tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oki DZ <ok...@bdg.pindad.com>
Subject Re: JDBC Realm is gone
Date Tue, 15 May 2001 07:44:02 GMT
Hi,

I can get the MD5 authentication working.
In my server.xml:
	<Context path="/test" docBase="test" debug="9"
	  reloadable="true">
	     <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
	       digest="MD5"
	       driverName="org.gjt.mm.mysql.Driver"
	       connectionURL="jdbc:mysql://myhost.com/James"
	       connectionName="guest"
	       connectionPassword=""
	       userTable="Users" userNameCol="username" userCredCol="password"
	       userRoleTable="userroles" roleNameCol="rolename" />
	</Context>

I guess, it's the meaning of "attaching a realm to a context"; ie:
inserting the realm element in the context element.

My webapp's web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">

<web-app>
  <servlet>
      <servlet-name>sample</servlet-name>
      <servlet-class>SampleServlet</servlet-class>
      <init-param>
        <param-name>properties</param-name>
	<param-value>WEB-INF/sample.properties</param-value>
      </init-param>
      <security-role-ref>
         <role-name>test</role-name>
              <!--  ^^^^ this could be arbitrary it seems. Tomcat
doesn't use it;
                    ie: the servlets don't have hard-wired "internal
roles" -->
         <role-link>tomcat</role-link>
               <!-- ^^^^^^ this "link", links to the role-name in the
auth-constraint below -->
      </security-role-ref>
  </servlet>
   <servlet-mapping>
       <servlet-name>sample</servlet-name>
       <url-pattern>/sample</url-pattern>
   </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Entire Application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>tomcat</role-name>
    </auth-constraint>
  </security-constraint>
  <!-- Define the Login Configuration for this Application -->

  <login-config>
    <auth-method>BASIC</auth-method>
           <!--  ^^^^^ this has to be BASIC (no "DIGEST," to be exact
:-)
                 meaning: using the browser login box -->
    <realm-name>Test Application</realm-name>
  </login-config>
</web-app>

BTW, if I don't want to use any role for the authentication, how should
I proceed? I mean, username-password pairs in the users' database should
be sufficient. (With the roles set up, I have to maintain another table;
ie: userroles.)

BTW2, useful references:
* Tomcat docs in the source directories.
* http://e-docs.bea.com/wls/docs60/programming/web_xml.html

Oki

Mime
View raw message