tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignacio J. Ortega" <na...@siapi.es>
Subject RE: Basic HTTP Authorization and JDBCRealm
Date Thu, 12 Apr 2001 14:35:49 GMT
This is a problem of the AJP12 connector, well really not a problem,
it's suppoused that when Tomcat is used behind any Web server ( IIS in
your case ) the BASIC auth headers are honored by the HTTP Server itself
not Tomcat, Tomcat ( in cooperation with ISAPI filter ) tries retrieve
this info from HTTP Server and in the IIS case this is a big problem, as
the BASIC config on IIS is connected to the NT auth in the OS so
everybody that tries to use IIS Basic auth have this problem...a Sad
problem..

3.3 can help you :) , this problem is resolved by adding a new (
undocumented until today :) attribute to AJP12connector ,
"tomcatAuthentication" when this attribute is true , Tomcat tries to do
BASIC auth by itself without reliying on HTTPServer capacities.... thus
making you happier ...

Hope this helps..

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Ricardo Gladwell [mailto:ricardo.gladwell@ubqtmedia.com]
> Enviado el: jueves 12 de abril de 2001 14:09
> Para: Tomcat Users
> Asunto: Basic HTTP Authorization and JDBCRealm
> 
> 
> Dear All,
> 
> I'm using JDBCRealm on Tomcat through IIS 5.0 on Windows 2000 to
> authenticate users for my companies Intranet. I managed to 
> configure my
> server to authenticate user via HTTP basic authorization. 
> However, when I
> attempt to log into my web application I receive the 
> following errors in my
> <jvm.stderr.log> file:
> 
> 2001-04-12 12:54:33 - ContextManager: JDBCRealm: 
> JDBCRealm.authenticate:
> SELECT Password FROM People WHERE UserName = ?
> 2001-04-12 12:54:34 - ContextManager: JDBCRealm: 
> Authentication unsuccessful
> for user null
> 
> With a bit a research it would appear that the JDBCRealm 
> interceptor is not
> reading the HTTP Authorization header properly. The 
> authenticate( String,
> Hashtable ) method is being passed a null value for the 
> username, or the
> authenticate( Request, Response ) is not receiving the 
> headers. Perhaps IIS
> or the ISAPI redirector are stripping this header when it 
> passes the request
> onto Tomcat?
> 
> If anyone could tell me what I'm doing wrong or where the 
> problem is likely
> to lie, I would be most grateful as this conundrum is eating 
> up days of my
> time. Here is the configuration for my server.xml file (the 
> SimpleRealm
> interceptor is commented out):
> 
>         <RequestInterceptor
>             className="org.apache.tomcat.request.JDBCRealm"
>             debug="99"
> 
> 			driverName="sun.jdbc.odbc.JdbcOdbcDriver"
> 
> 	    	connectionURL="jdbc:odbc:Intranet"
>               	connectionName="user"
>               	connectionPassword="pass"
> 
> 	    	userTable="People"
>             	userNameCol="UserName"
>             	userCredCol="Password"
> 
> 			userRoleTable="Roles"
>            		roleNameCol="RoleName"
> 		/>
> 
> Here is the configuration from the web.xml for my web application:
> 
> 	<security-constraint>
> 
> 		<web-resource-collection>
> 			<web-resource-name>Intranet</web-resource-name>
> 			<url-pattern>/*</url-pattern>
> 		</web-resource-collection>
> 
> 		<auth-constraint>
> 			<role-name>IntranetUser</role-name>
> 		</auth-constraint>
> 
> 	</security-constraint>
> 
> 	<login-config>
> 		<auth-method>BASIC</auth-method>
> 		<realm-name>UBQT Media Intranet</realm-name>
> 	</login-config>
> 
> TIA...
> 
> --
> Ricardo Gladwell
> UBQT Media PLC, Windsor
> Mobile: (07779) 841 444
> 
> 

Mime
View raw message