NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

371

372

373

374

375

376

377

378

379

380

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-26

Realms

The CombinedRealm provides the ability to combine multiple Realms of the same or

different types. The CombinedRealm can be used to authenticate against different

sources, provide fallback in case one Realm fails or for any other purpose that requires

multiple Realms.

Sub-Realms are defined by nesting Realm elements inside the Realm element that

defines the CombinedRealm. Authentication will be attempted against each Realm in

the order they are listed. Successful authentication against any Realm is sufficient to

authenticate the user.

Example 8-6 shows how to configure a UserDatabaseRealm and a DataSourceRealm

within a CombinedRealm.

NSJSPLockOutRealm

The NSJSPLockOutRealm is used to provide the option of locking out a user if there

are many failed authentication attempts in a given period of time. This Realm is

implemented by the

com.tandem.servlet.catalina.realm.NSJSPLockOutRealm class.

To ensure correct functioning, there is a reasonable degree of synchronization built into

the Realm, across the server class instances. This means that each server class

instance is aware of the total number of failed authentication attempts for a user, even

though the authentication attempts might have occurred in different server class

instances. This Realm uses a disk file to record authorization attempts across server

class instances, and the user records on failed authentication attempts are persisted to

a disk file and are available across server class restarts.

The NSJSPLockOutRealm does not require modification to the underlying Realms or

the associated user storage mechanisms. It achieves this by recording all failed login

attempts, including those for users that are not defined. Storing failed login attempts of

Example 8-6. Configuring a UserDatabaseRealm and DataSourceRealm Within a

CombinedRealm

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"

resourceName="UserDatabase"/>

<Realm className="org.apache.catalina.realm.DataSourceRealm"

dataSourceName="jdbc/authority"

userTable="users"

userNameCol="user_name"

userCredCol="user_pass"

userRoleTable="user_roles"

roleNameCol="role_name"/>