Using a JDBC Database as an Authentication Realm
You can integrate the Akula Server with a JDBC database to use the JDBC database as an authentication realm. Example databases that you can use as a realm include Microsoft SQL Server 2012, Oracle, and MySQL. However, any database that supports JDBC should work.
When integrating with a database, the database must contain the principal and secret for each user, must contain at least one user group, and all users must be members of at least one group. The realm can optionally contain additional information. For example, you can use the database to hold the user's first and last name, to set rules for secret expiration, and maximum unsuccessful log in attempts.
To integrate the Akula Server with a JDBC database realm, you define the realm in the
AKULA_HOME\global\security-template.xml file, and then add that realm to a security manager. For more information on the security-template.xml file and configuring security managers, see Defining a Security Manager.
Configuring a JDBC database
<realm> tag in the
AKULA_HOME\global\security-template.xml file to define a realm. The
<realm> tag specifies the id of the realm and the class defining the connection to your realm.
Akula provides two predefined classes that you can use to connect to a realm defined by a JDBC database:
- com.verivo.akula.security.realms.jdbc.AKJdbcRealm - Use this class to connect to any JDBC database.
- com.verivo.akula.security.realms.jdbc.AKSqliteRealm - An optimized subclass of AKJdbcRealm that you use to connect to a SQLite database.
The configuration process for these classes is exactly the same.
Note that Akula ships with the source code for the AKJdbcRealm class so that you can use it as the basis for creating a class to connect to a custom realm. For more information on creating a class to connect to a custom realm, see Connecting to a Custom Realm.
In the security-template.xml file, you set properties that define the necessary information of the Akula Server to connect to a JDBC database. Shown below is an example of the security-template.xml file that specifies to use a SQLite database as the realm:
The following table describes the
key values that you set to configure a JDBC realm:
|Sets the realm name of the JDBC database.|
|Sets the SQL query used to retrieve the secret for a user. Akula replaces the ? with the principal passed to the server at log in.|
|Sets the SQL query used to retrieve all groups in the realm. A realm must contain at least one group.|
|Sets the SQL query used to retrieve all groups for a user. A user must be in at least one group. Akula replaces the ? with the principal passed to the server at log in.|
Sets the SQL query used to retrieve information about a user. This query might return, but is not limited to, the user's first, last, and full name. Akula replaces the ? with the principal passed to the server at log in.
This query is optional. You can omit it if the database does not contain any additional user information.
Specifies the information used to connect to the JDBC database. The
In the example above, you specify com.verivo.akula.core.db.AkulaHomeRelativeDataSource as the connection class. The AkulaHomeRelativeDataSource class is designed so that you can use the
The child key values of
In this example, the driver class, org.sqlite.JDBC, requires only the
Notice that because you are connecting to a SQLite database, the location of the database is prefixed by
|Uses the $ syntax to pass the object created by the |
After editing the security-template.xml file, restart the Akula Server.