How to configure JDBCRealm to obtain its DataSource from JNDI

Question

How do you use a JDBCRealm to handle authenticating and authorizing users in servlets? The only example I can find is to create the DataSource in web.xml (such as Authentication against database using shiro 1.2.1).

I do not want to include database credentials in my source tree (for obvious reasons) and would prefer to use a Context defined DataSource via JNDI as I have for every other RDBMS I have used for any other purpose in every other servlet project I have developed.

How do you configure a Shiro JDBCRealm to obtain its DataSource from JNDI?

Answer 1

Vrushank's answer was really close: you don't need to subclass the JdbcRealm here - you can use Shiro's JndiObjectFactory to acquire the DataSource and then reference that DataSource when you configure the JdbcRealm:

[main]
dataSource = org.apache.shiro.jndi.JndiObjectFactory
dataSource.resourceName = java://app/jdbc/myDataSource

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.dataSource = $dataSource
#addt'l config

For a web application, save the file under WEB-INF/shiro.ini.

See Also

• https://github.com/danielmt/shiro-primefaces-example/blob/master/src/main/webapp/WEB-INF/shiro.ini

Answer 2

For Shiro to work with permissions with the JDBC realm this parameter is indispensable:

jdbcRealm.permissionsLookupEnabled = true 

I wasted many hours on this because the default for this option is false. In other words, if you don't put this option Shiro always return an empty list of permissions.

Answer 3

I commented on @Les Hazlewood answer and on @Recurse comment, but might be that new answer is better option.

In my case I have to use only JDNI datasource name on weblogic and full path on tomcat:

Tomcat:

 ds = org.apache.shiro.jndi.JndiObjectFactory   
 ds.requiredType = javax.sql.DataSource  
 ds.resourceName = java:/comp/env/oracle/pportal_dev

 # JDBC realm config  
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm  
 jdbcRealm.permissionsLookupEnabled = true 
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
 jdbcRealm.dataSource = $ds

Weblogic

 ds = org.apache.shiro.jndi.JndiObjectFactory   
 ds.requiredType = javax.sql.DataSource   
 ds.resourceName = oracle/pportal_dev

 # JDBC realm config  
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm  
 jdbcRealm.permissionsLookupEnabled = true 
 jdbcRealm.dataSource = $ds

Note

ds.resourceName = java:/comp/env/oracle/pportal_dev 
vs
ds.resourceName = oracle/pportal_dev

Answer 4

You'll need to create a custom Realm of your own by extending JdbcRealm to programatically lookup the datasource through the provided JNDI.

You can then pass the JNDI as a property in shiro.ini

[main]
# realms to be used
customSecurityRealm=package.to.your.CustomRealm
customSecurityRealm.jndiDataSourceName=java:app/jdbc/myDatasource

See the below article as an example. It takes care of both Authentication and Authorization.

Apache Shiro JDBC Realm