NonStop Servlets for JSP System Administrator's Guide
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-001
3-26
JNDIRealm
JDBCRealm operates according to the following rules:
•
When a user attempts to access a protected resource for the first time, the NSJSP
container calls the authenticate() method of this realm. Thus, any changes
you have made to the database directly (such as new users, changed passwords
or roles) are immediately reflected.
•
Once a user has been authenticated, the user (and his or her associated roles) is
cached within NSJSP for the duration of the user's login. For FORM-based
authentication, that means until the session times out or is invalidated; for BASIC
authentication, that means until the user closes the browser. Any changes to the
database information for an already authenticated user will not be reflected until
the next time that user logs on.
•
Administering the information in the users, role, and user role tables is the
responsibility of your own applications. The NSJSP container does not provide any
built-in capabilities to maintain users and roles.
•
Debugging and exception messages logged by this realm are recorded by the
<Logger> that is associated with the surrounding <Context>, <Host>, or
<Engine>. By default, the corresponding <Logger> will create a log file in the
iTPWS_INSTALL_DIR/servlet_jsp/logs directory.
JNDIRealm
JNDIRealm is a user realm implementation of NSJSP that looks up users in a
directory server accessed by a JNDI provider (typically, the standard LDAP provider
that is available with the JNDI API classes). A substantial configuration flexibility
enables you to adapt to the existing schema inside your directory server, as long as it
conforms to the following requirements:
•
Each user that can be authenticated is represented by an individual element in the
top level DirContext, which is accessed via the connectionURL attribute.
•
The user element must have the following characteristics:
°
The distinguished name (dn) attribute of this element contains the username to
be authenticated.
Example 3-22. Using the SQL/MP Database to Specify JDBCRealm Attributes
<Realm className="org.apache.catalina.request.JDBCRealm"
debug="0"
driverName="com.tandem.sqlmp.SQLMPDriver"
connectionURL="jdbc:sqlmp:"
userTable="$data05.john.users”
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="$data05.john.userrole”
roleNameCol="role_name" />