You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Bruce Phillips <bp...@ku.edu> on 2009/04/01 22:17:22 UTC

Basic Tutorial That Uses A Database

I searched through the posts and through the samples provided with the download for a basic tutorial that shows how to use JSecurity with a web application and a database that is storing the user's information (username, password, roles, permissions, etc).

I didn't find a good tutorial.  The web application samples that come with the download either don't use a database or use Spring and Hibernate, which I think, over complicates learning for someone who won't be using those two technologies and isn't familiar with them.

Do you know of a good tutorial?

If not, do you think it would be useful if I created a series of tutorials that show how to use JSecurity with a web application and a database that stores the user's information?

I've done similar tutorials on my blog (http://www.brucephillips.name/blog) for other technologies.

Bruce
-- 
View this message in context: http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2571323.html
Sent from the JSecurity User mailing list archive at Nabble.com.

Re: Basic Tutorial That Uses A Database

Posted by Les Hazlewood <lh...@apache.org>.
Oops - I just saw this.  Yep, the 2nd link (Ki) is the one we should use.

Thanks,

Les

On Thu, Apr 2, 2009 at 3:42 PM, Erik Beeson <er...@gmail.com> wrote:

> Found it: http://cwiki.apache.org/confluence/display/JSEC/Index
> Or maybe: http://cwiki.apache.org/confluence/display/KI/Index
>
> --Erik
>
>
> On Thu, Apr 2, 2009 at 12:08 PM, Erik Beeson <er...@gmail.com>wrote:
>
>> Where's the JSecurity Confluence?
>> --Erik
>>
>>
>> On Thu, Apr 2, 2009 at 5:23 AM, Les Hazlewood <lh...@apache.org>wrote:
>>
>>> Hi Bruce,
>>>
>>> We don't have proper tutorials yet - the sample apps are as close to
>>> tutorials as we have.
>>>
>>> However, the samples have changed a bit, and we do have a Spring-based
>>> example (without Hibernate) that does use a typical JDBC data source.  We
>>> just used Spring there to simplify our own JDBC code (not wanting to deal
>>> with transaction boundaries and catching JDBC Exceptions).
>>>
>>> But even then, that's no substitute for a proper tutorial, and probably
>>> with a simpler 'stack' as you suggest. If you would be willing to write
>>> something in that regard, I'm sure we'd all be forever grateful :)  But I
>>> have to ask - would you consider writing them on the Apache Confluence Wiki
>>> for starters?  Of course we'd be happy wherever they resided, but it'd be
>>> nice if this was part of Ki's documentation so users could find it easily.
>>>
>>> In any event, and no matter where they reside, we'd love some help in
>>> this area, so if you can spare the time, please feel free!
>>>
>>> Best,
>>>
>>> Les
>>>
>>>
>>> On Wed, Apr 1, 2009 at 4:17 PM, Bruce Phillips <bp...@ku.edu> wrote:
>>>
>>>>
>>>> I searched through the posts and through the samples provided with the
>>>> download for a basic tutorial that shows how to use JSecurity with a web
>>>> application and a database that is storing the user's information (username,
>>>> password, roles, permissions, etc).
>>>>
>>>> I didn't find a good tutorial.  The web application samples that come
>>>> with the download either don't use a database or use Spring and Hibernate,
>>>> which I think, over complicates learning for someone who won't be using
>>>> those two technologies and isn't familiar with them.
>>>>
>>>> Do you know of a good tutorial?
>>>>
>>>> If not, do you think it would be useful if I created a series of
>>>> tutorials that show how to use JSecurity with a web application and a
>>>> database that stores the user's information?
>>>>
>>>> I've done similar tutorials on my blog (
>>>> http://www.brucephillips.name/blog) for other technologies.
>>>>
>>>> Bruce
>>>> --
>>>> View this message in context:
>>>> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2571323.html
>>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>
>

Re: Basic Tutorial That Uses A Database

Posted by Erik Beeson <er...@gmail.com>.
Found it: http://cwiki.apache.org/confluence/display/JSEC/Index
Or maybe: http://cwiki.apache.org/confluence/display/KI/Index

--Erik


On Thu, Apr 2, 2009 at 12:08 PM, Erik Beeson <er...@gmail.com> wrote:

> Where's the JSecurity Confluence?
> --Erik
>
>
> On Thu, Apr 2, 2009 at 5:23 AM, Les Hazlewood <lh...@apache.org>wrote:
>
>> Hi Bruce,
>>
>> We don't have proper tutorials yet - the sample apps are as close to
>> tutorials as we have.
>>
>> However, the samples have changed a bit, and we do have a Spring-based
>> example (without Hibernate) that does use a typical JDBC data source.  We
>> just used Spring there to simplify our own JDBC code (not wanting to deal
>> with transaction boundaries and catching JDBC Exceptions).
>>
>> But even then, that's no substitute for a proper tutorial, and probably
>> with a simpler 'stack' as you suggest. If you would be willing to write
>> something in that regard, I'm sure we'd all be forever grateful :)  But I
>> have to ask - would you consider writing them on the Apache Confluence Wiki
>> for starters?  Of course we'd be happy wherever they resided, but it'd be
>> nice if this was part of Ki's documentation so users could find it easily.
>>
>> In any event, and no matter where they reside, we'd love some help in this
>> area, so if you can spare the time, please feel free!
>>
>> Best,
>>
>> Les
>>
>>
>> On Wed, Apr 1, 2009 at 4:17 PM, Bruce Phillips <bp...@ku.edu> wrote:
>>
>>>
>>> I searched through the posts and through the samples provided with the
>>> download for a basic tutorial that shows how to use JSecurity with a web
>>> application and a database that is storing the user's information (username,
>>> password, roles, permissions, etc).
>>>
>>> I didn't find a good tutorial.  The web application samples that come
>>> with the download either don't use a database or use Spring and Hibernate,
>>> which I think, over complicates learning for someone who won't be using
>>> those two technologies and isn't familiar with them.
>>>
>>> Do you know of a good tutorial?
>>>
>>> If not, do you think it would be useful if I created a series of
>>> tutorials that show how to use JSecurity with a web application and a
>>> database that stores the user's information?
>>>
>>> I've done similar tutorials on my blog (
>>> http://www.brucephillips.name/blog) for other technologies.
>>>
>>> Bruce
>>> --
>>> View this message in context:
>>> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2571323.html
>>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>>
>>>
>>
>

Re: Basic Tutorial That Uses A Database

Posted by Erik Beeson <er...@gmail.com>.
Where's the JSecurity Confluence?
--Erik


On Thu, Apr 2, 2009 at 5:23 AM, Les Hazlewood <lh...@apache.org> wrote:

> Hi Bruce,
>
> We don't have proper tutorials yet - the sample apps are as close to
> tutorials as we have.
>
> However, the samples have changed a bit, and we do have a Spring-based
> example (without Hibernate) that does use a typical JDBC data source.  We
> just used Spring there to simplify our own JDBC code (not wanting to deal
> with transaction boundaries and catching JDBC Exceptions).
>
> But even then, that's no substitute for a proper tutorial, and probably
> with a simpler 'stack' as you suggest. If you would be willing to write
> something in that regard, I'm sure we'd all be forever grateful :)  But I
> have to ask - would you consider writing them on the Apache Confluence Wiki
> for starters?  Of course we'd be happy wherever they resided, but it'd be
> nice if this was part of Ki's documentation so users could find it easily.
>
> In any event, and no matter where they reside, we'd love some help in this
> area, so if you can spare the time, please feel free!
>
> Best,
>
> Les
>
>
> On Wed, Apr 1, 2009 at 4:17 PM, Bruce Phillips <bp...@ku.edu> wrote:
>
>>
>> I searched through the posts and through the samples provided with the
>> download for a basic tutorial that shows how to use JSecurity with a web
>> application and a database that is storing the user's information (username,
>> password, roles, permissions, etc).
>>
>> I didn't find a good tutorial.  The web application samples that come with
>> the download either don't use a database or use Spring and Hibernate, which
>> I think, over complicates learning for someone who won't be using those two
>> technologies and isn't familiar with them.
>>
>> Do you know of a good tutorial?
>>
>> If not, do you think it would be useful if I created a series of tutorials
>> that show how to use JSecurity with a web application and a database that
>> stores the user's information?
>>
>> I've done similar tutorials on my blog (
>> http://www.brucephillips.name/blog) for other technologies.
>>
>> Bruce
>> --
>> View this message in context:
>> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2571323.html
>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>
>>
>

Re: Basic Tutorial That Uses A Database

Posted by Les Hazlewood <lh...@apache.org>.
Hi Bruce,

Thanks very much - I've added an Articles page here:
http://cwiki.apache.org/KI/articles.html

And I'm glad you're enjoying the framework - that's my favorite part of open
source: helping other people :)

Cheers,

Les

On Sun, Apr 5, 2009 at 4:31 PM, Bruce Phillips <bp...@ku.edu> wrote:

>
> Les:
>
>   Thanks for the quick feedback.  I'll make that change right away.
>
>   You most certainly can link to the article.
>
>   I just posted the next part on implementing role security ( see:
> http://tinyurl.com/cjxtyk ).  Now that I've gotten the hang of how to use
> Ki, I really enjoy developing with it.
>
>   I should get part 4, using Ki custom tags finished today also.
>
>
>
> Bruce
>
>
> Very cool!  Thanks for the effort.  I only have one comment - you list in
> the article that 0.9.0-RC2 was the latest release.  Actually it was 0.9.0
> final.  That was the final non-Apache release we made prior to switching
> over the org.apache.ki packages.
>
> Would you mind if I linked to your article from Ki's wiki?
>
> Best,
>
> Les
>
>
> --
> View this message in context:
> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2589970.html
> Sent from the JSecurity User mailing list archive at Nabble.com.
>
>

Re: Basic Tutorial That Uses A Database

Posted by Bruce Phillips <bp...@ku.edu>.
Les:

   Thanks for the quick feedback.  I'll make that change right away.  

   You most certainly can link to the article.  

   I just posted the next part on implementing role security ( see: http://tinyurl.com/cjxtyk ).  Now that I've gotten the hang of how to use Ki, I really enjoy developing with it.

   I should get part 4, using Ki custom tags finished today also.

 

Bruce 


Very cool!  Thanks for the effort.  I only have one comment - you list in
the article that 0.9.0-RC2 was the latest release.  Actually it was 0.9.0
final.  That was the final non-Apache release we made prior to switching
over the org.apache.ki packages.

Would you mind if I linked to your article from Ki's wiki?

Best,

Les


-- 
View this message in context: http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2589970.html
Sent from the JSecurity User mailing list archive at Nabble.com.

Re: Basic Tutorial That Uses A Database

Posted by Les Hazlewood <lh...@apache.org>.
Very cool!  Thanks for the effort.  I only have one comment - you list in
the article that 0.9.0-RC2 was the latest release.  Actually it was 0.9.0
final.  That was the final non-Apache release we made prior to switching
over the org.apache.ki packages.

Would you mind if I linked to your article from Ki's wiki?

Best,

Les

On Sun, Apr 5, 2009 at 2:06 PM, Bruce Phillips <bp...@ku.edu> wrote:

>
> Les:
>
>   I've posted on my blog the first two parts of my tutorial on how to use
> Ki to add security to a web application.
>
>   The link to the blog post is: http://tinyurl.com/d5prwb
>
>   I decided to use Maven to manage the dependencies and also to enable
> users to run the applications in Jetty in case they didn't have Eclipse and
> Tomcat.  It was just getting too involved to explain to users all the
> dependent jars they would need on their class path to build and run the
> examples.
>
>   If you see anything I've gotten wrong in the blog posts or code examples
> please let me know and I'll correct it.
>
>   If you do want me to create a different basic web application for
> inclusion in the Ki samples let me know.  You're free to use the code
> provided in the blog posts in your samples and/or wiki if you'd like to.
>
>   I'll be adding to these posts with additional tutorials on some of Ki's
> features.  I'll also update all my references once you've got the new Ki
> website up with everything.
>
>   Thanks for your help earlier and I hope my blog articles will be useful
> to people new to Ki.  I'll be using them internally to train some developers
> who are working on a new project with me.
>
>
>
>
> --
> View this message in context:
> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2589417.html
> Sent from the JSecurity User mailing list archive at Nabble.com.
>
>

Re: Basic Tutorial That Uses A Database

Posted by Bruce Phillips <bp...@ku.edu>.
Les:

   I've posted on my blog the first two parts of my tutorial on how to use Ki to add security to a web application.  

   The link to the blog post is: http://tinyurl.com/d5prwb 

   I decided to use Maven to manage the dependencies and also to enable users to run the applications in Jetty in case they didn't have Eclipse and Tomcat.  It was just getting too involved to explain to users all the dependent jars they would need on their class path to build and run the examples.

   If you see anything I've gotten wrong in the blog posts or code examples please let me know and I'll correct it.

   If you do want me to create a different basic web application for inclusion in the Ki samples let me know.  You're free to use the code provided in the blog posts in your samples and/or wiki if you'd like to.

   I'll be adding to these posts with additional tutorials on some of Ki's features.  I'll also update all my references once you've got the new Ki website up with everything.

   Thanks for your help earlier and I hope my blog articles will be useful to people new to Ki.  I'll be using them internally to train some developers who are working on a new project with me.

   
  

-- 
View this message in context: http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2589417.html
Sent from the JSecurity User mailing list archive at Nabble.com.

Re: Basic Tutorial That Uses A Database

Posted by Bruce Phillips <bp...@ku.edu>.
Les:

   Reference your concern.  I agree that users need a basic web application to see how JSecurity works.  That's what I thought I was creating, but perhaps we don't mean the same thing for "basic web application."

   I think the only thing that is not "basic" about my second example code set (http://www.brucephillips.name/jsecurity_examples/somesecurity.zip) is that it uses the JdbcRealm and an Apache Derby database (which users can just download and use for the example).  Since I think most users new to JSecurity would want to see how to configure JSecurity to use a database (and also this is how we are using it in our projects at work), that's where I started.

   I'd be happy to create another "basic" web application example that you could use if you want to and I could include in my series of tutorials.  Just let me know what you'd like in the basic example.

   Of course, whatever code examples and tutorials I create you'd be free to use or not use.  But I do hope you'll help me ensure I'm not showing incorrect usage in my examples and tutorial writings.  But I'm solely responsible for any errors in writing or code that I publish in my blog.  I'm also trying to help other developers learn how to use JSecurity (and learn more about myself) so I've committed to writing a series of tutorials with code examples.  


Bruce
  

   

-- 
View this message in context: http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2583206.html
Sent from the JSecurity User mailing list archive at Nabble.com.

Re: Basic Tutorial That Uses A Database

Posted by Les Hazlewood <lh...@apache.org>.
Hi Bruce,

I've done a bit of thinking and your project concept is definitely sound,
but I was thinking the Ki project should have at least a 'basic web' sample
application in the Ki subversion repository.  I would want end-users to be
able to run this after checking-out the project or downloading it.  I was
thinking of dedicating some time to this this weekend.

However, I don't want to take anything away from your blog articles, so
perhaps we should think of this as two separate efforts?  Because Ki uses
Maven to build, it would probably use that.  But the basic webapp I'm
thinking of would definitely need to be short and simple - no MVC
frameworks, and just use the simplest config possible.

Is this something you might want to contribute to our codebase?  If not,
that is totally cool, and we can just have two sample apps - it wouldn't
hurt, that's for sure, and your blog articles would still be valuable as an
unbiased perspective.

I just don't want to 'step on your toes' so to speak - but I do feel that,
out of due diligence to our user base, that it should be a responsibility of
the project to have at least that kind of sample app in addition to say, a
Spring/Hibernate app and a JEE/EJB3 app as well.  Maybe even a Guice one
too.

What do you think?

Best,

Les

On Thu, Apr 2, 2009 at 3:03 PM, Bruce Phillips <bp...@ku.edu> wrote:

>
> OK - I've started the code examples for the tutorial.
>
> My plan is to have a multi-part tutorial to show how to use JSecurity (or
> should I be calling it Ki?) in web application that uses a database for
> storing usernames and passwords.
>
> I've got the first two code examples done and if you could look them over
> that would be helpful.
>
> 1.  Database used is Apache Derby (it's an easy download and the user would
> just need to unzip it to a folder named c:/derby.
>    a.  The database just has one table - users with three columns (userid,
> username, and password).  For the first few examples, the passwords will be
> stored in the database in plain text to take advantage of JSecurity's
> default credential matcher.
>    b.  You can download the Derby database here -
> http://www.brucephillips.name/jsecurity_examples/securityDB.zip.  If you
> don't have the Derby jar files you can get them here:
> http://db.apache.org/derby/derby_downloads.html.
>    c.  I've previously written about using Derby in a Java web application
> on my blog so I can refer people to those blog articles if they are new to
> using Derby.  To use this Derby database with the example web application
> you just need to download the Derby database and unzip it to c:/derby.
>  You'll need the derby.jar and derbyclient.jar on your web application's
> class path.
>
> 2.  First example (see the Eclipse archived dynamic web project at
> http://www.brucephillips.name/jsecurity_examples/nosecurity.zip) has no
> security and doesn't use JSecurity.  This example is just to ensure the user
> can run the basic web application and connect to the Derby database.  The
> example runs under Tomcat 6.  The data source is setup in context.xml and
> uses connection pooling.
>
> 3.  The second example (see the Eclipse archived dynamic web project at
> http://www.brucephillips.name/jsecurity_examples/somesecurity.zip) just
> has basic user authentication using JSecurity.  There are no roles or
> permissions (those along with the JSecurity custom tags would be explored in
> future tutorials).  This is the project I really need you to review to see
> if I've made some mistakes in the setup.
>
> Once you're OK with the code examples I've done so far, I plan to add a lot
> of comments into the code and then write up the tutorial to walk someone
> through setting up these examples from scratch.  I want to keep the examples
> are clean as possible so I won't be using Maven, Spring, Struts, or Ivy,
> etc.
>
> After getting these first two code examples and the initial tutorial up
> I'll start the next tutorial on probably setting up roles and securing
> certain areas by role.
>
> Please let me know what changes I need to make to the code examples and
> anything else that would be helpful.
>
>
> Bruce
>
>
>
> --
> View this message in context:
> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2577015.html
> Sent from the JSecurity User mailing list archive at Nabble.com.
>
>

Re: Basic Tutorial That Uses A Database

Posted by Bruce Phillips <bp...@ku.edu>.
OK - I've started the code examples for the tutorial.

My plan is to have a multi-part tutorial to show how to use JSecurity (or should I be calling it Ki?) in web application that uses a database for storing usernames and passwords.  

I've got the first two code examples done and if you could look them over that would be helpful.

1.  Database used is Apache Derby (it's an easy download and the user would just need to unzip it to a folder named c:/derby.  
    a.  The database just has one table - users with three columns (userid, username, and password).  For the first few examples, the passwords will be stored in the database in plain text to take advantage of JSecurity's default credential matcher.  
    b.  You can download the Derby database here - http://www.brucephillips.name/jsecurity_examples/securityDB.zip.  If you don't have the Derby jar files you can get them here:  http://db.apache.org/derby/derby_downloads.html.  
    c.  I've previously written about using Derby in a Java web application on my blog so I can refer people to those blog articles if they are new to using Derby.  To use this Derby database with the example web application you just need to download the Derby database and unzip it to c:/derby.  You'll need the derby.jar and derbyclient.jar on your web application's class path.

2.  First example (see the Eclipse archived dynamic web project at http://www.brucephillips.name/jsecurity_examples/nosecurity.zip) has no security and doesn't use JSecurity.  This example is just to ensure the user can run the basic web application and connect to the Derby database.  The example runs under Tomcat 6.  The data source is setup in context.xml and uses connection pooling.

3.  The second example (see the Eclipse archived dynamic web project at http://www.brucephillips.name/jsecurity_examples/somesecurity.zip) just has basic user authentication using JSecurity.  There are no roles or permissions (those along with the JSecurity custom tags would be explored in future tutorials).  This is the project I really need you to review to see if I've made some mistakes in the setup.

Once you're OK with the code examples I've done so far, I plan to add a lot of comments into the code and then write up the tutorial to walk someone through setting up these examples from scratch.  I want to keep the examples are clean as possible so I won't be using Maven, Spring, Struts, or Ivy, etc.

After getting these first two code examples and the initial tutorial up I'll start the next tutorial on probably setting up roles and securing certain areas by role.

Please let me know what changes I need to make to the code examples and anything else that would be helpful.


Bruce
 
   

-- 
View this message in context: http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2577015.html
Sent from the JSecurity User mailing list archive at Nabble.com.

Re: Basic Tutorial That Uses A Database

Posted by Les Hazlewood <lh...@apache.org>.
Hi Bruce,

We don't have proper tutorials yet - the sample apps are as close to
tutorials as we have.

However, the samples have changed a bit, and we do have a Spring-based
example (without Hibernate) that does use a typical JDBC data source.  We
just used Spring there to simplify our own JDBC code (not wanting to deal
with transaction boundaries and catching JDBC Exceptions).

But even then, that's no substitute for a proper tutorial, and probably with
a simpler 'stack' as you suggest. If you would be willing to write something
in that regard, I'm sure we'd all be forever grateful :)  But I have to ask
- would you consider writing them on the Apache Confluence Wiki for
starters?  Of course we'd be happy wherever they resided, but it'd be nice
if this was part of Ki's documentation so users could find it easily.

In any event, and no matter where they reside, we'd love some help in this
area, so if you can spare the time, please feel free!

Best,

Les

On Wed, Apr 1, 2009 at 4:17 PM, Bruce Phillips <bp...@ku.edu> wrote:

>
> I searched through the posts and through the samples provided with the
> download for a basic tutorial that shows how to use JSecurity with a web
> application and a database that is storing the user's information (username,
> password, roles, permissions, etc).
>
> I didn't find a good tutorial.  The web application samples that come with
> the download either don't use a database or use Spring and Hibernate, which
> I think, over complicates learning for someone who won't be using those two
> technologies and isn't familiar with them.
>
> Do you know of a good tutorial?
>
> If not, do you think it would be useful if I created a series of tutorials
> that show how to use JSecurity with a web application and a database that
> stores the user's information?
>
> I've done similar tutorials on my blog (http://www.brucephillips.name/blog)
> for other technologies.
>
> Bruce
> --
> View this message in context:
> http://n2.nabble.com/Basic-Tutorial-That-Uses-A-Database-tp2571323p2571323.html
> Sent from the JSecurity User mailing list archive at Nabble.com.
>
>