tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: help! authentication problem
Date Tue, 03 Dec 2002 01:39:34 GMT
See below.

On Mon, 2 Dec 2002, Nathan Pitts wrote:

> Date: Mon, 2 Dec 2002 19:08:42 -0600
> From: Nathan Pitts <jpitts@tahc.state.tx.us>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: help!  authentication problem
>
> I have a problem that hopefully someone has seen before -- please help
> if you can.  I am trying to get Tomcat to do declarative
> authentication/auth. using a JDBCRealm (via a Sybase database).  I am
> using Sybase's Jconnect5.5 driver.  It seems like I have followed the
> instructions to configure this, but the authentication fails and there
> is an exception in my app's logfile that says the following:
>
> 2002-12-02 18:52:09 Authenticator[/hris]: Security checking request GET
> /hris/index.html
> 2002-12-02 18:52:09 Authenticator[/hris]:   Checking constraint
> 'SecurityConstraint[TAHCStaff]' against GET /index.html --> true
> 2002-12-02 18:52:09 Authenticator[/hris]:  Subject to constraint
> SecurityConstraint[TAHCStaff]
> 2002-12-02 18:52:09 Authenticator[/hris]:  Calling checkUserData()
> 2002-12-02 18:52:09 Authenticator[/hris]:   User data constraint has no
> restrictions
> 2002-12-02 18:52:09 Authenticator[/hris]:  Calling authenticate()
> 2002-12-02 18:52:09 JDBCRealm[/hris]: Username jpitts successfully
> authenticated
> 2002-12-02 18:52:09 JDBCRealm[/hris]: Exception performing
> authentication
> com.sybase.jdbc2.jdbc.SybSQLException: Invalid column name 'username'.
>
> 	at com.sybase.jdbc2.tds.Tds.processEed(Tds.java:2535)
> 	at com.sybase.jdbc2.tds.Tds.nextResult(Tds.java:1916)
> 	at com.sybase.jdbc2.jdbc.ResultGetter.nextResult(ResultGetter.java:69)
> 	at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:201)
> 	at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:182)
> 	at com.sybase.jdbc2.jdbc.SybStatement.queryLoop(SybStatement.java:1455)
> 	at
> com.sybase.jdbc2.jdbc.SybStatement.executeQuery(SybStatement.java:1440)
> 	at
> com.sybase.jdbc2.jdbc.SybPreparedStatement.executeQuery(SybPreparedState
> ment.java:70)
> 	at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:476)
> 	at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:394)
> 	at
> org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicA
> uthenticator.java:161)
>
> The column is called 'username' in the database, however.  The
> following clips of the server.xml file and web.xml file may give some
> insight....???
>

Is this column called "username" in *both* the "users" and "roles" tables?
The particular query that broke (at line 476 of JDBCRealm) is trying
to read from the roles table, while it appears from the log that
authenticating the user was successful (meaning the users table is
probably ok).

> Server.xml
>
> <Context className="org.apache.catalina.core.StandardContext"
> cachingAllowed="false"
> charsetMapperClass="org.apache.catalina.util.CharsetMapper"
> cookies="true" crossContext="false" debug="99" displayName="Welcome to
> HRIS" docBase="/usr/local/tomcat/webapps/hris"
> mapperClass="org.apache.catalina.core.StandardContextMapper"
> path="/hris" privileged="false" reloadable="true" swallowOutput="false"
> useNaming="true"
> wrapperClass="org.apache.catalina.core.StandardWrapper">
>            <Realm className="org.apache.catalina.realm.JDBCRealm"
> connectionName="theuser"
> 		connectionPassword="thepw"
> connectionURL="jdbc:sybase:Tds:192.108.17.13:4100/users"
> 		debug="99" driverName="com.sybase.jdbc2.jdbc.SybDriver"
> 		userTable="users" userNameCol="username" userCredCol="password"
> 		userRoleTable="roles" roleNameCol="arole"/>
>
> 	<Logger className="org.apache.catalina.logger.FileLogger" debug="99"
> directory="logs" prefix="hris_log."
> 		suffix=".txt" timestamp="true" verbosity="99"/>
>          </Context>
>
>
> Web.xml
>
> 	<security-constraint>
> 		<display-name>Web App Access Control -- TAHC Staff</display-name>
> 		<web-resource-collection>
> 			<web-resource-name>TAHCStaff</web-resource-name>
> 			<url-pattern>/index.html</url-pattern>
> 		</web-resource-collection>
> 		<auth-constraint>
> 			<role-name>tahcstaff</role-name>
> 		</auth-constraint>
> 		<user-data-constraint>
> 			<transport-guarantee>NONE</transport-guarantee>
> 		</user-data-constraint>
> 	</security-constraint>
>
>
> 	<login-config>
> 		<auth-method>BASIC</auth-method>
> 		<realm-name>JDBCRealm</realm-name>

Although this element (confusingly) refers to a "realm", it's only used
when you are using BASIC authentication -- this value shows up in the
pop-up dialog that the browser shows for you.  You can make it say
whatever you want.

> 		<form-login-config>
> 			<form-login-page>/login.html</form-login-page>
> 			<form-error-page>/login-error.html</form-error-page>
> 		</form-login-config>

You don't need these if you're using BASIC authentication.

> 	</login-config>
>
> 	<security-role>
> 		<description>Regular TAHC users</description>
> 		<role-name>tahcstaff</role-name>
> 	</security-role>
>

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message