Payara Micro 5.201 – Setup a JDBCRealm

To setup a database realm (JDBCRealm) in Payara Micro is a little bit tricky because some settings have changed in the past and so there is no clear updated example. This blog post shows a configuration example for Payara 5.2 in combination with a data source based on the Workflow project Imixs-Office-Workflow.

<security-service activate-default-principal-to-role-mapping="true" jacc="simple"
   audit-enabled="true" default-realm="jdbcRealm">

<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property value="${com.sun.aas.instanceRoot}/config/admin-keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>

<!-- Imixs file realm configuraiton START -->
<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="jdbcRealm">
<property name="jaas-context" value="jdbcRealm"></property>
<property name="encoding" value="Hex"></property>
<property name="password-column" value="password"></property>
<property name="datasource-jndi" value="jdbc/office"></property>
<property name="group-table" value="userid_usergroup"></property>
<property name="user-table" value="userid"></property>
<property name="group-name-column" value="group_id"></property>
<property name="group-table-user-name-column" value="id"></property>
<property name="digest-algorithm" value="SHA-256"></property>
<property name="user-name-column" value="id"></property>
</auth-realm>
<!-- Imixs file realm configuraiton END -->

....
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
<property name="auditOn" value="true" />
</audit-module>
.....
</security-service>

Take care about the property “group-table-user-name-column”. This property is new and specifies the column name for the userid within the group table.

Another important setting is the “default-realm” in the security-service tag. This property must be set to the name of the jdbcRealm (in my case “jdbcRealm”).

Enable Security Audit

To get more information what is happening during the authentication you can enable the security-service audit with the attribute

audit-enabled="true"

and the audit for the security module with the property ‘auditOn’

<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
   <property name="auditOn" value="true" />
</audit-module>

Leave a Reply

Your email address will not be published. Required fields are marked *