shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Phillips <>
Subject Re: Basic Tutorial That Uses A Database
Date Thu, 02 Apr 2009 19:03:57 GMT

OK - I've started the code examples for the tutorial.

My plan is to have a multi-part tutorial to show how to use JSecurity (or should I be calling
it Ki?) in web application that uses a database for storing usernames and passwords.  

I've got the first two code examples done and if you could look them over that would be helpful.

1.  Database used is Apache Derby (it's an easy download and the user would just need to unzip
it to a folder named c:/derby.  
    a.  The database just has one table - users with three columns (userid, username, and
password).  For the first few examples, the passwords will be stored in the database in plain
text to take advantage of JSecurity's default credential matcher.  
    b.  You can download the Derby database here -
 If you don't have the Derby jar files you can get them here:
    c.  I've previously written about using Derby in a Java web application on my blog so
I can refer people to those blog articles if they are new to using Derby.  To use this Derby
database with the example web application you just need to download the Derby database and
unzip it to c:/derby.  You'll need the derby.jar and derbyclient.jar on your web application's
class path.

2.  First example (see the Eclipse archived dynamic web project at
has no security and doesn't use JSecurity.  This example is just to ensure the user can run
the basic web application and connect to the Derby database.  The example runs under Tomcat
6.  The data source is setup in context.xml and uses connection pooling.

3.  The second example (see the Eclipse archived dynamic web project at
just has basic user authentication using JSecurity.  There are no roles or permissions (those
along with the JSecurity custom tags would be explored in future tutorials).  This is the
project I really need you to review to see if I've made some mistakes in the setup.

Once you're OK with the code examples I've done so far, I plan to add a lot of comments into
the code and then write up the tutorial to walk someone through setting up these examples
from scratch.  I want to keep the examples are clean as possible so I won't be using Maven,
Spring, Struts, or Ivy, etc.

After getting these first two code examples and the initial tutorial up I'll start the next
tutorial on probably setting up roles and securing certain areas by role.

Please let me know what changes I need to make to the code examples and anything else that
would be helpful.


View this message in context:
Sent from the JSecurity User mailing list archive at

View raw message