Versions Compared

Old Version 1

changes.mady.by.user Stefan Zoerner

Saved on

compared with

New Version 2

changes.mady.by.user Stefan Zoerner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ApacheDS Tomcat Realm

What is it, and who needs it?

Within Apache Tomcat, a realm is (cite) a "database" of usernames and passwords that identify valid users of a web application (or set of web applications), plus an enumeration of the list of roles associated with each valid user. Learn more about them in the Realm Configuration HOW-TO from the Tomcat website.

In order to use Apache Directory Server (ApacheDS) as a realm, the straight forward approach is to use the JNDIRealm shipped with Tomcat. It can handle arbitrary LDAP servers, among them ApacheDS.

Because ApacheDS is 100% pure Java and embeddable, there is another option: Implement the Realm interface from Apache Tomcat and run within Tomcat. There are (at least) two interesting things about this approach:

  • Tomcat can use ApacheDS without the wire protocol, because the realm has a handle to the "in process" API of ApacheDS
  • ApacheDS runs within Tomcat and starts and stops automatically along with the web application server

While the first point promises some performance advantages, which are irrelevant in most situations (because LDAP servers like ApacheDS are optimized for read operations anyway), the second reason makes this approach a good option for development environments.

Current state

I have started a Realm implementation. A first version (proof of concepts) already works quite well. I have committed the sources here as a Maven2 project:

...