Bug 55559 - UserDatabaseRealm enhacement: may use local JNDI
Summary: UserDatabaseRealm enhacement: may use local JNDI
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.0.x-trunk
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2013-09-14 22:16 UTC by Michal Domagala
Modified: 2020-10-07 19:34 UTC (History)
0 users

Patch (7.35 KB, patch)
2013-09-14 22:16 UTC, Michal Domagala
Details | Diff
sample XML file with user definition (147 bytes, text/xml)
2013-09-14 22:17 UTC, Michal Domagala
sample application (2.80 KB, application/octet-stream)
2013-09-14 22:18 UTC, Michal Domagala

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Domagala 2013-09-14 22:16:08 UTC
Created attachment 30841 [details]

DataSourceRealm may use global or local JNDI registry to look for resources, but UserDatabaseRealm can use only global resources.

Tomcat has implemented authentication users agains XML file, and I wanted to use that feature for my application. The problem is that thr file with users must be registered in global Tomcat configuration file, but I wanted to have the file managed by application, not a server.

Then I modified a class UserDatabaseRealm in similar manner as DataSourceRealm is implemented. I also updated a documentation. Class MBeanUtils is modified to avoid error on shutdown.

Patch is constructed against revision 93bcdde55f62c6598f0dde9de2a575705e6b5abb (origin/trunk)

I could attach application for patch verification, but it seems to me that only one attachement is allowed. However, main idea is allow the following configuration in application META-INF/context.xml file:

  <Resource name="MyUserDatabase" auth="Container"
    type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"
    pathname="conf/example-users.xml" />
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="MyUserDatabase" localDataSource="true"/>

Comment 1 Michal Domagala 2013-09-14 22:17:47 UTC
Created attachment 30842 [details]
sample XML file with user definition
Comment 2 Michal Domagala 2013-09-14 22:18:46 UTC
Created attachment 30843 [details]
sample application
Comment 3 Michal Domagala 2013-09-14 22:21:18 UTC
Proposed test:
1. Copy the sample XML file to $(TOMCAT)/conf directory and name it example-users.xml
2. Deploy sample application and try to open.

If everything is OK, browser ask you for username and password and only q/qq will be accepted, as defined is sample XML file
Comment 4 Mark Thomas 2020-10-07 19:34:38 UTC
After all this time, and the various refactorings, the proposed patch needed quite a few changes. I ended up using the DataSourcRealm as a base instead but this is now implemented.

Fixed in:
- master for 10.0.0-M10 onwards
- 9.0.x for 9.0.40 onwards
- 8.5.x for 8.5.60 onwards