zoukankan      html  css  js  c++  java
  • configure JDBCRealm JAAS for mysql and tomcat 7 with form based authentication--reference

    Hello all,

    In this tutorial we are going to configure JDBCRealm JAAS for tomcat 7 and mysql database server.

    Let us first understand what exactly these terminologies mean.

    JAAS : Java Authentication and Authorization Service is used for user authentication. This provides separation of concerns for user authentication so that they are managed independently

    JDBCRealm: We can say this is used to look for users in provided relational database. All the user credentials will be retrieved by tomcat using JDBCRealm.

    Form based authentication: This is a mechanism by which security is provided for web resources. If the user is authenticated, then resource will be served, otherwise it will lead to a login page where user can fill in login credentials and after successful login, the resource will be served.

    We will follow these steps for configuration

    1. Prepare database for user credentials and roles

    2. Configure tomcat 7 server for JDBCRealm with our database

    3. Create a web application in eclipse

    4. Configure security for the resources which we want to protect in our web application

    5. Run example

    1. Prepare database:

    Copy paste the following sql script and run from mysql command prompt

    This will create the database and add data into it.

    2. Configure tomcat 7 server.xml for JDBCRealm

    Add a realm tag in tomcat_home/conf/server.xml file. Place mysql-connector-java.jar in tomcat_home/lib

    3. Create a dynamic web project in eclipse.

    Click File -> New -> Dynamic Web Project. Name it Tomcat7FormBasedJAAS. Also place mysql-connector-java.jar in WEB-INF/lib

    Directory structure after creating project

    Directory structure after creating project

    4. Configure security for web application

    Paste following content in web.xml

    Create protected.jsp in Webcontent/protected folder and paste following code in it.

    Create login.jsp as follows

    Note that the names for username, password and action must be j_username, j_password and j_security_check. It means we are using JAAS

    Create a page if user authentication fails. Name it login_failure.jsp

    5. Run and test the application

    Start tomcat 7 server and hit

    Now that we are trying to access a protected file based on url pattern, the container will take us to the login page as per our configuration in web.xml

    The following page should be displayed when you hit above url.

    Login Page

    Login Page

    Now enter wrong credentials. say I enter username as prasadkharkar and password as 1234.

    Now container will check whether these match the credentials specified in the database. If they don’t match it will redirect you to error page as follows

    Login Error

    Login Error

    When you enter correct credentials..i.e. username as “prasadkharkar” and password as “password”. Then you will be successfully redirected to the protected resource that you are trying to access because now you are a authenticated user.

    Successful Login

    Successful Login

    reference from:

    http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and-tomcat-7-with-form-based-authentication/

  • 相关阅读:
    违反了引用完整性约束。Dependent Role 具有多个具有不同值的主体。S级乌龙,自己制造的笑话
    用MVC5+EF6+WebApi 做一个小功能(二) 项目需求整理
    用MVC5+EF6+WebApi 做一个小功能(四) 项目分层功能以及文件夹命名
    用MVC5+EF6+WebApi 做一个小功能(三) 项目搭建
    ASP.NET WebApi总结之自定义权限验证
    用MVC5+EF6+WebApi 做一个小功能(一)开场挖坑,在线答题系统
    Javascript 535种方式!!!实现页面重载
    MVC页面移除HTTP Header中服务器信息
    为什么JavaScript要有null?(翻译)
    可编程渲染管线与着色器语言
  • 原文地址:https://www.cnblogs.com/davidwang456/p/3819541.html
Copyright © 2011-2022 走看看