NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide
Security Considerations
NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006
8-9
Realms
contexts (web applications) configured in the Host. Any Realm definition in the
Context overrides the Host definition.
The Context element: Realms can be defined as child elements of a context (web
application) in the context.xml file. The context.xml file for each application
is located in the META-INF folder of the web application base directory, which will
be located in the <NSJSP_HOME>/webapps directory. The Context element can
also be defined in additional locations that are described at
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html. A Realm definition in
a Context overrides any Realm definitions in either the Host or Engine element.
The following sections discuss different types of Realms:
JNDIRealm
MemoryRealm
JDBCRealm
UserDatabaseRealm
JAASRealm
DataSourceRealm
CombinedRealm
NSJSPLockOutRealm
JNDIRealm
It is important to have a basic understanding of JNDI and LDAP before attempting to
understand the concept of the JNDIRealm.
The JNDIRealm is an implementation of the Realm interface that looks up users in a
LDAP directory server accessed by a JNDI provider (typically, the standard LDAP
provider, which implements the JNDI API classes). The JNDIRealm supports many
approaches for using an LDAP directory for authentication. For more information on
JNDI, see http://java.sun.com/javase/6/docs/technotes/guides/jndi/index.html.
When the JNDIRealm is configured in NSJSP, the JNDIRealm connects to the
directory server, authenticates the user, and fetches the roles associated with the user
if the authentication is successful. This section discusses these actions in detail.
This section discusses the following topics:
Connecting to the Directory
Selecting the Directory Entry for the User
Authenticating the User in a JNDIRealm Configuration
Assigning Roles to a User
JNDIRealm Attributes