Child pages
  • Delegate security to servlet container
Skip to end of metadata
Go to start of metadata

About this document

This is more specific to Tomcat than Hudson but as i did my specific configuration for Hudson i think it can help someone here (smile)

Existing Realms

There are 5 existing realms for Tomcat 6:

  • JDBCRealm - Accesses authentication information stored in a relational database, accessed via a JDBC driver.
  • DataSourceRealm - Accesses authentication information stored in a relational database, accessed via a named JNDI JDBC DataSource.
  • JNDIRealm - Accesses authentication information stored in an LDAP based directory server, accessed via a JNDI provider.
  • MemoryRealm - Accesses authentication information stored in an in-memory object collection, which is initialized from an XML document (conf/tomcat-users.xml).
  • JAASRealm - Accesses authentication information through the Java Authentication & Authorization Service (JAAS) framework.

See Tomcat documentation here for more information.

Specific need

For my company i need to have an LDAP authentication and an hudson authorization management.
So i just had to mix JNDIRealm & JDBCRealm.

The result is LdapJDBCRealm (LdapJdbcRealm.java,LdapJdbcRealm.class). This is only a deal with overriding some methods.
Parameters are also mix of Realms, see server.xml template in installation steps.

Installation steps (Tomcat 6.x)

  1. Copy the Mysql JDBC driver to your %CATALINA_HOME%/lib (get it here)
  2. Copy this .class file to %CATALINA_HOME%/lib/org/apache/catalina/realm folder
  3. Update server.xml configuration file (%CATALINA_HOME%/conf).Look at the following template:
    this is the template for LdapJDBCRealm configuration in server.xml file:
    <Realm className="org.apache.catalina.realm.LdapJdbcRealm" debug="99"
            connectionName="_your bind accound information_"
            connectionPassword="_your bind accound password if anonymous not supported_"
            connectionURL="_ldap url server (like http://ldapserver:389)_"
            userPattern="_pattern to search your user_"
            roleBase="dummyValue"
            roleSubtree="true"
            roleName="groupMembership"
            roleSearch="cn=DummyValue"
            driverName="com.mysql.jdbc.Driver"
            dbConnectionURL="jdbc:mysql://localhost:3306/hudson_users?user=userForDatabase&amp;password=userpassword"
            dbConnectionName="userForDatabase"
            dbConnectionPassword="userpassword"
            userTable="users"
            userNameCol="user_name"
            userRoleTable="user_roles"
            roleNameCol="role_name"
          />
    
  4. Create your users database. See here for scripts to create it.

Once you do that, Hudson should authenticate users against LDAP server and get their authorization using your local database.

  • No labels