- JDBC
- Datasource
- JNDI
- File (JBoss calls this MemoryRealm)
- JAAS
We'll be only discussing File realm for this blogpost. When you use File realm, the information is stored in a plain text file.
1. Create a realm
The first step is to create a realm by editing server.xml in your deployment directory of your server. For this example, we'll use the default server configuration in the directory: <JBOSS_DIR>/server/default/deploy/jbossweb.sar. Decide if the realm is shared by applications. You can share it at three different levels:
- Shared across all applications on all virtual hosts (<Engine>)
- Shared across all applications on a particular host (<Host>)
- Not shared, only used by one application (<Context>)
Create and place the <realm>-element nested in one of the elements mentioned above. Example: if you want the realm to be shared for all applictions on a host, you nest the <realm>-element in <host>.
<realm
className="org.apache.catalina.realm.MemoryRealm"
digest="" pathname="conf/users.xml" />
It is recommended to specify a digest to store the passwords encrypted, otherwise the passwords will be stored in clear text. If the attribute pathname is not specified, the default file conf/tomcat-users.xml is used.
2. Create file with users
Create the file specified in the realm configuration, and add users to the file in the following format:
<tomcat-users>
<user name="john"
password="secret"
roles="user" />
<user name="peter"
password="secret"
roles="admin" />
<user name="carol"
password="secret"
roles="role,role2" />
</tomcat-users>
3. Restart JBoss
The realm becomes active when JBoss is restarted.
No comments:
Post a Comment