• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat Security

 
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I was able to implement the form based tomcat security on my web app. It was good. But because of some restriction from client i need to modify it.

The password is placed as in encryppted form in DB, so i can not rely on tomcat "authenticate" method which simple "select" the username/password from DB and match it. I have seen the implementation of (org.apache.catalina.realm.JDBCRealm).

Now, what i did, i wrote a CustomRealm


I put that file in server/lib and changed the server.xml with this entry


It works fine.

but now, when i am deploying it to application, i am wandering how would i communicate with Database, since my DB layer is combination of Spring, Hibernate and all daos, beans of application will not be available here in my this class, since it's in server side - application independent.

If i put this class in application WAR file and change the server.xml file to point that class, my server give exception at startup "class not found" which is quite logical.

Now, actually what i want - is to use the Tomcat Security to match user/password (password is encrypted form in DB - encryption done by my application before saving). If i use my Custom Realm, then how can i access my DB Connection classes populated by Spring/Hibernate?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Instead of extending RealmBase, could you not extend JDBCRealm, so that you inherit all the JDBC code it uses? And overwrite just the parts necessary to satisfy your requirements?
 
Em Aiy
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
Instead of extending RealmBase, could you not extend JDBCRealm, so that you inherit all the JDBC code it uses? And overwrite just the parts necessary to satisfy your requirements?



yeah, it can be a better option.

But is there any way i can get the beans/objects populated by spring/hibernate? Actually i really don't want to configure the database at 2 places, 1 for Realm and 2nd for applicationContext (spring - hibernate).
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, this is code running as part of Tomcat itself (which is why you need to put the classes in server/lib); it has no access to anything in your web app.
 
Em Aiy
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
No, this is code running as part of Tomcat itself (which is why you need to put the classes in server/lib); it has no access to anything in your web app.



mm, so is there any good alternate solution for security? I am using JSF at UI side and want to have form based security with my encrypted password saved in Database (MySQL)
 
reply
    Bookmark Topic Watch Topic
  • New Topic