Delegate security to servlet container

Hudson
Home
Downloads
Mailing lists and IRC
Source code
Reporting Bugs
Documents
Meet Hudson
Use Hudson
Extend Hudson
Plugins
SCMs
Triggers
Build Tools
Build Wrappers
Notifiers
Reporters
Slave Launchers and Controllers
Uploaders
Other Post-build Actions
Ext. Site Integration
UI Plugins
Page Decorators
Authentication and User Management
Cluster Management and Distributed Build
CLI Extensions
Maven
Misc
Others
Container-specific Notes
Site Map

About this document

This is more specific to Tomcat than Hudson but as i did my specific configuration for Hudson i think it can help someone here

Existing Realms

There are 5 existing realms for Tomcat 6:

  • JDBCRealm - Accesses authentication information stored in a relational database, accessed via a JDBC driver.
  • DataSourceRealm - Accesses authentication information stored in a relational database, accessed via a named JNDI JDBC DataSource.
  • JNDIRealm - Accesses authentication information stored in an LDAP based directory server, accessed via a JNDI provider.
  • MemoryRealm - Accesses authentication information stored in an in-memory object collection, which is initialized from an XML document (conf/tomcat-users.xml).
  • JAASRealm - Accesses authentication information through the Java Authentication & Authorization Service (JAAS) framework.

See Tomcat documentation here for more information.

Specific need

For my company i need to have an LDAP authentication and an hudson authorization management.
So i just had to mix JNDIRealm & JDBCRealm.

The result is LdapJDBCRealm (LdapJdbcRealm.java,LdapJdbcRealm.class). This is only a deal with overriding some methods.
Parameters are also mix of Realms, see server.xml template in installation steps.

Installation steps (Tomcat 6.x)

  1. Copy the Mysql JDBC driver to your %CATALINA_HOME%/lib (get it here)
  2. Copy this .class file to %CATALINA_HOME%/lib/org/apache/catalina/realm folder
  3. Update server.xml configuration file (%CATALINA_HOME%/conf).Look at the following template:
    this is the template for LdapJDBCRealm configuration in server.xml file: 
    <Realm className="org.apache.catalina.realm.LdapJdbcRealm" debug="99"
        connectionName="_your bind accound information_"
        connectionPassword="_your bind accound password if anonymous not supported_"
        connectionURL="_ldap url server (like http://ldapserver:389)_"
        userPattern="_pattern to search your user_"
        roleBase="dummyValue"
        roleSubtree="true"
        roleName="groupMembership"
        roleSearch="cn=DummyValue"
        driverName="com.mysql.jdbc.Driver"
        dbConnectionURL="jdbc:mysql://localhost:3306/hudson_users?user=userForDatabase&amp;password=userpassword"
        dbConnectionName="userForDatabase"
        dbConnectionPassword="userpassword"
        userTable="users"
        userNameCol="user_name"
        userRoleTable="user_roles"
        roleNameCol="role_name"
      />
  4. Create your users database. See here for scripts to create it.

Once you do that, Hudson should authenticate users against LDAP server and get their authorization using your local database.

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.