_id (pk), group_name)
  • group_has_user (login (fk from user table), group_id (fk from group table))

my JDBC Realm looks like the following:

<auth-realm name="Register-User" classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm">
          <property name="jaas-context" value="jdbcRealm" />
          <property name="datasource-jndi" value="jdbc/ladb" />
          <property name="user-table" value="user" />
          <property name="user-name-column" value="login" />
          <property name="password-column" value="password" />
          <property name="group-table" value="group_has_user" />
          <property name="group-name-column" value="group_id" />
          <property name="digest-algorithm" value="SHA-256" />

If you experience problems, make shure that the columns group_id have the same name in group table and in the join-table.

时间:2011-03-08 14:25:14
问题回答

The way we tackle this issue is to normalize the database and create views for glassfish.

                      Table "public.admin"
    Column     |            Type             | Modifiers 
---------------+-----------------------------+-----------
 id            | bigint                      | not null
 login         | character varying(255)      | not null
 password      | character varying(255)      | not null


             Table "public.role"
 Column |          Type          | Modifiers 
--------+------------------------+-----------
 id     | bigint                 | not null
 name   | character varying(255) | 



  Table "public.role_admins"
  Column  |  Type  | Modifiers 
----------+--------+-----------
 role_id  | bigint | not null
 admin_id | bigint | not null

Here is the view:

           View "public.v_admin_role"
  Column   |          Type          | Modifiers 
-----------+------------------------+-----------
 login     | character varying(255) | 
 password  | character varying(255) | 
 role_name | character varying(255) | 
View definition:
 SELECT a.login, a.password, r.name AS role_name
   FROM admin a
   JOIN role_admins ra ON ra.admin_id = a.id
   JOIN role r ON r.id = ra.role_id
  WHERE a.active = true;

And the config

<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="gcsiadmin">
  <property name="user-name-column" value="login"/>
  <property name="password-column" value="password"/>
  <property name="group-name-column" value="role_name"/>
  <property name="datasource-jndi" value="jdbc/GcsiDS"/>
  <property name="user-table" value="v_admin_role"/>
  <property name="group-table" value="v_admin_role"/>
  <property name="jaas-context" value="jdbcRealm"/>
</auth-realm>
时间:2011-03-08 23:32:07


上一篇:
下一篇:


相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

时间:2009-11-14 01:34:19 回答:10 展示:1
MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

时间:2009-11-14 00:40:10 回答:5 展示:1
XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

时间:2009-11-14 00:18:21 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

时间:2009-11-13 16:51:19 回答:5 展示:1
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

时间:2009-11-13 05:37:34 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全