struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David G. Friedman" <hum...@ix.netcom.com>
Subject RE: Application Security
Date Wed, 09 Feb 2005 01:17:49 GMT
Tim,

Have you tried using any command line tools to get to your datastore?
Knowing that could rule out permissions issues on the database site as well
as the connection host/port/URL.

Regards,
David

-----Original Message-----
From: Tim Christopher [mailto:tim.christopher@gmail.com]
Sent: Tuesday, February 08, 2005 5:45 PM
To: Struts Users Mailing List
Subject: Re: Application Security


I managed to solve the first error by reordering the elements within
the server.xml file, however I'm now stuck with the following error
(which occurs when the server is started):

JDBCRealm[Catalina]: Exception opening database connection
java.sql.SQLException: com.borland.datastore.jdbc.DataStoreDriver
	at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
	at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:663)
                <snip/>

Does anyone know if this is a problem with the database driver, or the
location of the database?  I've tried changing the URL to a path that
doesn't exist and I still get the same error, however I'm confident
that the connectionURL is correct as it connects perfectly when using
the same information within JBuilder's database pilot.

Any suggestions would be appreciated. :o)

Tim

On Tue, 8 Feb 2005 12:07:16 -0500, David G. Friedman
<humble@ix.netcom.com> wrote:
> Tim,
>
> Have you also updated your web.xml and Tomcat conifgurations?
>
> -----Original Message-----
> From: Tim Christopher [mailto:tim.christopher@gmail.com]
> Sent: Tuesday, February 08, 2005 12:05 PM
> To: Struts Users Mailing List
> Subject: Re: Application Security
>
> Cheers for all your advice.
>
> I've just tried implementing the JDBCRealm, though unfortunaltly it
> does not work.  The Log4j error file contains the following:
>
> http-80-Processor25 ERROR org.apache.catalina.realm.JAASRealm
> JAASRealm.java:269 Unexpected error
> java.lang.SecurityException: Unable to locate a login configuration
>     at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
>     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>     <snip/>
>
> To be honest, I'm not really sure what that means...  All I've done so
> far is copy a simple example and I've got that error.  Do I need to
> add anything to the classpath?
>
> I can post the code I'm using if anything thinks that will help....
>
> On Tue, 8 Feb 2005 03:06:51 -0000, Niall Pemberton
> <niall.pemberton@blueyonder.co.uk> wrote:
> > The forms for container managed security don't have to be plain html -
you
> > can configure in the web.xml custom "Logon"  and "Logon Error" pages
which
> > can be jsps, not just plain html. I have a custom tag on each of these
> pages
> > which writes the fact that a user has arrived at that page to log4j
along
> > with details from the request (e.g. IP address). Log4j is pretty
powerful
> in
> > how you can configure it to filter that info and where to send it to.
> >
> > There are tags in the Jakarta Taglibs which you could use to achieve the
> > same thing...
> >    http://jakarta.apache.org/taglibs/doc/log-doc/intro.html
> >    http://jakarta.apache.org/taglibs/doc/request-doc/intro.html
> >
> > For example on your "Logon Error Page", you might have something like
> > this...
> >
> > <req:request id="req"/>
> > <log:error category="myapp.logon.failed">
> >      <bean:write name="req" property="remoteAddr"/>
> >      <bean:write name="req" property="remoteHost"/>
> > </log:error>
> >
> > Once a user has "logged on", you can get the user name from from the
> request
> > and then look up the user details wherever they are stored...
> >      request.getUserPrincipal().getName()
> >
> > The actual form elements required are, as you say, plain html - but is
> there
> > any need for special tags since the action your posting to is fixed?
> >
> > Niall
> >
> > ----- Original Message -----
> > From: "Tim Christopher" <tim.christopher@gmail.com>
> > Sent: Tuesday, February 08, 2005 2:08 AM
> >
> > > I've recently discovered that it is not possible to map an action to
> > > j_security_check.  Given this situation how is it possible to populate
> > > a form bean with user data, or create a log of any failed login
> > > attempts (bad username / password) if the container takes control of
> > > the entire login process?
> > >
> > > Looking back at previous posts to the newsgroup I can see that in the
> > > past people have just used plain html to produce the j_security_check
> > > form.  Is it possible to do this using the <sslext:form> tag, but so
> > > that it does not require a Struts action mapping for j_security_check
> > > to be present?
> > >
> > > I was currently intending on using JDBCRealm and the security-filter
> > > to control the site's security, though given the above problems I'm
> > > starting to think there might be a better way?  Or are these problems
> > > everyone has already solved, as surely some form of login system is
> > > present in the vast majority of Struts applications.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message