NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

371

372

373

374

375

376

377

378

379

380

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-24

Realms

The DataSourceRealm queries the database each time it attempts to authenticate a

user. Therefore, changes made to the database will be immediately reflected in the

information used to authenticate users.

After a user has been authenticated, the user (and the user's associated roles)

information is cached within NSJSP for the duration of a user login session. For form-

based authentication, the cached information lasts till the session times out or is

invalidated; for basic and digest authentication, the cached information lasts till the

user closes the browser. Changes to the database information for an already

authenticated user are not reflected until the next login by the user.

Attributes in the DataSourceRealm

Table 8-6 lists the attributes that can be used in the DataSourceRealm.

By default, NSJSP uses the Apache Commons Database connection pool (DBCP)

library to create data source objects.

Table 8-6. DataSourceRealm Attributes

Attribute Description

dataSourceName Specifies the name of the JNDI JDBC DataSource for this Realm.

digest Specifies the name of the MessageDigest algorithm used to

encode user passwords stored in the database. If not specified,

user passwords are considered to be stored in plain text.

localDataSource When the Realm is nested inside a Context element, this allows

the Realm to use a DataSource defined for the Context rather than

a global DataSource. If this attribute is not specified, the default is

false and the Realm uses a global DataSource. A global

datasource is defined in the GlobalNamingResources element

under the Server element.

roleNameCol Specifies the name of the column, in the user roles table, which

contains a role name assigned to the corresponding user.

userCredCol Specifies the name of the column, in the users table, which

contains the user's credentials (that is, password). If a value for the

digest attribute is specified, this component considers that

passwords have been encoded with the specified algorithm.

Otherwise, they are considered to be in plain text.

userNameCol Specifies the name of the column, in the users and user roles

table that contains the user's username.

userRoleTable Specifies the name of the user roles table, which must contain

columns named by the userNameCol and roleNameCol

attributes.

userTable Specifies the name of the users table, which must contain columns

named by the userNameCol and userCredCol attributes.