Problem Statement “I want to let Glassfish handle access and authentication for my web app but I want it to tie in with the user the credentials I already have in my database“.
Configuring a security realm in Glassfish v3 to tie in with your pre-existing MySQL database for user credentials is actually easier than you might think.
So here goes…
Step 1 – Create a Connection Pool and JNDI Source
Make sure that the current MySQL JDBC connector jar file is in the following directory:-
Restart your app server then fire up the admin console and from the navigation tree on the left click:-
JDBC -> Connection_Pools -> New
Give your connection pool a name and fill in the rest of the fields as shown below, click next.
The datasource classname should have populated to
Next we need to fill in a few fields in the ‘additional properties’ section:-
- user – (your database user name)
- password – (the password for your database user)
- databaseName – (your database name)
- portNumber – (usually 3306)
- serverName – (e.g. localhost)
- URL – jdbc:mysql://localhost:3306/your_DB_name_here
Save these settings and then click ‘ping’ to test everything is ok:-
From the navigation tree on the left click:-
JDBC -> JDBC_Resources -> New
Give the Resource a name and select your connection pool from the previous step then go ahead and hit the save button.
Step 2 – Create a new security realm
Ok, so before we point Glassfish to our database, we’ll need to have the following information from your database available:-
- The name of the table in which your user’s username and password are stored.
- The column names where the username and password are stored.
- The name of the table where the users are assigned to user groups.
- The column name in this table which stores the user group name.
Here’s an example:-
Users Table – user_detailsuser_name password user1 password user2 mypassword
Groups Table – user_groupsusername group user1 Admin-Group user1 Regular-Group user2 Regular-Group
So, to create a new Realm; from the navigation tree, click:-
Security -> Realms -> New
Give your realm a name.
Select com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm in the ‘Class Name’ field.
Enter the ‘JAAS Context’ as jdbcRealm.
In the ‘JNDI’ field, enter the name of your JDBC Resource from the previous step.
Fill in the table and column fields with your database info you have ready from the above step.
If your passwords are stored as MD5 hashes, enter MD5 in the ‘Digest Algorithm’ field.
The database username and password is already set in the connection pool so no need to duplicate here.
You can leave the rest of the fields blank.
That’s it s far as Glassfish is concerned! easy huh?
Next we’ll take a quick look at how to implement basic authentication in a web app.
Step 3 – Set up your web app to use this security method
If you’re not familiar Java EE security using realms, users, groups and roles here is a good tutorial to get you started.
Ok, so we’re gonna use some example user credentials, groups and roles to implement security in our web app.
Users can belong to:-
Admin-Group or Regular-Group (these are mapped to users in the group table in your database).
First we’ll map some security roles to our groups; this is done in our sun-web.xml config file in the WEB-INF folder of our web application.
For convenience sake, we’ll create one role for each group with the same name as the group.
So, Admin-Group will have the role Admin-Group assigned to it (and the same goes for Regular-Group).
Go ahead and paste this into your sun-web.xml file:-Regular-Group
Next we’ll set a security constraint in our web.xml file (also in the WEB-INF folder of our web application).
You have to give the constraint a name, set the url pattern and state which roles are allowed to access this secure area.
As you can see we are securing the whole web app by supplying ’/*’ as the url pattern.
Add this snippet to your web.xml file:-
We also need to tell the web app to actually implement security by forcing the users to login (this is also done in the web.xml file).
For this example we are using basic authentication, so we set the auth-method to ‘BASIC’.
Then we specify the jdbcRealm we created earlier for the realm-name.
Then we add all of the roles we want to be able to log in.
Add this snippet to your web.xml file:-BASIC
And that’s it! If you test your web application in a browser, you should get prompted for a username and password to continue.
Cross-posted from The Ventiblog