struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <erikwe...@mindspring.com>
Subject Re: Application Security
Date Wed, 09 Feb 2005 02:55:03 GMT
JDBC driver jar files belong in $TOMCAT_HOME/common/lib (I think that's 
what you are asking).

Erik


Tim Christopher wrote:

>Turned out that the database driver could not be found, which resulted
>in the same error that I was being given by the Container when it
>tried to connect for the JDBCRealm.
>
>Adding the file to the WEB-INF/lib folder allows a connection to be
>made from a JSP, however Tomcat still gives the same error as before -
>does adding the jar to WEB-INF/lib give the container access to the
>class files stored in it?!
>
>The contents of the server.xml file (which does not work correctly) is:
>           <Realm className="org.apache.catalina.realm.JDBCRealm"
>                  debug="99"
>                  driverName="com.borland.datastore.jdbc.DataStoreDriver"
>                  connectionURL="jdbc:borland:dslocal:C:\\Documents
>and Settings\\SIS_Db.jds"
>                  connectionName="sysdba"
>                  connectionPassword="masterkey"
>                  userTable="users"
>                  userNameCol="user_name"
>                  userCredCol="user_pass"
>                  userRoleTable="user_roles"
>                  roleNameCol="role_name" />
>
>  
>
>
>For anyone with a similar problem the driver (DataStoreDriver) can be
>found in <JBuilder>\lib\jdsserver.jar.  The code I added to the top of
>the JSP to test the database connection is below:
>
><% 
>
>try {
> Class.forName("com.borland.datastore.jdbc.DataStoreDriver");
>}
>catch (Exception e) {
> System.out.println("Driver Error\n" + e);
>}
>
>try {
> String username = "sysdba";
> String password = "masterkey";
> String db_url = "jdbc:borland:dslocal:";
> String db_file = "C:\\Documents and Settings\\SIS_Db.jds";
> java.sql.Connection
>connection=java.sql.DriverManager.getConnection(db_url + db_file,
>username, password);
> 
> java.sql.ResultSet
>rs=connection.createStatement().executeQuery("SELECT * FROM users");
> System.out.println("Column count is: " + rs.getMetaData().getColumnCount()); 
>}
>catch (Exception e) {
> System.out.println("Error\n" + e);
>}
>
>%> 
>
>
>On Tue, 8 Feb 2005 20:17:49 -0500, David G. Friedman
><humble@ix.netcom.com> wrote:
>  
>
>>Tim,
>>
>>Have you tried using any command line tools to get to your datastore?
>>Knowing that could rule out permissions issues on the database site as well
>>as the connection host/port/URL.
>>
>>Regards,
>>David
>>
>>-----Original Message-----
>>From: Tim Christopher [mailto:tim.christopher@gmail.com]
>>Sent: Tuesday, February 08, 2005 5:45 PM
>>To: Struts Users Mailing List
>>Subject: Re: Application Security
>>
>>I managed to solve the first error by reordering the elements within
>>the server.xml file, however I'm now stuck with the following error
>>(which occurs when the server is started):
>>
>>JDBCRealm[Catalina]: Exception opening database connection
>>java.sql.SQLException: com.borland.datastore.jdbc.DataStoreDriver
>>       at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
>>       at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:663)
>>               <snip/>
>>
>>Does anyone know if this is a problem with the database driver, or the
>>location of the database?  I've tried changing the URL to a path that
>>doesn't exist and I still get the same error, however I'm confident
>>that the connectionURL is correct as it connects perfectly when using
>>the same information within JBuilder's database pilot.
>>
>>Any suggestions would be appreciated. :o)
>>
>>Tim
>>
>>On Tue, 8 Feb 2005 12:07:16 -0500, David G. Friedman
>><humble@ix.netcom.com> wrote:
>>    
>>
>>>Tim,
>>>
>>>Have you also updated your web.xml and Tomcat conifgurations?
>>>
>>>-----Original Message-----
>>>From: Tim Christopher [mailto:tim.christopher@gmail.com]
>>>Sent: Tuesday, February 08, 2005 12:05 PM
>>>To: Struts Users Mailing List
>>>Subject: Re: Application Security
>>>
>>>Cheers for all your advice.
>>>
>>>I've just tried implementing the JDBCRealm, though unfortunaltly it
>>>does not work.  The Log4j error file contains the following:
>>>
>>>http-80-Processor25 ERROR org.apache.catalina.realm.JAASRealm
>>>JAASRealm.java:269 Unexpected error
>>>java.lang.SecurityException: Unable to locate a login configuration
>>>    at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
>>>    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>Method)
>>>    <snip/>
>>>
>>>To be honest, I'm not really sure what that means...  All I've done so
>>>far is copy a simple example and I've got that error.  Do I need to
>>>add anything to the classpath?
>>>
>>>I can post the code I'm using if anything thinks that will help....
>>>
>>>On Tue, 8 Feb 2005 03:06:51 -0000, Niall Pemberton
>>><niall.pemberton@blueyonder.co.uk> wrote:
>>>      
>>>
>>>>The forms for container managed security don't have to be plain html -
>>>>        
>>>>
>>you
>>    
>>
>>>>can configure in the web.xml custom "Logon"  and "Logon Error" pages
>>>>        
>>>>
>>which
>>    
>>
>>>>can be jsps, not just plain html. I have a custom tag on each of these
>>>>        
>>>>
>>>pages
>>>      
>>>
>>>>which writes the fact that a user has arrived at that page to log4j
>>>>        
>>>>
>>along
>>    
>>
>>>>with details from the request (e.g. IP address). Log4j is pretty
>>>>        
>>>>
>>powerful
>>    
>>
>>>in
>>>      
>>>
>>>>how you can configure it to filter that info and where to send it to.
>>>>
>>>>There are tags in the Jakarta Taglibs which you could use to achieve the
>>>>same thing...
>>>>   http://jakarta.apache.org/taglibs/doc/log-doc/intro.html
>>>>   http://jakarta.apache.org/taglibs/doc/request-doc/intro.html
>>>>
>>>>For example on your "Logon Error Page", you might have something like
>>>>this...
>>>>
>>>><req:request id="req"/>
>>>><log:error category="myapp.logon.failed">
>>>>     <bean:write name="req" property="remoteAddr"/>
>>>>     <bean:write name="req" property="remoteHost"/>
>>>></log:error>
>>>>
>>>>Once a user has "logged on", you can get the user name from from the
>>>>        
>>>>
>>>request
>>>      
>>>
>>>>and then look up the user details wherever they are stored...
>>>>     request.getUserPrincipal().getName()
>>>>
>>>>The actual form elements required are, as you say, plain html - but is
>>>>        
>>>>
>>>there
>>>      
>>>
>>>>any need for special tags since the action your posting to is fixed?
>>>>
>>>>Niall
>>>>
>>>>----- Original Message -----
>>>>From: "Tim Christopher" <tim.christopher@gmail.com>
>>>>Sent: Tuesday, February 08, 2005 2:08 AM
>>>>
>>>>        
>>>>
>>>>>I've recently discovered that it is not possible to map an action to
>>>>>j_security_check.  Given this situation how is it possible to populate
>>>>>a form bean with user data, or create a log of any failed login
>>>>>attempts (bad username / password) if the container takes control of
>>>>>the entire login process?
>>>>>
>>>>>Looking back at previous posts to the newsgroup I can see that in the
>>>>>past people have just used plain html to produce the j_security_check
>>>>>form.  Is it possible to do this using the <sslext:form> tag, but
so
>>>>>that it does not require a Struts action mapping for j_security_check
>>>>>to be present?
>>>>>
>>>>>I was currently intending on using JDBCRealm and the security-filter
>>>>>to control the site's security, though given the above problems I'm
>>>>>starting to think there might be a better way?  Or are these problems
>>>>>everyone has already solved, as surely some form of login system is
>>>>>present in the vast majority of Struts applications.
>>>>>          
>>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>>>For additional commands, e-mail: user-help@struts.apache.org
>>>>
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>>For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message