All Examples  All Security Examples

package examples.security.rdbmsrealm

CacheResult

CacheableRealm

about this package

This package contains a database-based realm. There are two realm implementations in this package: the RdbmsRealm itself with its UserInfo implementation, and a CachingRealm, on which the RdbmsRealm relies. The CachingRealm provides a suitable structure for a realm that depends on users and passwords, groups, ACLs, and permissions that are stored in a database. It retrieves the information from the database that will drive the RdbmsRealm and caches it for use by the RdbmsRealm to reduce hits on the database. The design of the RdbmsRealm is based on the premise that no changes will be made to realm entities from the realm itself, but rather will be made by updates to the database through some other interface; consequently, the RdbmsRealm is a ListableRealm.

The CachingRealm implements an interface also contained in this package, a CacheableRealm, which adds one important piece of functionality to the realm, a method that allows you to set the cache with a Realm object.

Another class in this package, LRUTable, provides an expedient way to manage a large number of realm entities in memory. An LRU (least recently used) table stores values by key much like a Hashtable, but only a configurable number of the most recently used entries are retained. An LRU table is a more efficient lookup mechanism than a simple Hashtable.

Also included in this package is a DDL file, weblogic.realm_ddl, for creating and populating the tables required by the RdbmsRealm. That structure is, simply:

Table name	Columns
aclentries	A_NAME ACL name
	A_PRINCIPAL User associated with the ACL name and permission
	A_PERMISSION ACL permission
groupmembers	GM_GROUP Group name
groupmembers	GM_MEMBER User with membership in the group
users	U_NAME Username
users	U_PASSWORD Password

Database-related details are externalized in a Java class resource properties file, weblogic.realm_properties. The RdbmsRealm is set up by default to depend upon an Oracle database. Entries for other DBMSs are commented out in the properties file. To set up the realm for use with another database, you should edit the connection-related information, and make adjustments to the syntax of the JDBC PreparedStatements that retrieve information from the database according to your environment. Other caching-related configuration details are also editable in this file.

To use the RdbmsRealm example, you first edit configuration files to set up your database environment, then compile and install the RdbmsRealm class and properties files. You then run the RdbmsRealm example once to create database tables and insert rows in them, and then again to execute a unit test to ensure that the realm and database environment are working.

After you have tested the realm, you can add a weblogic.security.realmClass property to the weblogic.properties file. The DefaultRealmExtender class, as distributed, depends on RdbmsRealm and CacheableRealm to implement its methods. The DefaultRealmExtender, CacheableRealm, and RdbmsRealm classes extend the default WebLogic realm so that all users, groups, and ACLs are retrieved from the database. However, the DefaultRealmExtender provides the "system" and "guest" users, and the "everyone" group. You can reference them in ACLs you insert into the database, but you do not add them as users or groups in the database.

how to run this example

Building and testing the RdbmsRealm example

Extending the default WebLogic realm with RdbmsRealm

Building and testing the RdbmsRealm example

Set up your development environment as described in Setting your development environment.
Edit the weblogic.realm_ddl file to set up the appropriate tables in your database environment and populate them. The example application executes these SQL statements the first time you run it.
Edit the weblogic.realm_properties file in this directory to accommodate your database environment.
Compile the Java files in this directory into your %SERVER_CLASSES% directory. You can use the build.cmd file for Windows NT, or the build.sh script for UNIX, to compile the Java files and copy all of the needed files to the %SERVER_CLASSES%/examples/security/rdbmsrealm directory.
Note: If you are using Microsoft SDK for Java, supply the optional parameter -ms on the build command line.
To compile without a build script, use a command like this:
```
  $ cd \weblogic\examples\security\rdbmsrealm
  $ javac -d %SERVER_CLASSES% *.java
```
If you didn't run the build script, copy the weblogic.realm_properties and weblogic.realm_ddl files to the %SERVER_CLASSES%\examples\security\rdbmsrealm directory.
The first time you run the RdbmsRealm example, add the fromScratch.weblogic argument to create and populate the database tables you set up in the weblogic.realm_ddl file. Here's an example:
```
 $ java examples.security.rdbmsrealm.RdbmsRealm fromScratch.weblogic
```
The first SQL statements in the DDL file drop the RdbmsRealm tables; the first time you run the example, these DROP statements will display database server error messages, which you can ignore.
Run the unit test by executing the RdbmsRealm class with no arguments in your development shell, as shown here:
```
 $ java examples.security.rdbmsrealm.RdbmsRealm
```
The unit test uses the RdbmsRealm methods to list the users, groups, and ACLs in the database.

Extending the WebLogic realm with RdbmsRealm

To extend the default WebLogic realm with RdbmsRealm, you build the DefaultRealmExtender class and register it as the WebLogic security class in the weblogic.properties file. The DefaultRealmExtender class, as distributed, uses the CachingRealm and RdbmsRealm to substitute the database as WebLogic's source for users, groups, permissions, and ACLs. The DefaultRealmExtender class also implements some standard security features that WebLogic requires, such as the "system" and "guest" users and the "everyone" group. See DefaultRealmExtender for a complete description.

Edit RdbmsRealm.java and change the static boolean unitTest variable to false.
Edit weblogic.realm_ddl, and uncomment the insert statements at the end that insert ACLs for the "everyone" group. Your RdbmsRealm database must supply these required ACLs, because WebLogic will no longer look for them in the weblogic.properties file.
Recompile the RdbmsRealm example. You can use the build scripts described in the previous section.
Recreate your security database by executing the RdbmsRealm examples with the "fromScratch.weblogic" argument.
```
 $ java examples.security.rdbmsrealm.RdbmsRealm fromScratch.weblogic
```
This step is important because the ACLs you uncommented in the weblogic.realm_ddl file are required for WebLogic to properly initialize the new realm.

Compile and install the DefaultRealmExtender class:

 $ cd /weblogic/examples/security/defaultrealm
 $ javac -d %SERVER_CLASSES% *.java

Add the weblogic.security.realmClass property to your weblogic.properties file:

 weblogic.security.realmClass=examples.security.defaultrealm.DefaultRealmExtender

Start the WebLogic Server. Note that the JDBC driver must be in the java.system.classpath to allow RdbmsRealm to initialize.

To see that the RdbmsRealm is working, you can use the WebLogic Console or the T3AdminRealm servlet. Access the T3AdminRealm servlet from a browser with a URL like this:

http://WebLogicHost:WebLogicPort/T3AdminRealm

where WebLogicHost is the name of the computer running WebLogic and WebLogicPort is the port WebLogic is listening on, usually 7001. The servlet displays all of the users, groups, and ACLs known in the realm. Note that the servlet displays the "system" and "guest" users, the "everyone" group, and a few ACLs, all of which are supplied by the DefaultRealmExtender class.

As another test, try loading the helloWorld servlet in your browser. The ACL for this servlet gives "execute" permission to the "engineering" group, whose members are "anno" and "bob". You should only be allowed to load the servlet when you log in as one of these users.

there's more . . .

For more information about realms, read the Developers Guide, Using WebLogic ACLs.