Chapter 5: Basic Tomcat Confi guration The Realm Component In the default server.xml file, after the configuration of the Engine component, the next configured nested component inside the Engine is a Realm component: This configures a UserDatabaseRealm to load the tomcat-users.xmlfile into memory for use in authentication by default applications such as the managerapplication. Chapter 14 covers the attributes for the element, including how to specify your own XML file or data source for user authentication information. A Realm is a security mechanism used to perform authentication and implement container- managed security. Essentially, Realms are data sources that provide mappings between usernames and passwords (for authentication), and between usernames and roles that users assume (for container-managed security). For example, user johnf may have password xyzzy (authentication) and a role of supervisor. A Realm can access data sources external to Tomcat 6 where the user/password/role relationships are stored. There are many different implementations of Realms, differing only in the source from which they retrieve the information. Following are several types of Realms that are standard with Tomcat 6: . Memory: Uses a memory-based table that is populated with the user/password/role mappings. Typically, this is read into memory from an XML file during server startup and stays static throughout the lifetime of the server. For the default implementation that comes with Tomcat, the size of the mappings is seriously constrained by the memory available. This is typically used only in testing and development, and seldom in production. . UserDatabase: Implements a completely updateable and persistent memory Realm. It is backwardly compatible with the standard Memory Realm. Chapter 14 provides extensive coverage of UserDatabase. . JDBC: Uses a relational database source for obtaining authentication information. Any other data sources with a JDBC-compatible access interface may also be used (for example, ODBC- compliant sources via the JDBC-to-ODBC bridge). . DataSource: Similar to the JDBC realm, uses JDBC connections to obtain authentication information from a relational database source. However, it configures a lookup-based interface via JNDI when obtaining a JDBC data source for relational database access. This enables the pooling of multiple JDBC connections by the JNDI provider providing more efficient access to the relational database when a Web application performs many authentications at the same time. . JNDI: Uses Java Naming and Directory Interface (JNDI) to access the Realm data. This data is typically stored in an LDAP-based directory, although any authentication system compatible with the LDAP protocol can be used. (For instance, OpenLDAP, Microsoft, or Novell all have LDAP-compatible access drivers.) . JAAS: Works in conjunction with the Java Authentication and Authorization Service (JAAS) to obtaining the authentication and authorization information for the Realm. As mentioned earlier, Chapter 14 provides details about how to configure different Realms.
If you looking for unlimited one inclusive web hosting plan please check cheap web hosting website.
This entry was posted
on Saturday, February 14th, 2009 at 9:38 pm and is filed under tomcat.
You can follow any responses to this entry through the RSS 2.0 feed.
Responses are currently closed, but you can trackback from your own site.