AbstractUnless you have a public API like a weather service, or perhaps barometric pressure measurements. You will likely need some form of authentication, and authorization for your service. A tried and tested mechanism is to use JDBC Realm based authentication. In this example I will create a set of database tables on Apache Derby, set up the security realm on GlassFish 220.127.116.11, and configure basic authentication on a RESTful web service. The majority of the work will be done using the NetBeans IDE 7.2.
DatabaseThe first thing we need to do is to set up our database tables which we will use for authentication. These tables can contain more information, but in my example I will keep them simple.
Creating TablesFirst we will need to create a Users table which will contain our username and password. Using the sample database in NetBeans do the following:
- Select the Services Window, and open the Databases selection
- Right click on the Java DB icon, and start the server if it is not already started
- Right click on the sample database connection: jdbc:derby://localhost:1527/sample [app on APP] and connect.
- Right click on the sample connection and select Execute Command.
- Execute the create table commands and create index commands below.
CREATE TABLE users ( username varchar(255) NOT NULL, password varchar(255) DEFAULT NULL, PRIMARY KEY (username) );
CREATE TABLE groups ( username varchar(255) DEFAULT NULL, groupname varchar(255) DEFAULT NULL);
CREATE INDEX groups_users_idx ON groups(username ASC);
Add Users and GroupsWe need to add at least one user and group to our table. Since I am using GlassFish as the container, I will use SHA-256 to hash my password. That way it is not visible in plain text.
- Right click on our new USERS table, and select View Data
- Click on the Insert Records Icon
- Add a user, and add a SHA-256 hash of the password.
Note:An online generator can be found at SHA-256 hash calculator
- Repeat the same process as above to open the GROUPS table
- Add the username and a group called users
GlassFish JDBC RealmUsing the NetBeans IDE perform the following:
- Go to the Services window and expand the Servers selection.
- Right click on GlassFish 3.1.2 server and select Start.
- Right click and select View Domain Admin Console.
- On the Admin console web page on the tree on the left select Configurations » server-config » Security » Realms.
- Add a new realm called jdbc with the following properties:
- Name: jdbc
- Class Name: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
- JAASContext: jdbcRealm
- JNDI: jdbc/sample
- User Table: users
- User Name Column: username
- Password Column: password
- Group Table: groups
- Group Table User Name Column: username
- Group Name Column: groupname
- Database User: app
- Database Password: app
- Digest Algorithm: SHA-256
- Encoding: Hex
- Charset: UTF-8
Note: the parameters are case sensitive.
- Navigate to Configurations » server-config » Security
- Change the Default Realm to jdbc
- Check the Default Principal To Role Mapping checkbox to enabled
- Click Save and Restart server.
JAX-RS ApplicationFinally we have completed all of the requirements on the server side for securing our applications. This security mechanism can be used by more than the application we will are preparing to deploy. We need to set up the security constraints in our web.xml file as shown below. If you have downloaded the code you can simply open it in NetBeans and examine it.
Using NetBeans, you can simply run the application and it will prompt you for an application server. Select the current GlassFish server we have set-up, and it will deploy in a few seconds. You will come to a index.jsp page.
This is an example message