How to configure JDBCRealm to obtain its DataSource from JNDI
Asked Answered
S

4

16

How do you use a JDBCRealm to handle authenticating and authorizing users in servlets? The only example I can find is to create the DataSource in web.xml (such as Authentication against database using shiro 1.2.1).

I do not want to include database credentials in my source tree (for obvious reasons) and would prefer to use a Context defined DataSource via JNDI as I have for every other RDBMS I have used for any other purpose in every other servlet project I have developed.

How do you configure a Shiro JDBCRealm to obtain its DataSource from JNDI?

Stringendo answered 3/7, 2013 at 6:22 Comment(0)
J
22

Vrushank's answer was really close: you don't need to subclass the JdbcRealm here - you can use Shiro's JndiObjectFactory to acquire the DataSource and then reference that DataSource when you configure the JdbcRealm:

[main]
dataSource = org.apache.shiro.jndi.JndiObjectFactory
dataSource.resourceName = java://app/jdbc/myDataSource

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $dataSource
#addt'l config

For a web application, save the file under WEB-INF/shiro.ini.

See Also

Jordanna answered 3/7, 2013 at 15:48 Comment(4)
Two things I discovered while solving this problem: 1) You also need to have dataSource.resourceRef = true; and, 2) You can also use jdbc/myDataSource and the rest of the URI will be prepended for you.Stringendo
URI will be prepended for you saved my day. So in my case I MUST use only datasource name on weblogic and full path on tomcatJeanniejeannine
What happen If I need to use two datasourcesClaudianus
I second Recurse's comment.Using tomcat, I had to add dataSource.resourceRef = true along with dataSource.resourceName = jdbc/TestDB.Michalmichalak
E
3

For Shiro to work with permissions with the JDBC realm this parameter is indispensable:

jdbcRealm.permissionsLookupEnabled = true 

I wasted many hours on this because the default for this option is false. In other words, if you don't put this option Shiro always return an empty list of permissions.

Expletive answered 13/6, 2014 at 17:19 Comment(0)
J
2

I commented on @Les Hazlewood answer and on @Recurse comment, but might be that new answer is better option.

In my case I have to use only JDNI datasource name on weblogic and full path on tomcat:

Tomcat:

 ds = org.apache.shiro.jndi.JndiObjectFactory   
 ds.requiredType = javax.sql.DataSource  
 ds.resourceName = java:/comp/env/oracle/pportal_dev

 # JDBC realm config  
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm  
 jdbcRealm.permissionsLookupEnabled = true 
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
 jdbcRealm.dataSource = $ds

Weblogic

 ds = org.apache.shiro.jndi.JndiObjectFactory   
 ds.requiredType = javax.sql.DataSource   
 ds.resourceName = oracle/pportal_dev

 # JDBC realm config  
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm  
 jdbcRealm.permissionsLookupEnabled = true 
 jdbcRealm.dataSource = $ds

Note

ds.resourceName = java:/comp/env/oracle/pportal_dev 
vs
ds.resourceName = oracle/pportal_dev
Jeanniejeannine answered 21/5, 2014 at 13:29 Comment(0)
H
-3

You'll need to create a custom Realm of your own by extending JdbcRealm to programatically lookup the datasource through the provided JNDI.

You can then pass the JNDI as a property in shiro.ini

[main]
# realms to be used
customSecurityRealm=package.to.your.CustomRealm
customSecurityRealm.jndiDataSourceName=java:app/jdbc/myDatasource

See the below article as an example. It takes care of both Authentication and Authorization.

Apache Shiro JDBC Realm

Horwath answered 3/7, 2013 at 6:44 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.