Chapter 14: Tomcat Security Here, a user named maharaja with the role of manager has been added. This role can access the manager application that ships with Tomcat, as well as the example Web application in the download for this chapter. Testing the DIGESTed Password The digested password can be tested by accessing the example Web application. Browse to the following URL: http://localhost:8080/secure/index.jsp A login page should be presented. Enter maharaja as the User name and tomcat as the password and click the Log In button. If all goes well, access to the application is granted, and you see the index.jsp file rendered. File-based Realms (such as UserDatabase) are easy to configure and do not depend on external resources to operate. However, they are rather limited because all authentication and authorization data must reside in a file. When the size of the data is large, file-based Realms can become inefficient to manage. The security of file-based Realms is also rather limited. By using an external relational database for authentication data, JDBC-based Realms overcome these limitations. The next section explores the administration of JDBC Realms. JDBC Realms A JDBC Realm is a Realm implementation that uses tables maintained in a relational database (such as MySQL or Oracle). Authentication and authorization data reside in an external database, potentially an existing one containing user data. Unlike file-based Realms, JDBC Realms enable the flexible addition, updating, modification, and deletion of authentication data and user/role mappings. Because data in an RDBMS is maintained dynamically, any changes that are made to the content of the authentication data are immediately reflected in the Realm. In addition to these advantages, sophisticated maintenance and administration tools can be readily created using JDBC to access and maintain the tables within the Realm. Mapping Columns to the Required View The JDBC Realm implementation in Tomcat 6 has a particular view of how the tables in the Realm must be maintained. Fortunately, the configurable parameters of Realms enable you to map to any existing schema containing the same data. More specifically, the JDBC Realm implementation expects the following tables in a standard normalized relation.
For high quality website hosting services please check java web hosting website.
This entry was posted
on Tuesday, September 1st, 2009 at 12:15 pm and is filed under tomcat.
You can follow any responses to this entry through the RSS 2.0 feed.
Responses are currently closed, but you can trackback from your own site.