Based on http://www.theventiblog.com/2010/04/configuring-security-in-glassfish-v3-creating-a-jdbc-realm/
Configuration d'un domaine de sécurité (Realm) dans Glassfish v3 pour coorespondre avec votre base de données MySQL préexistante contenant les informations d'identification utilisateur (2 tables users et group ou rôles). C'est plus facile que vous ne le pensez. Voyez plutôt:
//TODO translate french
Step 1 – Create a connection pool and JNDI source
$GLASSFISH_HOME/glassfish/lib
Restart your app server then fire up the admin console and from the navigation tree on the left click:-
JDBC -> Connection_Pools -> New
Give your connection pool a name and fill in the rest of the fields as shown below, click next.
Add new connection pool
The datasource classname should have populated to
com.mysql.jdbc.jdbc2.optional.MysqlDataSource
Next we need to fill in a few fields in the ‘additional properties’ section:-
- user – (your database user name)
- password – (the password for your database user)
- databaseName – (your database name)
- portNumber – (usually 3306)
- serverName – (e.g. localhost)
- URL – jdbc:mysql://localhost:3306/your_DB_name_here
Save these settings and then click ‘ping’ to test everything is ok:-
The message you should see
From the navigation tree on the left click:-
JDBC -> JDBC_Resources -> New
Give the Resource a name and select your connection pool from the previous step then go ahead and hit the save button.
New JDBC Resource
Step 2 – Create a new security realm
Ok, so before we point Glassfish to our database, we’ll need to have the following information from your database available:-
- The name of the table in which your user’s username and password are stored.
- The column names where the username and password are stored.
- The name of the table where the users are assigned to user groups.
- The column name in this table which stores the user group name.
Here’s an example:-
Users Table – user_details
| user_name | password |
|---|---|
| user1 | password |
| user2 | mypassword |
Groups Table – user_groups
| username | group |
|---|---|
| user1 | Admin-Group |
| user1 | Regular-Group |
| user2 | Regular-Group |
So, to create a new Realm; from the navigation tree, click:-
Security -> Realms -> New
Give your realm a name.
Select com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm in the ‘Class Name’ field.
Enter the ‘JAAS Context’ as jdbcRealm.
In the ‘JNDI’ field, enter the name of your JDBC Resource from the previous step.
Fill in the table and column fields with your database info you have ready from the above step.
If your passwords are stored as MD5 hashes, enter MD5 in the ‘Digest Algorithm’ field.
The database username and password is already set in the connection pool so no need to duplicate here.
You can leave the rest of the fields blank.
New Security Realm
That’s it s far as Glassfish is concerned! easy huh?
Next we’ll take a quick look at how to implement basic authentication in a web app.
Step 3 – Set up your web app to use this security method
If you’re not familiar Java EE security using realms, users, groups and roles here is a good tutorial to get you started.
Ok, so we’re gonna use some example user credentials, groups and roles to implement security in our web app.
Users can belong to:-
Admin-Group or Regular-Group (these are mapped to users in the group table in your database).
First we’ll map some security roles to our groups; this is done in our sun-web.xml config file in the WEB-INF folder of our web application.
For convenience sake, we’ll create one role for each group with the same name as the group.
So, Admin-Group will have the role Admin-Group assigned to it (and the same goes for Regular-Group).
Go ahead and paste this into your sun-web.xml file:-
<security-role-mapping><role-name>Regular-Group</role-name><group-name>Regular-Group </group-name></security-role-mapping><security-role-mapping><role-name> Admin-Group</role-name><group-name>Admin-Group </group-name></security-role-mapping>
Next we’ll set a security constraint in our web.xml file (also in the WEB-INF folder of our web application).
You have to give the constraint a name, set the url pattern and state which roles are allowed to access this secure area.
As you can see we are securing the whole web app by supplying ’/*’ as the url pattern.
Add this snippet to your web.xml file:-
<security-constraint>
<display-name>SecurePlace</display-name>
<web-resource-collection>
<web-resource-name>Secure Place</web-resource-name>
<description>Description here</description>
<url-pattern>/* </url-pattern>
</web-resource-collection>
<auth-constraint>
<description>descrition here</description>
<role-name>Regular-Group</role-name>
<role-name>Admin-Group</role-name>
</auth-constraint>
</security-constraint>
We also need to tell the web app to actually implement security by forcing the users to login (this is also done in the web.xml file).
Then we specify the jdbcRealm we created earlier for the realm-name.
Then we add all of the roles we want to be able to log in.
Add this snippet to your web.xml file:-
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myRealm</realm-name>
</login-config>
<security-role>
<role-name>Regular-Group</role-name>
</security-role>
<security-role>
<role-name>Admin-Group</role-name>
</security-role>
And that’s it! If you test your web application in a browser, you should get prompted for a username and password to continue.
Aucun commentaire:
Enregistrer un commentaire