Manualshelf

NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
71727374757677787980
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) 6.0 System Administrator’s Guide544548-004
3-29
JNDIRealm
Example 3-12 shows that <Realm> elements are included (commented out) in the
default file NSJSP_HOME/conf/server.xml.
JDBCRealm operates according to these rules:
When a user attempts to access a protected resource for the first time, the NSJSP
container calls the authenticate() method of this realm. Any changes made to
the database directly (such as adding new users or changing passwords or roles)
are immediately reflected.
Once a user has been authenticated, the user (and the users associated roles) is
cached within NSJSP for the login duration of the user. For FORM-based
authentication, the duration last till the session times out or is invalidated; for
BASIC and DIGEST authentication, the duration lasts till the user closes the
browser. Any changes to the database information for an already authenticated
user are not reflected until the next login by the user.
Your application is responsible for the administration of information in the users, role,
and user role table. The NSJSP container does not provide any built-in capabilities to
maintain users and roles.
For information on debugging and exception messages, see Logging in NSJSP 6.0 on
page 6-1.
JNDIRealm
JNDIRealm is a user realm implementation of NSJSP 6.0 that recognizes users in a
directory server accessed by a JNDI provider (typically, the standard LDAP provider
that is available with the JNDI API classes). The substantial configuration flexibility
enables you to adapt to the existing schema inside your directory server, as long as it
conforms to the following requirements:
Each user to be authenticated is represented by an individual element in the top
level DirContext, which is accessed through the connectionURL attribute.
The user element must have the following characteristics:
The distinguished name (dn) attribute of this element contains the user name
to be authenticated.
Example 3-12. Using the SQL/MX database to specify JDBCRealm attributes
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.tandem.sqlmx.SQLMXDriver"
connectionURL="jdbc:sqlmx:"
userTable="mycatalog.myschema.users”
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="mycatalog.myschema.userrole”
roleNameCol="role_name" />