struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Christopher <tim.christop...@gmail.com>
Subject Re: Application Security
Date Wed, 09 Feb 2005 02:46:39 GMT
Turned out that the database driver could not be found, which resulted
in the same error that I was being given by the Container when it
tried to connect for the JDBCRealm.

Adding the file to the WEB-INF/lib folder allows a connection to be
made from a JSP, however Tomcat still gives the same error as before -
does adding the jar to WEB-INF/lib give the container access to the
class files stored in it?!

The contents of the server.xml file (which does not work correctly) is:
           <Realm className="org.apache.catalina.realm.JDBCRealm"
                  debug="99"
                  driverName="com.borland.datastore.jdbc.DataStoreDriver"
                  connectionURL="jdbc:borland:dslocal:C:\\Documents
and Settings\\SIS_Db.jds"
                  connectionName="sysdba"
                  connectionPassword="masterkey"
                  userTable="users"
                  userNameCol="user_name"
                  userCredCol="user_pass"
                  userRoleTable="user_roles"
                  roleNameCol="role_name" />

>>>>>>

For anyone with a similar problem the driver (DataStoreDriver) can be
found in <JBuilder>\lib\jdsserver.jar.  The code I added to the top of
the JSP to test the database connection is below:

<% 

try {
 Class.forName("com.borland.datastore.jdbc.DataStoreDriver");
}
catch (Exception e) {
 System.out.println("Driver Error\n" + e);
}

try {
 String username = "sysdba";
 String password = "masterkey";
 String db_url = "jdbc:borland:dslocal:";
 String db_file = "C:\\Documents and Settings\\SIS_Db.jds";
 java.sql.Connection
connection=java.sql.DriverManager.getConnection(db_url + db_file,
username, password);
 
 java.sql.ResultSet
rs=connection.createStatement().executeQuery("SELECT * FROM users");
 System.out.println("Column count is: " + rs.getMetaData().getColumnCount()); 
}
catch (Exception e) {
 System.out.println("Error\n" + e);
}

%> 


On Tue, 8 Feb 2005 20:17:49 -0500, David G. Friedman
<humble@ix.netcom.com> wrote:
> Tim,
> 
> Have you tried using any command line tools to get to your datastore?
> Knowing that could rule out permissions issues on the database site as well
> as the connection host/port/URL.
> 
> Regards,
> David
> 
> -----Original Message-----
> From: Tim Christopher [mailto:tim.christopher@gmail.com]
> Sent: Tuesday, February 08, 2005 5:45 PM
> To: Struts Users Mailing List
> Subject: Re: Application Security
> 
> I managed to solve the first error by reordering the elements within
> the server.xml file, however I'm now stuck with the following error
> (which occurs when the server is started):
> 
> JDBCRealm[Catalina]: Exception opening database connection
> java.sql.SQLException: com.borland.datastore.jdbc.DataStoreDriver
>        at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
>        at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:663)
>                <snip/>
> 
> Does anyone know if this is a problem with the database driver, or the
> location of the database?  I've tried changing the URL to a path that
> doesn't exist and I still get the same error, however I'm confident
> that the connectionURL is correct as it connects perfectly when using
> the same information within JBuilder's database pilot.
> 
> Any suggestions would be appreciated. :o)
> 
> Tim
> 
> On Tue, 8 Feb 2005 12:07:16 -0500, David G. Friedman
> <humble@ix.netcom.com> wrote:
> > Tim,
> >
> > Have you also updated your web.xml and Tomcat conifgurations?
> >
> > -----Original Message-----
> > From: Tim Christopher [mailto:tim.christopher@gmail.com]
> > Sent: Tuesday, February 08, 2005 12:05 PM
> > To: Struts Users Mailing List
> > Subject: Re: Application Security
> >
> > Cheers for all your advice.
> >
> > I've just tried implementing the JDBCRealm, though unfortunaltly it
> > does not work.  The Log4j error file contains the following:
> >
> > http-80-Processor25 ERROR org.apache.catalina.realm.JAASRealm
> > JAASRealm.java:269 Unexpected error
> > java.lang.SecurityException: Unable to locate a login configuration
> >     at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
> >     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> > Method)
> >     <snip/>
> >
> > To be honest, I'm not really sure what that means...  All I've done so
> > far is copy a simple example and I've got that error.  Do I need to
> > add anything to the classpath?
> >
> > I can post the code I'm using if anything thinks that will help....
> >
> > On Tue, 8 Feb 2005 03:06:51 -0000, Niall Pemberton
> > <niall.pemberton@blueyonder.co.uk> wrote:
> > > The forms for container managed security don't have to be plain html -
> you
> > > can configure in the web.xml custom "Logon"  and "Logon Error" pages
> which
> > > can be jsps, not just plain html. I have a custom tag on each of these
> > pages
> > > which writes the fact that a user has arrived at that page to log4j
> along
> > > with details from the request (e.g. IP address). Log4j is pretty
> powerful
> > in
> > > how you can configure it to filter that info and where to send it to.
> > >
> > > There are tags in the Jakarta Taglibs which you could use to achieve the
> > > same thing...
> > >    http://jakarta.apache.org/taglibs/doc/log-doc/intro.html
> > >    http://jakarta.apache.org/taglibs/doc/request-doc/intro.html
> > >
> > > For example on your "Logon Error Page", you might have something like
> > > this...
> > >
> > > <req:request id="req"/>
> > > <log:error category="myapp.logon.failed">
> > >      <bean:write name="req" property="remoteAddr"/>
> > >      <bean:write name="req" property="remoteHost"/>
> > > </log:error>
> > >
> > > Once a user has "logged on", you can get the user name from from the
> > request
> > > and then look up the user details wherever they are stored...
> > >      request.getUserPrincipal().getName()
> > >
> > > The actual form elements required are, as you say, plain html - but is
> > there
> > > any need for special tags since the action your posting to is fixed?
> > >
> > > Niall
> > >
> > > ----- Original Message -----
> > > From: "Tim Christopher" <tim.christopher@gmail.com>
> > > Sent: Tuesday, February 08, 2005 2:08 AM
> > >
> > > > I've recently discovered that it is not possible to map an action to
> > > > j_security_check.  Given this situation how is it possible to populate
> > > > a form bean with user data, or create a log of any failed login
> > > > attempts (bad username / password) if the container takes control of
> > > > the entire login process?
> > > >
> > > > Looking back at previous posts to the newsgroup I can see that in the
> > > > past people have just used plain html to produce the j_security_check
> > > > form.  Is it possible to do this using the <sslext:form> tag, but
so
> > > > that it does not require a Struts action mapping for j_security_check
> > > > to be present?
> > > >
> > > > I was currently intending on using JDBCRealm and the security-filter
> > > > to control the site's security, though given the above problems I'm
> > > > starting to think there might be a better way?  Or are these problems
> > > > everyone has already solved, as surely some form of login system is
> > > > present in the vast majority of Struts applications.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > For additional commands, e-mail: user-help@struts.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message