Apache Tomcat JDBCRealm Configuration

| June 27, 2013

This post demonstrates how to configure your Tomcat server in the Jelastic Cloud PaaS environment to provide container managed security. As an example we'll connect a sample application to the database of usernames, roles and passwords. It's very useful when your application includes security constraint and login configuration elements, which define user's authentication.

We will show you the above scenario using Realm. In general it's a database of usernames, user roles and credentials which identify valid users of your web app. After reading this tutorial you should be able to configure Tomcat JDBCRealm, which accesses authentication information stored in a relational database via JDBC driver.

So, let's start!

1. Create an environment with Tomcat 7 application server and MySQL database. For more detailed information on how to achieve this, use this document.

2. Upload your application to the Deployment manager and deploy it to the environment you've just created. As an example we use sample app dbconnexample, which creates tables in the connected database.

apache tomcat jdbcrealm app deploy

3. After that open MySQL node in a web browser, log in using the credentials, which Jelastic sent you earlier and create a new database for your application needs. Let's name it realm.

apache tomcat jdbcrealm database

4. Create two tables e.g. users and user roles. The user's table should consist of at least two columns: the first one will be for usernames, the second - for passwords. Relatively user roles table should include usernames and users' roles.

Use this SQL script for testing:

user_name varchar(15) not null primary key,
user_pass varchar(15) not null
create table user_roles (
user_name varchar(15) not null,
role_name varchar(15) not null,
primary key (user_name, role_name)
apache tomcat hosting jdbc realm tables

5. Specify users, passwords and roles in the created tables.

6. Click on the Config button for your server and create mydb.cfg in the home directory to connect our sample app to the database:

username={get in the email from Robot@jelastic} 
password={get in the email from Robot@jelastic} 
tomcat hosting jdbcrealm database connection

7. Upload MySQL connector to the lib folder of your server if it's needed. In our case this library is included into the application.

8. Navigate to the server directory and specify your JDBCRealm elements (don't forget to delete or comment the default ones) to the server.xml file. For example:

<Realm className="org.apache.catalina.realm.JDBCRealm"
      connectionURL="jdbc:mysql://mysql-{your_env_name}.{hoster_domain}/{db_name}?user={get in the email from Robot@jelastic}&amp;password={get in the email from Robot@jelastic}"
      userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name"/>
Note: Tomcat JDBCRealm can be placed inside of these container elements:
  • Engine element: In this case Realm is shared across all your applications on all virtual hosts, if it isn't overridden by a Realm element inserted inside a host or context element subordinate.
  • Host element: Here Realm is shared across all your web applications for this virtual host, if it isn't overridden by a Realm element inserted inside a subordinate context element.
  • Context element: For this case the Realm is used for current web app only.

9. Finally edit your application web.xml in order to specify the security constraints and login configuration.


tomcat hosting jdbcrealm elements
Open your application in a web browser to check the results.


As you see it is quite easy to configure container managed security with Tomcat JDBCRealm in the cloud. Jelastic PaaS supports only standard software stacks, so you can work with them like you used to do locally. Forget about code changes and programming for platform and simply enjoy with flexible Tomcat hosting!