Can you explain JDBCRealm?
JDBC RealmA realm is a collection of pages, images and applications (collectively known as "resources") that is protected by a login or authentication method. JDBC Realm involves storing the credentials of user like username and passwords inside a database. Then Tomcat is configured to use this database and the JDBC realm option inside the configuration files will need to be enabled.
The following steps are used for JDBC Realm:
1.
Create Database2.
Create TablesLike user table containing usernames and passwords and roles table containing usernames and assigned roles.
3.
Configure TomcatThe server.xml file is configured in Tomcat.
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="0"
driverName="jdbc:odbc:JdbcOdbcDriver"
connectionURL="jdbc:sql:localhost/8080:/opt/fsql/db/realmdb.fdb"
connectionName="sysdba" connectionPassword="password"
userTable="users" userNameCol="user_name" userCredCol="user_pwd"
userRoleTable="roles" roleNameCol="role_name" />
4.
Edit the web.xml file to require Authentication<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyFirst Protected Area</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/Error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Only 'tomcat' role is allowed to access this web application</description>
<role-name>tomcat</role-name>
</security-role>
