Creating a Database login module
The UserRoles login module is a good starting point to learn how to put together all the
pieces required to secure a web application. In real-world cases, there are better alternatives
to protect your applications, such as the Database login module. A database security do-
main follows the same logic exposed in the earlier example; it just stores the credentials
within the database. In order to run this example, we will refer to a data source defined in
datasources/wflydevelopment ), which needs to be deployed on the application
<security-domain name="dbdomain" cache-type="default">
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="
value="select passwd from USERS where login=?"/>
<module-option name="rolesQuery" value="select
role 'Roles' from USER_ROLES where login=?"/>
In order to get this configuration working, you have to first create the required tables and
insert some sample data in it using the following queries:
CREATE TABLE USERS(login VARCHAR(64) PRIMARY KEY, passwd
CREATE TABLE USER_ROLES(login VARCHAR(64), role VARCHAR(32));
INSERT into USERS values('admin', 'admin');
INSERT into USER_ROLES values('admin', 'Manager');
As you can see, the admin user will map again to the Manager role. One caveat of this
configuration is that it uses clear text passwords in the database; so before rolling this mod-
ule into production, you should consider adding additional security to your login module.
Let's see how to do this in the next section.
Search WWH ::