NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

361

362

363

364

365

366

367

368

369

370

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-19

Realms

Although the roles table in Example 8-1 is not used in the Realm configuration in

Example 8-2, the roles table could be used to contain the description of each role.

Example 8-1 uses a char(15) field for the user_name column in the users table. If

you configure a web application to use the client-certificate based authentication

method, this column size (15 characters) is not sufficient because the value stored in

the user_name column must be the Subject from the client-certificate.

If the contents of the Subject field exceeds the NonStop SQL maximum allowable

primary key limit of 256 characters, alter the user_name field to the appropriate size

and define a new primary key within the NonStop SQL limits.

UserDatabaseRealm

For testing or limited production use, when the username, password, and roles are

typically loaded from an XML document and any changes or additions need to be

persisted to the XML document, then the UserDatabaseRealm is appropriate. In such

cases, the web application should provide an implementation of the interface

org.apache.catalina.UserDatabase. The methods of this interface also enable

creating and deleting users and roles. The UserDatabaseRealm is a Realm

implementation that complies with the org.apache.catalina.UserDatabase

interface.

The default installation of NSJSP provides an implementation of the

org.apache.catalina.UserDatabase resource that loads the data from

<NSJSP_HOME>/conf/nsjsp-users.xml. The implementation class is

org.apache.catalina.user.MemoryUserDatabase. The UserDatabase is

configured as a global JNDI resource and a JNDI object creating factory class

MemoryUserDatabaseFactory, (that implements the

javax.naming.spi.ObjectFactory interface) which is used to obtain an instance

of MemoryUserDatabase.

Example 8-2. Sample Realm Configuration

<Realm className="org.apache.catalina.realm.JDBCRealm"

driverName="com.tandem.sqlmx.SQLMXDriver"

connectionURL="jdbc:sqlmx:"

userTable="mycatalog.myschema.users"

userNameCol="user_name"

userCredCol="user_pass"

userRoleTable="mycatalog.myschema.userrole"

roleNameCol="role_name"/>

Note. Subject is the name of a field in a client certificate.