tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Fincher" <...@tbird.com>
Subject Re: JDBCRealm
Date Fri, 03 Jan 2003 03:50:49 GMT
Hi Rob,

> Ok, I tried cleartext passwords, but I came up with the same result.  I
don't
> understand why tomcat is able to start up at all, if the authentication is
> failing.

Users are authenticated not Tomcat, so starting Tomcat has nothing to do
with authentication.  Tomcat is just a Java program.

When a user tries to access a web app Tomcat will authenticate that user if
that web app's web.xml file tells it to. The manager app is set up to
require authentication .

The web.xml file for admin is in
CATALINA_HOME/server/webapps/admin/WEB-INF/web.xml, you can see how it is
set up there.  If you want to authenticate users for your own web apps, set
up their web.xml security roles in a similar fashion.

> When I run 'ps' after starting up tomcat, I see this process:
>
> 40 S postgres  2825  2758  0  75   0    -  2431 schedu 18:12 pts/0
00:00:00
> postgres: tomcat template1 24.208.224.236 idle in transaction
>
> Seeing this makes me believe that Tomcat is correctlty connecting to the
> database at startup.  Is this true?  If so, why can't the admin or manager
> apps authenticate?  They are using the same Realm (it's nested inside the
> <Engine> tag) and I'm supplying the same username and password.

A couple of other things you can check:

Should  userNameCol="usename" be userNameCol="username" ?

Can you access Postgres data from that file in your web apps using that
driver and username/password?  You should be able to write a simple program
to read the role names from the database.

Within Postgres have you granted select privleges to the database table in
template1 to the user tomcat in the tables pg_shadow and pg_groupview?

Can you use a db browser tool to log in as tomcat and execute an SQL command
like: SELECT groname FROM TABLE pg_groupview WHERE usename IS 'tomcat'?

Rick

>
> --
> Robert Abernethy IV
> Dynamic Edge, Inc.
> 734.975.0460
>
> > Hi Rob,
> >
> > Try it in clear text without the MD5 digest, to verify that your
> > password, username, role, etc are correct.
> >
> > I had a lot of problems with digesting.
> >
> > Also some databases return column names in upper case even if they
> > are in lower case so you may want to try all caps on your db column
> > names.  I think you would get a different eror message if this was
> > the case, though.
> >
> > Rick
> >
> > ----- Original Message -----
> >
> > > I'm trying to set up a JDBCRealm for use with the admin and manager
> > webapps.
> > > The problem is that I am unable to authenticate any users.
> > >
> > > - Tomcat 4.1.18
> > > - Postgresql 7.3.1
> > > - JDBC driver is in $CATALINA_HOME/common/lib
> > > - Tomcat starts up fine, I just can't authenticate
> > > - I can directly connect to my database with the username and password
> > > - I have created the 'admin' and 'manager' groups in the database
> > > - I have added the users to both groups
> > >
> > > Realm:
> > > <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
> > >        driverName="org.postgresql.Driver"
> > >     connectionURL="jdbc:postgresql://bilbo.dynedge.com/template1"
> > >    connectionName="tomcat" connectionPassword="tomcat"
> > >         userTable="pg_shadow" userNameCol="usename"
userCredCol="passwd"
> > >     userRoleTable="pg_groupview" roleNameCol="groname"
> > >            digest="MD5" />
> > >
> > > Log:
> > > 2003-01-02 12:34:34 JDBCRealm[Standalone]: Username tomcat NOT
> > successfully
> > > authenticated
> > >
> > > Any ideas?
> > >
> > > --
> > > Robert Abernethy IV
> > > Dynamic Edge, Inc.
> > > 734.975.0460
> >
> > --
> > To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message