NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

351

352

353

354

355

356

357

358

359

360

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-8

Realms

application resources is granted to all users possessing a particular role. There can be

any number of roles associated with a username.

In many cases, however, it is desirable to connect a servlet container to an existing

authentication database or an existing authentication mechanism. Therefore, NSJSP

defines a Java interface (org.apache.catalina.Realm) that can be implemented

by plug in components to establish a connection for authentication.

The following plug-in components support connections to various sources of

authentication information:



MemoryRealm: Accesses authentication information stored in an in-memory object

collection, which is initialized from an XML document

(<NSJSP_HOME>/conf/nsjsp-users.xml).



JDBCRealm: Accesses authentication information stored in a relational database,

accessed using a Java Database Connectivity (JDBC) driver.



DataSourceRealm: Accesses authentication information stored in a relational

database, accessed using a Java Naming and Directory Interface (JNDI) named

JDBC DataSource.



JNDIRealm: Accesses authentication information stored in the Lightweight

Directory Access Protocol (LDAP) accessible directory server, accessed using a

JNDI provider.



UserDatabaseRealm: Accesses authentication information stored in a JNDI

resource, which is an XML file by default.



JAASRealm: Accesses authentication information through the Java Authentication

and Authorization Service (JAAS) framework.

Apart from these standard plug-in components, NSJSPLockoutRealm and

CombinedRealm are other implementations, (that also implement the Realm interface)

which provide the Realm functionality by using one or more of the previously

mentioned plug-ins.

Realm elements can be configured as child elements of any of the following elements:



The Engine element: The Engine element is defined in the

<NSJSP_HOME>/conf/server.xml file. In this case, the Realm applies to all

contexts (web applications) in all the Hosts configured under the Engine element.

Any Realm definition in the Host or Context element overrides the Realm

definition in the Engine element. In the default NSJSP configuration, a

UserDatabaseRealm is configured under the Engine element and is used to

authenticate users in the Admin and the Manager Web applications.



The Host element: Host elements are defined in the

<NSJSP_HOME>/conf/server.xml file. This Realm definition applies to all

Note. The Java Servlet specification defines declarative elements, such as security-

constraint, auth-constraint, user-data-constraint as part of the deployment

descriptor to define an application's security requirements.