Bug 55559

Summary: UserDatabaseRealm enhacement: may use local JNDI
Product: Tomcat 8 Reporter: Michal Domagala <outsider404>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: P2    
Version: 8.0.x-trunk   
Target Milestone: ----   
Hardware: PC   
OS: Linux   
Attachments: Patch
sample XML file with user definition
sample application

Description Michal Domagala 2013-09-14 22:16:08 UTC 
Created attachment 30841 [details]
Patch

DataSourceRealm may use global or local JNDI registry to look for resources, but UserDatabaseRealm can use only global resources.

Tomcat has implemented authentication users agains XML file, and I wanted to use that feature for my application. The problem is that thr file with users must be registered in global Tomcat configuration file, but I wanted to have the file managed by application, not a server.

Then I modified a class UserDatabaseRealm in similar manner as DataSourceRealm is implemented. I also updated a documentation. Class MBeanUtils is modified to avoid error on shutdown.

Patch is constructed against revision 93bcdde55f62c6598f0dde9de2a575705e6b5abb (origin/trunk)

I could attach application for patch verification, but it seems to me that only one attachement is allowed. However, main idea is allow the following configuration in application META-INF/context.xml file:

<Context>
 
  <Resource name="MyUserDatabase" auth="Container"
    type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"
    factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
    pathname="conf/example-users.xml" />
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="MyUserDatabase" localDataSource="true"/>

</Context>
Comment 1 Michal Domagala 2013-09-14 22:17:47 UTC 
Created attachment 30842 [details]
sample XML file with user definition
Comment 2 Michal Domagala 2013-09-14 22:18:46 UTC 
Created attachment 30843 [details]
sample application
Comment 3 Michal Domagala 2013-09-14 22:21:18 UTC 
Proposed test:
1. Copy the sample XML file to $(TOMCAT)/conf directory and name it example-users.xml
2. Deploy sample application and try to open.

If everything is OK, browser ask you for username and password and only q/qq will be accepted, as defined is sample XML file
Comment 4 Mark Thomas 2020-10-07 19:34:38 UTC 
After all this time, and the various refactorings, the proposed patch needed quite a few changes. I ended up using the DataSourcRealm as a base instead but this is now implemented.

Fixed in:
- master for 10.0.0-M10 onwards
- 9.0.x for 9.0.40 onwards
- 8.5.x for 8.5.60 onwards