I want to use Apache Shiro Security to secure my Java standalone application but I can't find an example about this.
Please help me how I can implement and configure Apache Shiro Standalone App to connect to database and authenticate my app.
Thank You for all.
A good start is the Shiro tutorial that especially targets standalone applications. For a good reference in creating and connecting your app to a SQL-like server i recommend this tutorial. The datasourceof the PostgreSQL depends on your implementation.
Here is an example for the shiro.ini modified for PostgreSQL
[main]
# Create and setup user filter.
user = com.example.filter.FacesAjaxAwareUserFilter
user.loginUrl = /login.xhtml
# Create JDBC realm.
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
# Configure JDBC realm datasource.
dataSource = org.postgresql.Driver
dataSource.URL = jdbc:postgresql://127.0.0.1:5432/db
dataSource.user = sa
dataSource.password = sa
jdbcRealm.dataSource = $dataSource
# Configure JDBC realm SQL queries.
jdbcRealm.authenticationQuery = SELECT password FROM User WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role FROM UserRoles WHERE userId = (SELECT id FROM User WHERE username = ?)
[urls]
/login.xhtml = user
/app/** = user
I'm not sure how far along you are but I recommend reading this documentation on Programmatic Configuration of Shiro. Which will allow you to create a JdbcRealm, configure it programatically, and then authenticate against it.
Related
I have a regression with a TCP\IP connection string post a firebird 3 migration from v2.5. The FirebirdClient version is 4.6.1 but I've tested with the latest stable version and it also doesn't work (v7.10.1).
The error message is "Your user name and password are not defined. Ask your database administrator to set up a Firebird login".
The stacktrace:
at FirebirdSql.Data.FirebirdClient.FbConnectionInternal.Connect()
at FirebirdSql.Data.FirebirdClient.FbConnectionPoolManager.Pool.GetConnection(FbConnection owner)
at FirebirdSql.Data.FirebirdClient.FbConnectionPoolManager.Get(ConnectionString connectionString, FbConnection owner)
at FirebirdSql.Data.FirebirdClient.FbConnection.Open()
The user was created via the IBExpert UI.
Here's how the connection string looks (not real life connection data obviously):
#"Database=inet://10.000.0.000:3050/C:\Database.FDB;User=MY_USER;Password=secret";
The same user works if using a standard same network connection string as below:
#dialect=3;initial catalog=C:\Database.FDB;data source=localhost;user id=MY_USER;password=secret;character set=ISO8859_1;pooling=True;connection lifetime=30;server type=Default;port number=3050
My firebird.conf is set like so:
ServerMode = Super
DefaultDbCachePages = 100K
FileSystemCacheThreshold = 100M
TempBlockSize = 2M
TempCacheLimit = 4000M
AuthServer = Legacy_Auth, Srp, Win_Sspi
AuthClient = Legacy_Auth, Srp, Win_Sspi
UserManager = Legacy_UserManager, Srp
WireCrypt = Enabled
RemoteServicePort = 3050
LockMemSize = 30M
LockHashSlots = 30011
RemoteAccess = true
Not sure what I'm missing here. The connection string above works with SYSDBA. According to the firebird documentation I've read it looks fine. I've read all other stackoverflow tickets with the same issue but don't see any answers that work for me. Any ideas?
Recent versions of FirebirdSql.Data.FirebirdClient support the version 13-15 wire protocol of Firebird 3, and then only support Srp authentication. Your old version supported only up to the v12 protocol (Firebird 2.5) and then would use the legacy authentication. If you created the user using the Legacy_UserManager (the default in your configuration), then you cannot authenticate with version 7.10.1 (where you could with 4.6.1), because as far as the Srp authentication plugin is concerned, the user does not exist.
It looks like you created the user either using gsec, which always applies the default user manager (FYI, gsec is deprecated since Firebird 3), or you used CREATE USER without USING PLUGIN Srp (or with USING PLUGIN Legacy_UserManager). You can verify this by checking the output of select sec$user_name, sec$plugin from sec$users. The solution would be to drop the user and then create it again with the right user manager (USING PLUGIN Srp).
Note that in theory you could have the user both for Srp and Legacy_UserManager (e.g. if the same user needs to be used by an application that cannot authenticate with Srp), but it is far more secure to have the user only exist for one plugin.
On a related note, the configuration you have applied is insecure. It is far more secure to leave out Legacy_Auth of the AuthServer setting or - if you still have applications that cannot apply Srp - to put it last (for both AuthServer and AuthClient). Similarly, it is recommended to put Legacy_UserManager last in UserManager (or leave it out entirely), so by default - if you use gsec, or don't include USING PLUGIN xxx in CREATE USER - it will create more secure Srp-type users.
I'm trying to configure MongoDB user store as our primary user store in WSO2 Identity Server v5.9.0 following steps provided in below GITHUB repo:
MongoDB user store extension
[user_store]
type = "database"
class = "org.wso2.carbon.mongodb.user.store.mgt.MongoDBUserStoreManager"
connection_url = "mongodb://localhost:27017/wso2_carbon_db"
connection_name = "wso2_admin"
connection_password = "test123"
I tried running the wso2server.bat after copying the mongodb.user.store.mgt-1.0.0-SNAPSHOT.jar in both the paths
latestwso2\repository\components\plugins
latestwso2\repository\components\dropins
WSO2 Identity Server Console
WSO2 Identity Server Console
Please let me know what else do I need to configure to make it work.
It seems like the bundle is not getting activated. [1]
The extension that you are using may not be compatible with IS-5.9.0. It's compatible with IS-5.5.0. So the versions should be upgraded relevant to the dependency versions used in IS-5.9.0[2]
[1].https://movingaheadblog.blogspot.com/2014/01/how-to-debug-wso2-carbon-products-using.html
[2].https://github.com/wso2/product-is/blob/v5.9.0/pom.xml
I am trying to install and configure play-mailer, unfortunately, the readMe file doesn't do a good job of explaining it.
I have created the ~/.bintray/.credentials file and added the following
realm = Bintray API Realm
host = api.bintray.com
user =
password =
should the user and password be left blank?
I am having the following idea to investigate and find out if it possible to work. I am having a db2 server in a linux machine and two kinds of application servers, geronimo and websphere. I would like to know whether it is possible to associate a geronimo or websphere connection to a db2 agent.
In other words, I would like to know which user of a web application is running which query at the database at any given moment.
Thank you in advance,
You could create two users, one for Geronimo, and one for Websphere, both users in a same group. You give the privileges to the group, and both users will have the same privileges.
Then, when you issue a 'list applications' you could discriminate the connetions for Geronimo, and those for Websphere.
If you want to change the application name, there are two approaches depending the java connection.
Class.forName
Class.forName("com.ibm.db2.jcc.DB2Driver");
Properties props = new Properties();
props.put("user", "scott");
props.put("password", "tiger");
props.put("clientProgramName", "My Program 1");
Connection conn = DriverManager.getConnection(
"jdbc:db2://localhost:50000/sample", props);
Datasource
Connection conn = null;
DB2SimpleDataSource ds = new com.ibm.db2.jcc.DB2SimpleDataSource();
ds.setDriverType(4);
ds.setServerName("localhost");
ds.setPortNumber(50000);
ds.setDatabaseName("sample");
ds.setUser("scott");
ds.setPassword("tiger");
ds.setClientProgramName("My Application 2");
conn = ds.getConnection();
You could assign the conneciont name dynamically, by retrieving the application server name.
I wrote a blog about that: http://angocadb2.blogspot.fr/2012/12/nombre-de-la-conexion-java-en-db2-java.html
when deploying grails app to cloudfoundry, if define multi-datasource ,there are error:
Cannot create JDBC driver of class 'org.postgresql.Driver' for connect URL 'n/a'
dataSource {
dialect = "org.hibernate.dialect.MySQLInnoDBDialect"
driverClassName = 'com.mysql.jdbc.Driver'
username = 'n/a'
password = 'n/a'
url = 'n/a'
dbCreate = 'update'
}
dataSource_postgre {
dialect = "org.hibernate.dialect.PostgresPlusDialect"
driverClassName = "org.postgresql.Driver"
username = 'n/a'
password = 'n/a'
url = "n/a"
dbCreate = 'update'
}
but as i known from http://blog.springsource.com/2011/04/12/one-step-deployment-with-grails-and-cloud-foundry/ as following:
When you bind a service to an application in Cloud Foundry, you are telling the cloud to pass the connection settings for that service to the application at runtime. The Cloud Foundry plugin then picks up that information and overrides the connection settings in your application. As if by magic, your application then transparently works against the cloud service without you having done anything! And this works for all available services, not just MySQL
CloudFoundry will reconfigure the data source and replace your local DataSource definition. The way you notify CloudFoundry about the services you need is interacting with CF with vmc Tunneling with Caldecott command or Cloud Foundry Integration for STS.
Check the logs of the application using VMC if possible, in the staging.log, you should see a summary of the services that have been auto-configured.
I would have to check if this is possible with two services, you may have to configure one manually using the VCAP_SERVICES environment variable.