当我只有很少的用户表时，如何通过 jdbcRealm 在 Web 应用程序中提供安全性

发布于 2024-11-29 07:05:29 字数 783 浏览 4 评论 0原文

我在 Java EE 中遇到安全问题。我有一个应该是一种电子商店的应用程序。我有三个实体：未映射到数据库的用户类，以及映射到不同表的两个继承类 - 客户端和管理员：

@MappedSuperclass
@Inheritance(strategy= InheritanceType.TABLE_PER_CLASS)
public class User implements Serializable {...}

@Entity
public class Client extends User {...}

@Entity
public class Administrator extends User {...}

现在我需要为客户端和管理员资源提供安全性。我将 FORM 身份验证与 jdbcRealm 和标准登录页面一起使用：

    <form  action="j_security_check" method="POST">
        <input type="text" name="j_username"/>
        <input type="password" name="j_password"/>
        <input type="submit" value="Login"/>
    </form>

但问题是 jdbcRealm 仅引用一张表。并且不允许在web.xml 中设置两个jdbcRealms。那么如何在不更改数据库结构的情况下为客户端和管理员提供身份验证呢？是否可以在单个应用程序中使用少量 jdbcRealms？

原文

I have a problem with security in Java EE.
I have an application that supposed to be a kind of e-shop. I have three entities:
User class that is not mapped into database, and two inherited classes - Client and Administrator, that are mapped into different tables:

@MappedSuperclass
@Inheritance(strategy= InheritanceType.TABLE_PER_CLASS)
public class User implements Serializable {...}

@Entity
public class Client extends User {...}

@Entity
public class Administrator extends User {...}

Now I need to provide security for Client and Administrator resources. I use FORM authentication with jdbcRealm and standart login page:


    <form  action="j_security_check" method="POST">
        <input type="text" name="j_username"/>
        <input type="password" name="j_password"/>
        <input type="submit" value="Login"/>
    </form>

But the problem is that jdbcRealm refers only to one table. And it's not allowed to set two jdbcRealms in web.xml. So how can I provide authentication for both Client and Administrator without changing database structure? Is it possible to use few jdbcRealms in a single application?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

十年不长 2024-12-06 07:05:29

您可以使用组合领域来组合两个 JDBC 领域：

在 $CATALINA_BASE/conf/server.xml 中

<Realm className="org.apache.catalina.realm.CombinedRealm" >
    <Realm className="org.apache.catalina.realm.JDBCRealm"
           driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://localhost/db?user=dbuser&password=dbpass"
           userTable="client" 
           userNameCol="user_name" userCredCol="user_pass"
           userRoleTable="user_roles" roleNameCol="role_name"/>
    <Realm className="org.apache.catalina.realm.JDBCRealm"
           driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://localhost/db?user=dbuser&password=dbpass"
           userTable="administrator" 
           userNameCol="user_name" userCredCol="user_pass"
           userRoleTable="user_roles" roleNameCol="role_name"/>
</Realm>

但是，在这种情况下，最好设置一个数据源并使用 DataSourceRealm 来访问表。

<Realm className="org.apache.catalina.realm.CombinedRealm" >
     <Realm className="org.apache.catalina.realm.DataSourceRealm"
            dataSourceName="jdbc/authority"
            userTable="clients" userNameCol="user_name" userCredCol="user_pass"
            userRoleTable="user_roles" roleNameCol="role_name"/>
     <Realm className="org.apache.catalina.realm.DataSourceRealm"
            dataSourceName="jdbc/authority"
            userTable="administrators" userNameCol="user_name" userCredCol="user_pass"
            userRoleTable="user_roles" roleNameCol="role_name"/>
</Realm>

这样，您只需要在数据源中设置连接字符串，而不需要在领域中进行重复。

注意：就我个人而言，我会质疑拥有不同的 ADMINISTRATOR 和 USER 表是否是一个好主意，因为如果您的用户名既是客户端又是管理员，会发生什么，所以您必须确保这不会发生这种情况，通过仅对一张表进行约束会容易得多。

You can use a combined realm to combine two JDBC realms:

In the $CATALINA_BASE/conf/server.xml

<Realm className="org.apache.catalina.realm.CombinedRealm" >
    <Realm className="org.apache.catalina.realm.JDBCRealm"
           driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://localhost/db?user=dbuser&password=dbpass"
           userTable="client" 
           userNameCol="user_name" userCredCol="user_pass"
           userRoleTable="user_roles" roleNameCol="role_name"/>
    <Realm className="org.apache.catalina.realm.JDBCRealm"
           driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://localhost/db?user=dbuser&password=dbpass"
           userTable="administrator" 
           userNameCol="user_name" userCredCol="user_pass"
           userRoleTable="user_roles" roleNameCol="role_name"/>
</Realm>

However, in this instance it may be better to set up a datasource and use the DataSourceRealm to access the tables.

<Realm className="org.apache.catalina.realm.CombinedRealm" >
     <Realm className="org.apache.catalina.realm.DataSourceRealm"
            dataSourceName="jdbc/authority"
            userTable="clients" userNameCol="user_name" userCredCol="user_pass"
            userRoleTable="user_roles" roleNameCol="role_name"/>
     <Realm className="org.apache.catalina.realm.DataSourceRealm"
            dataSourceName="jdbc/authority"
            userTable="administrators" userNameCol="user_name" userCredCol="user_pass"
            userRoleTable="user_roles" roleNameCol="role_name"/>
</Realm>

That way you only need to set up connection string in the datasource rather than having the duplication in the realm.

N.B. Personally, I would question whether it is a good idea to have a different ADMINISTRATOR and USER table, as what would happen if you've got a username that is both a client and an administrator, so you'd have to ensure that this doesn't happen, which is much easier by having a constraint on just one table.

回复收藏 0 原文

~没有更多了~