Return-Path: <Oliver.Kurt@opendata.de>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 9640 invoked from network); 18 Dec 2000 15:05:38 -0000
Received: from unknown (HELO linos.opendata.de) (@212.103.104.200)
  by locus.apache.org with SMTP; 18 Dec 2000 15:05:38 -0000
Received: by linos.opendata.de with Internet Mail Service (5.5.2232.9)
	id <Y7P6A0SH>; Mon, 18 Dec 2000 16:06:46 +0100
Message-ID: <518284F87BDCD21184AC00104B959AF75B37D4@linos.opendata.de>
From: "Kurt, Oliver" <Oliver.Kurt@opendata.de>
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Subject: AW: JDBC Realm documentation
Date: Mon, 18 Dec 2000 16:06:45 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2232.9)
Content-Type: text/plain;
	charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

Okay then let me explain what I did and what didn't work....

1.) I followed the instructions in the jdbc-realm howto (what means, =
that i
created the tables in the database and commented the line
"org.apache.tomcat.request.SimpleRealm" and inserted the following:

	<RequestInterceptor=20
		className=3D"org.apache.tomcat.request.JDBCRealm"
	     	debug=3D"99"
	     	driverName=3D"oracle.jdbc.driver.OracleDriver"
     		connectionURL=3D"jdbc:oracle:thin:@c_mgeiss:1521:testdb"
	     	connectionName=3D"utest"
	     	connectionPassword=3D"utest"
	    	userTable=3D"users"=20
	    	userNameCol=3D"user_name"=20
	    	userCredCol=3D"user_pass"
	     	userRoleTable=3D"user_roles"=20
	     	roleNameCol=3D"role_name" />

2.) Now I thought the web.xml file has to be modified, so I added the
following lines (which I found in an old mail from this list):

<security-constraint>
   <web-resource-collection>
      <web-resource-name>WebApp</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
   </web-resource-collection>
   <auth-constraint>
      <role-name>admin</role-name>
   </auth-constraint>
 </security-constraint>

 <login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>okurt</realm-name>
 </login-config>

3.) but when I try to access an arbitrary jsp file in my =
tomcat\webapps\test
directory, the jsp file is display. And no security-check is done.


That was the reason, why I thought that the web.xml file has to contain =
some
parameter-tags for security checking.
If the web.xml file needn't to be modified, what to do else?





-----Urspr=FCngliche Nachricht-----
Von: Nacho [mailto:nacho@siapi.es]
Gesendet: Montag, 18. Dezember 2000 15:46
An: 'tomcat-user@jakarta.apache.org'
Betreff: RE: JDBC Realm documentation


>=20
> Hi again,
>=20
> it's actually pretty bad that there are no docs at all.
>=20
> I think my main problem are the entries in the web.xml file, which =
are
> unfortunately not described in the howto file (I do know that this is
> described in the servlet-api-specification, but this is not=20
> very clear to
> me).=20

This is unrelated to JDBCRealm itself, and the only and best doc is the
spec itself, or you can buy some books on that, or try to review
examples context web.xml for a good example of almost everything =
web.xml
can have, or you can post here your questions and people will help you.


> It would be very nice if someone can post the basically=20
> needed entries in
> the web.xml file for a JDBCRealm.

Nothing so far not need for a regular application that uses Container
managed security, JDBRealm only plays a role of providing the
credentials for users, the very same that SimpleRealm &
conf/tomcat-users.xml do for examples context, there is nothing that
need to know about JDBCRealm to write a correct web.xml for your =
webapp.

>=20
> Thanks in advance
> Oliver Kurt
> =20

Saludos ,
Ignacio J. Ortega