How to configure JDBCRealm to obtain its DataSource from JNDI

拈花ヽ惹草 提交于 2019-12-31 12:49:47

问题


How do you use a JDBCRealm to handle authenticating and authorizing users in servlets? The only example I can find is to create the DataSource in web.xml (such as Authentication against database using shiro 1.2.1).

I do not want to include database credentials in my source tree (for obvious reasons) and would prefer to use a Context defined DataSource via JNDI as I have for every other RDBMS I have used for any other purpose in every other servlet project I have developed.

How do you configure a Shiro JDBCRealm to obtain its DataSource from JNDI?


回答1:


Vrushank's answer was really close: you don't need to subclass the JdbcRealm here - you can use Shiro's JndiObjectFactory to acquire the DataSource and then reference that DataSource when you configure the JdbcRealm:

[main]
dataSource = org.apache.shiro.jndi.JndiObjectFactory
dataSource.resourceName = java://app/jdbc/myDataSource

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $dataSource
#addt'l config

For a web application, save the file under WEB-INF/shiro.ini.

See Also

  • https://github.com/danielmt/shiro-primefaces-example/blob/master/src/main/webapp/WEB-INF/shiro.ini



回答2:


For Shiro to work with permissions with the JDBC realm this parameter is indispensable:

jdbcRealm.permissionsLookupEnabled = true 

I wasted many hours on this because the default for this option is false. In other words, if you don't put this option Shiro always return an empty list of permissions.




回答3:


I commented on @Les Hazlewood answer and on @Recurse comment, but might be that new answer is better option.

In my case I have to use only JDNI datasource name on weblogic and full path on tomcat:

Tomcat:

 ds = org.apache.shiro.jndi.JndiObjectFactory   
 ds.requiredType = javax.sql.DataSource  
 ds.resourceName = java:/comp/env/oracle/pportal_dev

 # JDBC realm config  
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm  
 jdbcRealm.permissionsLookupEnabled = true 
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
 jdbcRealm.dataSource = $ds

Weblogic

 ds = org.apache.shiro.jndi.JndiObjectFactory   
 ds.requiredType = javax.sql.DataSource   
 ds.resourceName = oracle/pportal_dev

 # JDBC realm config  
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm  
 jdbcRealm.permissionsLookupEnabled = true 
 jdbcRealm.dataSource = $ds

Note

ds.resourceName = java:/comp/env/oracle/pportal_dev 
vs
ds.resourceName = oracle/pportal_dev



回答4:


You'll need to create a custom Realm of your own by extending JdbcRealm to programatically lookup the datasource through the provided JNDI.

You can then pass the JNDI as a property in shiro.ini

[main]
# realms to be used
customSecurityRealm=package.to.your.CustomRealm
customSecurityRealm.jndiDataSourceName=java:app/jdbc/myDatasource

See the below article as an example. It takes care of both Authentication and Authorization.

Apache Shiro JDBC Realm



来源:https://stackoverflow.com/questions/17441019/how-to-configure-jdbcrealm-to-obtain-its-datasource-from-jndi

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!