NonStop Servlets for JavaServer Pages (5.0) System Administrator's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

100

Configuring NSJSP

NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-002

3-35

JNDIRealm

JDBCRealm operates according to the following rules:

•

When a user attempts to access a protected resource for the first time, the NSJSP

container calls the authenticate() method of this realm. Thus, any changes

you have made to the database directly (such as adding new users or changing

passwords or roles) are immediately reflected.

•

Once a user has been authenticated, the user (and user’s associated roles) is

cached within NSJSP for the duration of the user's login. For FORM-based

authentication, the duration last until the session times out or is invalidated; for

BASIC and DIGEST authentication, the duration lasts until the user closes the

browser. Any changes to the database information for an already authenticated

user are not reflected until the next time that user logs on.

•

Administering the information in the users, role, and user role tables is the

responsibility of your applications. The NSJSP container does not provide any

built-in capabilities to maintain users and roles.

•

Debugging and exception messages logged by this realm are recorded by the

<Logger> that is associated with the surrounding <Context>, <Host>, or

<Engine>. By default, the corresponding <Logger> creates a log file in the

$NSJSP_HOME/logs directory.

JNDIRealm

JNDIRealm is a user realm implementation of NSJSP that looks up users in a

directory server accessed by a JNDI provider (typically, the standard LDAP provider

that is available with the JNDI API classes). The substantial configuration flexibility

enables you to adapt to the existing schema inside your directory server, as long as it

conforms to the following requirements:

•

Each user that can be authenticated is represented by an individual element in the

top level DirContext, which is accessed through the connectionURL attribute.

•

The user element must have the following characteristics:

The distinguished name (dn) attribute of this element contains the user name

to be authenticated.

Example 3-24. Using the SQL/MP Database to Specify JDBCRealm Attributes

<Realm className="org.apache.catalina.realm.JDBCRealm"

debug="0"

driverName="com.tandem.sqlmp.SQLMPDriver"

connectionURL="jdbc:sqlmp:"

userTable="$$data05.john.users”

userNameCol="user_name"

userCredCol="user_pass"

userRoleTable="$$data05.john.userrole”

roleNameCol="role_name" />