tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Abernethy IV" <aberne...@dynedge.com>
Subject Re: JDBCRealm
Date Fri, 03 Jan 2003 05:21:16 GMT
Does Tomcat process the JDBC Realm on start up, or only when a web app asks 
for authentication?  I seem to recall that I was unable to start Tomcat if 
the realm was not configured correctly.  Also, I see a postgres process (see 
below) which indicates a connection to the database.  The process 
shows 'tomcat' because that is the *user name* I am using in the realm 
configuration.

The column names are correct (postgres uses 'usename' not 'username').

The "tomcat" user has the correct privilages on the necessary tables.

I have written a simple Java program that is able to connect and display data 
from pg_shadow and pg_groupview.  This program uses the same JDBC driver, 
connection URL, user name ("tomcat"), and password.

I have created my own web app (thinking the admin or manager web apps might 
be the problem), but it is also unable to authenticate users.

Any other ideas?  I am using the JPackage RPM - could that have anything to 
do with it?  How about the JPackage RPM for xerces-J2?  I know they have had 
problems with xerces before (unable to view example web apps).

--
Robert Abernethy IV
Dynamic Edge, Inc.
734.975.0460

> Hi Rob,
> 
> > Ok, I tried cleartext passwords, but I came up with the same result.  I
> don't
> > understand why tomcat is able to start up at all, if the authentication is
> > failing.
> 
> Users are authenticated not Tomcat, so starting Tomcat has nothing 
> to do with authentication.  Tomcat is just a Java program.
> 
> When a user tries to access a web app Tomcat will authenticate that 
> user if that web app's web.xml file tells it to. The manager app is 
> set up to require authentication .
> 
> The web.xml file for admin is in
> CATALINA_HOME/server/webapps/admin/WEB-INF/web.xml, you can see how 
> it is set up there.  If you want to authenticate users for your own 
> web apps, set up their web.xml security roles in a similar fashion.
> 
> > When I run 'ps' after starting up tomcat, I see this process:
> >
> > 40 S postgres  2825  2758  0  75   0    -  2431 schedu 18:12 pts/0
> 00:00:00
> > postgres: tomcat template1 24.208.224.236 idle in transaction
> >
> > Seeing this makes me believe that Tomcat is correctlty connecting to the
> > database at startup.  Is this true?  If so, why can't the admin or manager
> > apps authenticate?  They are using the same Realm (it's nested inside the
> > <Engine> tag) and I'm supplying the same username and password.
> 
> A couple of other things you can check:
> 
> Should  userNameCol="usename" be userNameCol="username" ?
> 
> Can you access Postgres data from that file in your web apps using that
> driver and username/password?  You should be able to write a simple program
> to read the role names from the database.
> 
> Within Postgres have you granted select privleges to the database 
> table in template1 to the user tomcat in the tables pg_shadow and 
pg_groupview?
> 
> Can you use a db browser tool to log in as tomcat and execute an SQL 
> command like: SELECT groname FROM TABLE pg_groupview WHERE usename 
> IS 'tomcat'?
> 
> Rick
> 
> >
> > --
> > Robert Abernethy IV
> > Dynamic Edge, Inc.
> > 734.975.0460
> >
> > > Hi Rob,
> > >
> > > Try it in clear text without the MD5 digest, to verify that your
> > > password, username, role, etc are correct.
> > >
> > > I had a lot of problems with digesting.
> > >
> > > Also some databases return column names in upper case even if they
> > > are in lower case so you may want to try all caps on your db column
> > > names.  I think you would get a different eror message if this was
> > > the case, though.
> > >
> > > Rick
> > >
> > > ----- Original Message -----
> > >
> > > > I'm trying to set up a JDBCRealm for use with the admin and manager
> > > webapps.
> > > > The problem is that I am unable to authenticate any users.
> > > >
> > > > - Tomcat 4.1.18
> > > > - Postgresql 7.3.1
> > > > - JDBC driver is in $CATALINA_HOME/common/lib
> > > > - Tomcat starts up fine, I just can't authenticate
> > > > - I can directly connect to my database with the username and password
> > > > - I have created the 'admin' and 'manager' groups in the database
> > > > - I have added the users to both groups
> > > >
> > > > Realm:
> > > > <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
> > > >        driverName="org.postgresql.Driver"
> > > >     connectionURL="jdbc:postgresql://bilbo.dynedge.com/template1"
> > > >    connectionName="tomcat" connectionPassword="tomcat"
> > > >         userTable="pg_shadow" userNameCol="usename"
> userCredCol="passwd"
> > > >     userRoleTable="pg_groupview" roleNameCol="groname"
> > > >            digest="MD5" />
> > > >
> > > > Log:
> > > > 2003-01-02 12:34:34 JDBCRealm[Standalone]: Username tomcat NOT
> > > successfully
> > > > authenticated
> > > >
> > > > Any ideas?
> > > >
> > > > --
> > > > Robert Abernethy IV
> > > > Dynamic Edge, Inc.
> > > > 734.975.0460
> > >
> > > --
> > > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> >
> >
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-
unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-
help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message