[Java EE][Security] - Understanding Security Realms - 2. DB authentication and authorization

最新推荐文章于 2022-04-06 23:54:22 发布
最新推荐文章于 2022-04-06 23:54:22 发布
阅读量552 收藏
点赞数
分类专栏: Java 文章标签: docker oracle xe oracle 11g
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/neuandustbneo/article/details/50448649
版权

Database is the most commonly used media to store authentication and authorization information for application.

This example is setting up a database for application authentication model which bases on security realms framework. The database can apply to your learning security realms and even a practical web application. It adopts following technics:

  • Docker. Oracle database is running in a docker container
  • Oracle XE 11g. It's sufficient dev and study
  • WebLogic 12c. Java EE 7 container (later writing sample code will use it.)

2. Make your design satisfy security realms' thought

 reference: Main thought of security realms

3. Tables relationship

4. Set up a new DB on Oracle XE

I will create a new database, called wbbank. Why it calls wbbank, because I plan on writing a sample project in the future, which is called WBBANK, an web application for a fabled bank. And the tables created today are wholly for illustrating security realms. So don't worry, it's just a name, a symbol, and will not impact eventual effect. 

4.1 Create directory to store data file in docker oracle11g container

> ssh root@192.168.99.100 -p 2222
> su oracle
> mkdir -p /u01/app/oracle/oradata/XE/apps

4.2 Create exclusive tablespace and schema

sqlplus sys/oracle as sysdba

CREATE TABLESPACE WBBANK DATAFILE '/u01/app/oracle/oradata/XE/apps/wbbank.dbf' SIZE 100M AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED;
CREATE USER wbbank_dba IDENTIFIED BY oracle DEFAULT TABLESPACE WBBANK QUOTA UNLIMITED ON WBBANK;
GRANT ALL PRIVILEGES TO wbbank_dba;

4.3 Create tables and sequences

Now you can switch to wbbank_dba. 

-- Create tables
CREATE SEQUENCE SEQ_Users;
CREATE SEQUENCE SEQ_Roles;
CREATE SEQUENCE SEQ_Groups;

CREATE TABLE Users
  (
    Id          INTEGER NOT NULL ,
    Name        VARCHAR2 (50 CHAR) ,
    Password    VARCHAR2 (20 CHAR) ,
    Description VARCHAR2 (200 CHAR)
  ) ;
ALTER TABLE Users ADD CONSTRAINT Users_PK PRIMARY KEY ( Id ) ;
ALTER TABLE Users ADD CONSTRAINT Users_UN_Name UNIQUE ( Name ) ;

CREATE TABLE Roles
  (
    Id          INTEGER NOT NULL ,
    Name        VARCHAR2 (50 CHAR) ,
    Description VARCHAR2 (200 CHAR)
  ) ;
ALTER TABLE Roles ADD CONSTRAINT Roles_PK PRIMARY KEY ( Id ) ;
ALTER TABLE Roles ADD CONSTRAINT Roles_UN_Name UNIQUE ( Name ) ;

CREATE TABLE Groups
  (
    Id          INTEGER NOT NULL ,
    Name        VARCHAR2 (50 CHAR) ,
    Description VARCHAR2 (200 CHAR)
  ) ;
ALTER TABLE Groups ADD CONSTRAINT Groups_PK PRIMARY KEY ( Id ) ;
ALTER TABLE Groups ADD CONSTRAINT Groups_UN_Name UNIQUE ( Name ) ;

CREATE TABLE User_Role
  ( 
    UserId INTEGER NOT NULL , 
    RoleId INTEGER NOT NULL
  ) ;
ALTER TABLE User_Role ADD CONSTRAINT User_Role_PK PRIMARY KEY ( UserId, RoleId ) ;
ALTER TABLE User_Role ADD CONSTRAINT User_Role_Roles_FK FOREIGN KEY ( RoleId ) REFERENCES Roles ( Id ) ON DELETE CASCADE ;
ALTER TABLE User_Role ADD CONSTRAINT User_Role_Users_FK FOREIGN KEY ( UserId ) REFERENCES Users ( Id ) ON DELETE CASCADE ;

CREATE TABLE User_Group
  ( 
    UserId INTEGER , 
    GroupId INTEGER
  ) ;
ALTER TABLE User_Group ADD CONSTRAINT User_Group_PK PRIMARY KEY ( GroupId, UserId ) ;
ALTER TABLE User_Group ADD CONSTRAINT User_Group_Groups_FK FOREIGN KEY ( GroupId ) REFERENCES Groups ( Id ) ON DELETE CASCADE ;
ALTER TABLE User_Group ADD CONSTRAINT User_Group_Users_FK FOREIGN KEY ( UserId ) REFERENCES Users ( Id ) ON DELETE CASCADE ;

CREATE TABLE Group_Role
  (
    GroupId INTEGER NOT NULL ,
    RoleId  INTEGER NOT NULL
  ) ;
ALTER TABLE Group_Role ADD CONSTRAINT Group_Role_PK PRIMARY KEY ( GroupId, RoleId ) ;
ALTER TABLE Group_Role ADD CONSTRAINT Group_Role_Roles_FK FOREIGN KEY ( RoleId ) REFERENCES Roles ( Id ) ON DELETE CASCADE ;
ALTER TABLE Group_Role ADD CONSTRAINT Group_Role_Groups_FK FOREIGN KEY ( GroupId ) REFERENCES Groups ( Id ) ON DELETE CASCADE ;

4.4 Add data

Please note, you might need to change some values at following script. Some ids may not be as same as mine script.

Login DB with wbbank_dba.

-- Add users
INSERT INTO Users ( ID, NAME, PASSWORD, DESCRIPTION) VALUES ( SEQ_USERS.NEXTVAL, 'bill', 'password', 'Bill.Gates');
INSERT INTO Users ( ID, NAME, PASSWORD, DESCRIPTION) VALUES ( SEQ_USERS.NEXTVAL, 'peter', 'password', 'Peter.Hamz');
INSERT INTO Users ( ID, NAME, PASSWORD, DESCRIPTION) VALUES ( SEQ_USERS.NEXTVAL, 'tom', 'password', 'Tom.Lee');
INSERT INTO Users ( ID, NAME, PASSWORD, DESCRIPTION) VALUES ( SEQ_USERS.NEXTVAL, 'neo', 'password', 'Neo.Wang');

-- Add roles
INSERT INTO Roles ( ID, NAME, DESCRIPTION) VALUES ( SEQ_ROLES.NEXTVAL, 'UserApplicant', 'Apply for WBBANK user');
INSERT INTO Roles ( ID, NAME, DESCRIPTION) VALUES ( SEQ_ROLES.NEXTVAL, 'UserManager', 'Manage WBBANK user application');
INSERT INTO Roles ( ID, NAME, DESCRIPTION) VALUES ( SEQ_ROLES.NEXTVAL, 'AccountApplicant', 'Apply for a new account, new creditcard, new saving account e.g.');
INSERT INTO Roles ( ID, NAME, DESCRIPTION) VALUES ( SEQ_ROLES.NEXTVAL, 'AccountManager', 'Manage account application');
INSERT INTO Roles ( ID, NAME, DESCRIPTION) VALUES ( SEQ_ROLES.NEXTVAL, 'TransactionApplicant', 'Start a transication, pay bill, transfer money e.g.');
INSERT INTO Roles ( ID, NAME, DESCRIPTION) VALUES ( SEQ_ROLES.NEXTVAL, 'TransactionManager', 'Manage transication, modify, rollback e.g.');

-- Add groups
INSERT INTO Groups ( ID, NAME, DESCRIPTION) VALUES ( SEQ_GROUPS.NEXTVAL, 'Users', 'User group of WBBANK.');
INSERT INTO Groups ( ID, NAME, DESCRIPTION) VALUES ( SEQ_GROUPS.NEXTVAL, 'Administrators', 'Staff group of WBBANK.');

-- user_role
-- 目前不使用这种角色映射方式。只采用User_Group方式。

-- group_role
INSERT INTO Group_Role ( GROUPID, ROLEID ) VALUES( 1, 1);
INSERT INTO Group_Role ( GROUPID, ROLEID ) VALUES( 1, 3);
INSERT INTO Group_Role ( GROUPID, ROLEID ) VALUES( 1, 5);
INSERT INTO Group_Role ( GROUPID, ROLEID ) VALUES( 2, 2);
INSERT INTO Group_Role ( GROUPID, ROLEID ) VALUES( 2, 4);
INSERT INTO Group_Role ( GROUPID, ROLEID ) VALUES( 2, 6);

-- user_group
INSERT INTO User_Group ( USERID, GROUPID) VALUES ( 1, 1);
INSERT INTO User_Group ( USERID, GROUPID) VALUES ( 2, 1);
INSERT INTO User_Group ( USERID, GROUPID) VALUES ( 3, 1);
INSERT INTO User_Group ( USERID, GROUPID) VALUES ( 4, 2);
Don'f forget to COMMIT all your operations.



NEUandUSTBneo
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
GWT开发 - Eclipse, Google Plugin and Google Web Toolkit SDK
Neo in Action
09-01 7554
Google Web Toolkit 官方地址 1 在eclipse上安装Google plugin 针对不同版本eclipse的插件下载地址: Eclipse 4.2 (Juno) http://dl.google.com/eclipse/plugin/4.2 Eclipse 3.7 (In
GWT开发 - 开发环境搭建 Maven+Eclipse+Tomcat
Neo in Action
12-24 5604
1.创建GWT Maven项目 2.安装必要的Eclipse插件 2.1 Maven Integration for Eclipse (m2e) 支持Java maven项目。 2.2 Maven Integration for Eclipse WTP 2.3 Google plugin and GWT SDK 3.导入GWT Maven项目 3.1 作为Existi
[Java EE][Security] - Understanding Security Realms - 1. Main Thought
Neo in Action
01-01 420
Securing Containers In Java EE, the component containers are responsible for providing application security. A container provides two types of security: declarative and programmatic. Realm, User
[Java EE][Security] - Understanding Security Realms - Logout
Neo in Action
02-16 356
1. Logout single application (single session) session.invalidate(); 2. Logout application which shares session with other applications (WebLogic) logout public static boolean logout(HttpServ
Oracle LiveLabs实验:DB Security - Database Vault
In-Memory Computing Technology
04-06 1183
概述 此实验申请地址在这里,时间为45分钟。 本实验是DB Security Basics研讨会的的第8个实验,即Lab 8。 实验帮助在这里。 本实验使用的数据库为19.13。 Introduction 本研讨会介绍了 Oracle Database Vault (DV) 的各种特性和功能。 它使用户有机会学习如何配置这些功能,以防止未经授权的特权用户访问敏感数据。 Task 1: Enable Database Vault 进入实验目录: sudo su - oracle cd $DBSEC_LABS/
Oracle Database 12c Security - 6. Real Application Security
In-Memory Computing Technology
09-01 433
RAS(Real Application Security)是12c的新特性,RAS的特点是全面(comprehensive)和透明。 传统的Web应用,要在不同连接间切换,并保证正确权限的成本太高,因此通常赋予所有权限,这导致过度赋权。 另外在Web应用中保留用户身份很难,有时就会不保留从而导致应用复杂性,易错和难以审计。 ACCOUNT MANAGEMENT IN ORACLE RAS RAS的语法为: <Principal> perform <operation> on &lt
脱壳Armadillo 1.xx - 2.xx -> Silicon Realms Toolworks
11-15
Armadillo 1.xx - 2.xx -> Silicon Realms Toolworks脱壳
PyPI 官网下载 | realms-wiki-0.3.31.tar.gz
01-15
《PyPI官网下载:深入解析realms-wiki-0.3.31.tar.gz》 在Python的世界里,PyPI(Python Package Index)是开发者们不可或缺的资源库,它为全球的Python爱好者提供了丰富的第三方库,方便他们进行项目开发。今天...
Python库 | realms-wiki-0.5.0.tar.gz
04-14
资源分类:Python库 所属语言:Python 资源全名:realms-wiki-0.5.0.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
star-realms-counter:Star Realms纸牌游戏的简单计数器
06-27
总的来说,"star-realms-counter"是一个为《Star Realms》玩家量身打造的实用工具,通过Java技术实现了对游戏状态的有效跟踪,提升了游戏体验。无论是新手还是老玩家,都能从中受益,更好地沉浸在星界的策略对抗之中...
guice-multi-shiro-realms:注入多个 Shiro 领域的 Guice 扩展
06-04
guice-multi-shiro-realms Guice 扩展注入多个 Shiro 领域。 特征: 可以注入多个 Shiro 领域 可以在绑定时指定方面 可以根据方面过滤注入的领域 示例: :
GWT开发 - 创建GWT Maven Project
Neo in Action
12-03 3583
使用工具创建GWT Maven Project有两种方式,使用GWT Command-line Tools和Maven GWT Plugin。 1. 使用GWT Command-line Tools创建maven project 要使用webAppCreator命令, 运行 webAppCreator -help WebAppCreator [-overwrite] [-ignore
ServiceMix - [Quickstart]6.我遇到的几个问题
Neo in Action
09-11 2320
这是我在阅读与试验过程中所遇到的几个问题。希望对你有所帮助。 1. 运行activemq:list指令时发生错误。 karaf@root> activemq:list Connecting to JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi ERROR: java.lang.RuntimeException
GWT开发 - 开发环境搭建 Maven+NetBeans+Tomcat
Neo in Action
12-25 1854
1.创建GWT maven项目 我使用netbeans的版本是7.2.1 2.按装必要的插件 maven:NetBeans对Maven的支持应该是默认,插件默认已经安装了。安装NetBeans GWT插件 Tools--》Plugins Installed--》选中Show details--》搜索GWT4NB--》选中后,点击Activate按钮
[spring security] - LDAP configuration - Bind approach
Neo in Action
03-12 1195
Springsecurity LDAP authentication sample XML. " /> " /> " /> uid={0},ou=People cn sn uid
SSL configuration on Tomcat 7
Neo in Action
04-16 1001
SSL Secure Socket Layer. Is it safe? Maybe. TLS Transport Layer Security, SSL is it predecessor. They are cryptographic protocol which provide communication security over internet. Is TLS sa
[spring security] - Spring security LDAP configuration - Search approach
Neo in Action
03-12 996
Simple XML " /> " />
[springframework] - DispatcherServlet and WebApplicationContext
Neo in Action
03-04 962
1. Default context configuration xml, [servlet-name]-servlet.xml Configure DispatcherServlet in web.xml dispatcherServlet org.springframework.web.servlet.DispatcherServlet 1 dispatcherSe
No realms have been configured! One or more realms must be present to execute an authentication attempt.
最新发布
06-09
这个错误通常出现在使用Java EE中的安全机制时,没有配置相应的realm(领域)。Realm是Java EE中的一个重要的安全机制,用于认证和授权用户。它定义了如何验证用户凭据并确定用户是否具有访问受保护资源的权限。 要...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值