vendredi 6 septembre 2013

Configuring Security in Glassfish v3 – Creating a JDBC Realm


Configuration d'un domaine de sécurité (Realm) dans Glassfish v3 pour coorespondre avec votre base de données MySQL préexistante contenant les informations d'identification utilisateur (2 tables users et group ou rôles). C'est plus facile que vous ne le pensez. Voyez plutôt:
 //TODO translate french
Step 1 – Create a connection pool and JNDI source
Make sure that the current MySQL JDBC connector jar file is in the following directory:-
$GLASSFISH_HOME/glassfish/lib

Restart your app server then fire up the admin console and from the navigation tree on the left click:-
JDBC -> Connection_Pools -> New

Give your connection pool a name and fill in the rest of the fields as shown below, click next.
add-connection-pool
Add new connection pool

The datasource classname should have populated to
com.mysql.jdbc.jdbc2.optional.MysqlDataSource

Next we need to fill in a few fields in the ‘additional properties’ section:-
  • user – (your database user name)
  • password – (the password for your database user)
  • databaseName – (your database name)
  • portNumber – (usually 3306)
  • serverName – (e.g. localhost)
  • URL – jdbc:mysql://localhost:3306/your_DB_name_here

Save these settings and then click ‘ping’ to test everything is ok:-
The message you should see

From the navigation tree on the left click:-
JDBC -> JDBC_Resources -> New

Give the Resource a name and select your connection pool from the previous step then go ahead and hit the save button.
New JDBC Resource

Step 2 – Create a new security realm
Ok, so before we  point Glassfish to our database, we’ll need to have the following information from your database available:-
  1. The name of the table in which your user’s username and password are stored.
  2. The column names where the username and password are stored.
  3. The name of the table where the users are assigned to user groups.
  4. The column name in this table which stores the user group name.

Here’s an example:-

Users Table – user_details
user_namepassword
user1password
user2mypassword

Groups Table – user_groups
usernamegroup
user1Admin-Group
user1Regular-Group
user2Regular-Group


So, to create a new Realm; from the navigation tree, click:-
Security -> Realms -> New

Give your realm a name.
Select com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm in the ‘Class Name’ field.
Enter the ‘JAAS Context’ as jdbcRealm.
In the ‘JNDI’ field, enter the name of your JDBC Resource from the previous step.
Fill in the table and column fields with your database info you have ready from the above step.
If your passwords are stored as MD5 hashes, enter MD5 in the ‘Digest Algorithm’ field.
The database username and password is already set in the connection pool so no need to duplicate here.
You can leave the rest of the fields blank.
New Security Realm

That’s it s far as Glassfish is concerned! easy huh?

Next we’ll take a quick look at how to implement basic authentication in a web app.

Step 3 – Set up your web app to use this security method
If you’re not familiar Java EE security using realms, users, groups and roles here is a good tutorial to get you started.

Ok, so we’re gonna use some example user credentials, groups and roles to implement security in our web app.
Users can belong to:-
Admin-Group or Regular-Group (these are mapped to users in the group table in your database).

First we’ll map some security roles to our groups; this is done in our sun-web.xml config file in the WEB-INF folder of our web application.
For convenience sake, we’ll create one role for each group with the same name as the group.
So, Admin-Group will have the role Admin-Group assigned to it (and the same goes for Regular-Group).

Go ahead and paste this into your sun-web.xml file:-
<security-role-mapping>
<role-name>Regular-Group</role-name>
<group-name>Regular-Group </group-name>
</security-role-mapping>
<security-role-mapping>
<role-name> Admin-Group</role-name>
<group-name>Admin-Group </group-name>
</security-role-mapping>

Next we’ll set a security constraint in our web.xml file (also in the WEB-INF folder of our web application).
You have to give the constraint a name, set the url pattern and state which roles are allowed to access this secure area.
As you can see we are securing the whole web app by supplying  ’/*’ as the url pattern.

Add this snippet to your web.xml file:-
     <security-constraint>
        <display-name>SecurePlace</display-name>
        <web-resource-collection>
         <web-resource-name>Secure Place</web-resource-name>
         <description>Description here</description>
          <url-pattern>/* </url-pattern>
    </web-resource-collection>
       <auth-constraint>
         <description>descrition here</description>
         <role-name>Regular-Group</role-name>
         <role-name>Admin-Group</role-name>
        </auth-constraint>
    </security-constraint>
We also need to tell the web app to actually implement security by forcing the users to login (this is also done in the web.xml file).
For this example we are using basic authentication, so we set the auth-method to ‘BASIC’.
Then we specify the jdbcRealm we created earlier for the realm-name.
Then we add all of the roles we want to be able to log in.

Add this snippet to your web.xml file:-
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myRealm</realm-name>
    </login-config>
    <security-role>
       <role-name>Regular-Group</role-name>
    </security-role>
   <security-role>
        <role-name>Admin-Group</role-name>
    </security-role>


And that’s it! If you test your web application in a browser, you should get prompted for a username and password to continue.