You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by vi...@thomsonreuters.com on 2014/11/26 03:00:28 UTC
How can code in a Realm gain access to a Globally Named Resource
Hello
Web applications gain access to Globally Named JDBC Resources <GlobalNamingResources> by adding a <ResourceLink> to context.xml
Then using code like:
Context initContext = new InitialContext();
dbLookupStr = "java:comp/env/" + dbResourceName;
ds = (DataSource)initContext.lookup(dbLookupStr);
HOW CAN code in a custom Realm gain access to one of those same Globally named database connection pools ?
#######
Extra info included here for background: I have a custom realm that I created by extending JDBCRealm it does its own authentication and uses JDBCRealm's getRoles() to do the authorization. Although it works much of the time, the inherited getRoles method causes problems. I've decided to re-write my realm without extending JDBCRealm, thus I need to write my own JDBC authorization code, hence the above question.
Thanks in advance
Vince
________________________________
This e-mail is for the sole use of the intended recipient and contains information that may be privileged and/or confidential. If you are not an intended recipient, please notify the sender by return e-mail and delete this e-mail and any attachments. Certain required legal entity disclosures can be accessed on our website.<http://thomsonreuters.com/prof_disclosures/>
Re: How can code in a Realm gain access to a Globally Named Resource
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-11-27 0:26 GMT+03:00 <vi...@thomsonreuters.com>:
>
> Initially I had difficulty with getServer() giving me null.
> To fix it I stopped calling this method from within the Realm's constructor,
> instead I get the DataSource the first time it's needed.
Learn about org.apache.catalina.Lifecycle interface that is
implemented by majority of Tomcat components.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: How can code in a Realm gain access to a Globally Named Resource
Posted by vi...@thomsonreuters.com.
Mark
Thank you. I looked at DataSourceRealm.open() took the following lines and put them into my custom Realm:
///////////////
if (localDataSource) {
context = ContextBindings.getClassLoader();
context = (Context) context.lookup("comp/env");
} else {
context = getServer().getGlobalNamingContext();
}
DataSource dataSource = (DataSource)context.lookup(dataSourceName);
////////////////
I have the database resources configured in server.xml's <GlobalNamingResources>
so I configure localDataSource to be False.
This seems to be working OK and the Realm is working OK (so far).
Initially I had difficulty with getServer() giving me null.
To fix it I stopped calling this method from within the Realm's constructor,
instead I get the DataSource the first time it's needed.
Time will tell if this latest incarnation is more reliable that the other versions I've written of this Realm. The first extended JDBCRealm, another extends DataSourceRealm, they both work but not 100% of the time.
> -----Original Message-----
> From: Mark Thomas [mailto:markt@apache.org]
> Sent: 26 November 2014 17:01
> To: Tomcat Users List
> Subject: Re: How can code in a Realm gain access to a Globally Named
> Resource
>
> On 26/11/2014 16:23, Christopher Schultz wrote:
>
> <snip/>
>
> > I'm not sure, but I would guess you can't define a Realm in
> server.xml
> > and use a DataSource defined in context.xml. If the Realm is in
> > server.xml, then you should be able to grab the globally-accessible
> > DataSources by using their existing (global) names.
>
> You guess wrong.
>
> Look at the localDataSource attribute for the DataSourceRealm.
>
> If you (or the OP) then look in the source code for where that
> attribute is used, you'll see how the Realm switches between global and
> local DataSources.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How can code in a Realm gain access to a Globally Named Resource
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 11/26/14 12:01 PM, Mark Thomas wrote:
> On 26/11/2014 16:23, Christopher Schultz wrote:
>
> <snip/>
>
>> I'm not sure, but I would guess you can't define a Realm in
>> server.xml and use a DataSource defined in context.xml. If the
>> Realm is in server.xml, then you should be able to grab the
>> globally-accessible DataSources by using their existing (global)
>> names.
>
> You guess wrong.
I am aware of the localDataSource attribute but (evidently wrongly)
assumed that it was for use when both the data source and realm were
configured for the webapp and not globally (that is, the local Realm
needed to be configured for a local data source, instead of a global one).
> Look at the localDataSource attribute for the DataSourceRealm.
>
> If you (or the OP) then look in the source code for where that
> attribute is used, you'll see how the Realm switches between
> global and local DataSources.
Noted.
I'm still interested in the OP's need for a custom Realm and, if
required, why the DataSourceRealm can't be used as a base to avoid the
need to deal with this stuff at all.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUdhotAAoJEBzwKT+lPKRYiasP/1CQ6nZlJG3Sd50VQV+Cilye
IcFNG7ckLIEqE0wR+KMpw+a68K2foKfgJ7CT2VzLFcWU7N1cotAjQdThKUB/1tZR
NUH5bYiQcPxaAzXTLS9JnupYoqwqJiLt6yQiJWi07KiIfQjSnafS0vuFoc+o1j+G
p5j5N+pAE5U8rznBguIWlpBfaFTH9AHxduZdcbzU+AefC8fGYr73uPfpEw8+qHoz
aV0kwPaEneGuswAcyRjU4DRljG9TOHqd00We4NcgVc/wgixaGkcOr7GtOY/KqEXY
lihq+NIvqmr9MFUvA8f7qj2oHjnwF8ml1tFo6TpzqI/5gbF66MtC/r0svNk/vrya
n9GxW8o6uxk07Tndqw4ygM6FlCZYb4rr6Jmo8kiDCcR65fhEAjrmFW4OX1AxrCkU
eWo3++6iH/5xjf2jPVJ2BPf2y+4qM0Kvc/vOJnNIG1a21x2WJBl/pny4ChslSfbc
vjQF6vIB9cCyGhvlVR7kxGwo2UyLU9vDNCQslDn9/DbqpUDiDltCalTJw7c4nLVI
ty1AtYtQditgiv28UwvBt2ZwfP+kKsd5of18yqIyFfX815wc9ljIEfuM66hjU8s+
DqQDCSDU/B7ICGC5dP/HhLJf4wLW+A75hztFBtSM3Qx8+yW7VuIkxIx3Dhwivo4N
54q7cBdEFQNLLmlrnnpa
=wZWd
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How can code in a Realm gain access to a Globally Named Resource
Posted by Mark Thomas <ma...@apache.org>.
On 26/11/2014 16:23, Christopher Schultz wrote:
<snip/>
> I'm not sure, but I would guess you can't define a Realm in server.xml
> and use a DataSource defined in context.xml. If the Realm is in
> server.xml, then you should be able to grab the globally-accessible
> DataSources by using their existing (global) names.
You guess wrong.
Look at the localDataSource attribute for the DataSourceRealm.
If you (or the OP) then look in the source code for where that attribute
is used, you'll see how the Realm switches between global and local
DataSources.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How can code in a Realm gain access to a Globally Named Resource
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Vince,
On 11/26/14 7:26 AM, vince.webb@thomsonreuters.com wrote:
>> -----Original Message----- From: Christopher Schultz
>> [mailto:chris@christopherschultz.net] Sent: 26 November 2014
>> 04:17 To: Tomcat Users List Subject: Re: How can code in a Realm
>> gain access to a Globally Named Resource
>>
> Vince,
>
> On 11/25/14 9:00 PM, vince.webb@thomsonreuters.com wrote:
>>>> Web applications gain access to Globally Named JDBC
>>>> Resources <GlobalNamingResources> by adding a <ResourceLink>
>>>> to context.xml
>>>>
>>>> Then using code like:
>>>>
>>>> Context initContext = new InitialContext(); dbLookupStr =
>>>> "java:comp/env/" + dbResourceName; ds =
>>>> (DataSource)initContext.lookup(dbLookupStr);
>>>>
>>>> HOW CAN code in a custom Realm gain access to one of those
>>>> same Globally named database connection pools ?
>
> What's wrong with the code above?
>
>> I don't know if there is nothing wrong with the code above, if it
>> can be used in a Realm, then what I'm missing is the Realm
>> equivalent of adding a <ResourceLink> to an application's
>> context.xml As a result I fail to get a DataSource
>
>> I have the Realm defined in the <Engine> section of server.xml
I'm not sure, but I would guess you can't define a Realm in server.xml
and use a DataSource defined in context.xml. If the Realm is in
server.xml, then you should be able to grab the globally-accessible
DataSources by using their existing (global) names.
>>>> Extra info included here for background: I have a custom
>>>> realm that I created by extending JDBCRealm it does its own
>>>> authentication and uses JDBCRealm's getRoles() to do the
>>>> authorization. Although it works much of the time, the
>>>> inherited getRoles method causes problems. I've decided to
>>>> re-write my realm without extending JDBCRealm, thus I need to
>>>> write my own JDBC authorization code, hence the above
>>>> question.
>
> JDBCRealm should probably die, and you probably shouldn't be using
> it.
>
> Why not extend DataSourceRealm instead? You'll get DataSource
> access for free ;)
>
>> I've never looked at DataSourceRealm, perhaps it's time I did. I
>> used JDBCRealm because having used it years ago I understand what
>> it aims to do
DataSourceRealm will use a DataSource you have configured instead of
having the connection information directly-specified in the Realm
configuration. JDBCRealm maintains only a single JDBC connection so if
you have lots of login operations, it will slow down to a crawl. You
are better off in almost all cases using DataSourceRealm.
I'm curious about what you have added in your custom Realm.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUdf6MAAoJEBzwKT+lPKRY5nMQALBY0XlR4bOEiR20bjK0NQd+
sfI8S/vZG7g+/fyGJFcPUIwlDz6Pqv4ZGqF/OalW87O+6Yj/aKVATAqdqXzcaDuH
AmIrJaW7Qk2eTsERC71EA/ZallSFenjhJkRxovsMg6QNbwp8QNWyriSfeU6HOiUv
ishq3eo5q3oByZ+TyOkC9zdIUbf/icFypafj5ptn/+65niKZFUUbHSqw/P04bmw9
KYwkPKfI0UpROCqEaxJ0nlo5/8jaqonxeclfTk8yR452GEb/puSLG1NXAjXR0zkG
HT6DXdk6mJJdB2R8bmVUHXrq0YsroK61Uw78jUyijxkD/RqCdcD48zcXpC0K1uu/
jvDTtBjmWG7TYQgaIQbHGT/udwxoZa1LsVRmQUWhxxlzsMzJ5oEpvV5IWdCjBMa4
7xABF022pLT0AMes7qB3KtSG0djcSiOBq77LgRcctVVrHMS0HPx3VEsNJcilLk45
76Mxu6rfXmp2/WhV+qFPfm9t7vW68E8RkXIwto+fQM2rrwoUhriqQBIZYV7YNlNL
bTNDCN1vE0c3tUhiZtETW/ISkidz5AgSZ/8OTBZ/lWbeJd3RBzpvYqxF6Y0G+rGl
XRdmHLJQq6wvd0D1h5S2Jf7Gxgz/GX/lY0ICnw1wO9ioV9MwV8HXkbZMlt/cnRL2
oKkez8NOhc4lGUezx40u
=t5yq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: How can code in a Realm gain access to a Globally Named Resource
Posted by vi...@thomsonreuters.com.
Chris, thank you for your reply
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: 26 November 2014 04:17
> To: Tomcat Users List
> Subject: Re: How can code in a Realm gain access to a Globally Named
> Resource
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Vince,
>
> On 11/25/14 9:00 PM, vince.webb@thomsonreuters.com wrote:
> > Web applications gain access to Globally Named JDBC Resources
> > <GlobalNamingResources> by adding a <ResourceLink> to context.xml
> >
> > Then using code like:
> >
> > Context initContext = new InitialContext();
> > dbLookupStr = "java:comp/env/" + dbResourceName;
> > ds = (DataSource)initContext.lookup(dbLookupStr);
> >
> > HOW CAN code in a custom Realm gain access to
> > one of those same Globally named database connection pools ?
>
> What's wrong with the code above?
I don't know if there is nothing wrong with the code above,
if it can be used in a Realm,
then what I'm missing is the Realm equivalent of
adding a <ResourceLink> to an application's context.xml
As a result I fail to get a DataSource
I have the Realm defined in the <Engine> section of server.xml
> > Extra info included here for background: I have a custom realm that I
> > created by extending JDBCRealm it does its own authentication and
> > uses JDBCRealm's getRoles() to do the authorization.
> > Although it works much
> > of the time, the inherited getRoles method causes problems. I've
> > decided to re-write my realm without extending JDBCRealm,
> > thus I need
> > to write my own JDBC authorization code, hence the above question.
>
> JDBCRealm should probably die, and you probably shouldn't be using it.
>
> Why not extend DataSourceRealm instead?
> You'll get DataSource access for free ;)
I've never looked at DataSourceRealm, perhaps it's time I did.
I used JDBCRealm because having used it years ago
I understand what it aims to do
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJUdVRIAAoJEBzwKT+lPKRY8z4P/12ZMvXrmT4SJt/BLNhUJEMX
> j1rqGcZdKPH17pacMSfUMLciVvSLOZbsNoV2mgwUw+EfZVCUuL1i2Tk52vH2swa5
> l2pgQI0zJB2nREzP1jZLpnVXi2lB5L+GL2TV3WE7Mr+nG03lSCN3RB/4hUEdRgcU
> ZblJ5Dz62Jx/Vi+9d/qBYi68jSvgXLwQcrx+eFvYeKpTylSghkkn+mzbSgGW4RXL
> lfpMm+q+una4KpCCLZP40BWcGyx57loFakyucLjsuvDjKQmLbX8Ay4WU7R1sXX2O
> J+CZzzBqHOCU8Q9Snmt3xaYcZ+0De5UIYI17ztdKCD703a4evytwSXZ1tEpg3vYE
> lHNGIKcW/q6ABOt0eWxFTj/wjTCYn3rYhcv+mEPV0c6HPkJ9DqFKh0+efSnFsOnW
> CNWF9eH3Y64zmWh7DQ2AF+Aij4mtXof9YYl6Q6oAL4XBw8vMajwSek9dpXZYDKi0
> RkI5GhzWPP1xUx8FDfQfnfjJmHAKMIaK330EwX0RhJH9yoX+1vG5XCPT+/KV7Xfj
> ZCOz90SiPr2KxLAtijL79p98nWIB4w1GSNaN0z0ePrup1J+Kkfh2AqL4i/jmdXK8
> qQJ4TGJczgq6NZZbg+t6SkPA0nRN18f42Aq8yguwE7cYXb66rkfLUpxcqc28kdCO
> irKlHlgNrxDzSH0pwAM8
> =RqZF
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
Re: How can code in a Realm gain access to a Globally Named Resource
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Vince,
On 11/25/14 9:00 PM, vince.webb@thomsonreuters.com wrote:
> Web applications gain access to Globally Named JDBC Resources
> <GlobalNamingResources> by adding a <ResourceLink> to context.xml
>
> Then using code like:
>
> Context initContext = new InitialContext(); dbLookupStr =
> "java:comp/env/" + dbResourceName; ds =
> (DataSource)initContext.lookup(dbLookupStr);
>
> HOW CAN code in a custom Realm gain access to one of those same
> Globally named database connection pools ?
What's wrong with the code above?
> Extra info included here for background: I have a custom realm that
> I created by extending JDBCRealm it does its own authentication
> and uses JDBCRealm's getRoles() to do the authorization. Although
> it works much of the time, the inherited getRoles method causes
> problems. I've decided to re-write my realm without extending
> JDBCRealm, thus I need to write my own JDBC authorization code,
> hence the above question.
JDBCRealm should probably die, and you probably shouldn't be using it.
Why not extend DataSourceRealm instead? You'll get DataSource access
for free ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUdVRIAAoJEBzwKT+lPKRY8z4P/12ZMvXrmT4SJt/BLNhUJEMX
j1rqGcZdKPH17pacMSfUMLciVvSLOZbsNoV2mgwUw+EfZVCUuL1i2Tk52vH2swa5
l2pgQI0zJB2nREzP1jZLpnVXi2lB5L+GL2TV3WE7Mr+nG03lSCN3RB/4hUEdRgcU
ZblJ5Dz62Jx/Vi+9d/qBYi68jSvgXLwQcrx+eFvYeKpTylSghkkn+mzbSgGW4RXL
lfpMm+q+una4KpCCLZP40BWcGyx57loFakyucLjsuvDjKQmLbX8Ay4WU7R1sXX2O
J+CZzzBqHOCU8Q9Snmt3xaYcZ+0De5UIYI17ztdKCD703a4evytwSXZ1tEpg3vYE
lHNGIKcW/q6ABOt0eWxFTj/wjTCYn3rYhcv+mEPV0c6HPkJ9DqFKh0+efSnFsOnW
CNWF9eH3Y64zmWh7DQ2AF+Aij4mtXof9YYl6Q6oAL4XBw8vMajwSek9dpXZYDKi0
RkI5GhzWPP1xUx8FDfQfnfjJmHAKMIaK330EwX0RhJH9yoX+1vG5XCPT+/KV7Xfj
ZCOz90SiPr2KxLAtijL79p98nWIB4w1GSNaN0z0ePrup1J+Kkfh2AqL4i/jmdXK8
qQJ4TGJczgq6NZZbg+t6SkPA0nRN18f42Aq8yguwE7cYXb66rkfLUpxcqc28kdCO
irKlHlgNrxDzSH0pwAM8
=RqZF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org