Child pages
  • Delegate security to servlet container

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

About this document

This is more specific to Tomcat than Hudson but as i did my specific configuration for Hudson i think it can help someone here (smile)

Existing Realms

There are 5 existing realms for Tomcat 6:

  • JDBCRealm - Accesses authentication information stored in a relational database, accessed via a JDBC driver.
  • DataSourceRealm - Accesses authentication information stored in a relational database, accessed via a named JNDI JDBC DataSource.
  • JNDIRealm - Accesses authentication information stored in an LDAP based directory server, accessed via a JNDI provider.
  • MemoryRealm - Accesses authentication information stored in an in-memory object collection, which is initialized from an XML document (conf/tomcat-users.xml).
  • JAASRealm - Accesses authentication information through the Java Authentication & Authorization Service (JAAS) framework.

See Tomcat documentation here for more information.

Specific need

For my company i need to have an LDAP authentication and an hudson authorization management.
So i just had to mix JNDIRealm & JDBCRealm.

The result is LdapJDBCRealm (,LdapJdbcRealm.class). This is only a deal with overriding some methods.
Parameters are also mix of Realms, see server.xml template in installation steps.

Installation steps (Tomcat 6.x)

  1. Copy the Mysql JDBC driver to your %CATALINA_HOME%/lib (get it here)
  2. Copy this .class file to %CATALINA_HOME%/lib/org/apache/catalina/realm folder
  3. Update server.xml configuration file (%CATALINA_HOME%/conf).Look at the following template:
    this is the template for LdapJDBCRealm configuration in server.xml file:
    Code Block
    <Realm className="org.apache.catalina.realm.LdapJdbcRealm" debug="99"
            connectionName="_your bind accound information_"
            connectionPassword="_your bind accound password if anonymous not supported_"
            connectionURL="_ldap url server (like http://ldapserver:389)_"
            userPattern="_pattern to search your user_"
  4. Create your users database. See here for scripts to create it.

Once you do that, Hudson should authenticate users against LDAP server and get their authorization using your local database.