tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul" <p...@msci.ca>
Subject Re: JDBC Realm problems
Date Tue, 23 Sep 2003 20:06:13 GMT
in case no one noticed and it matters, web.xml has following typo in it,
where resource is spelled "ressource":
> >   <web-ressource-collection>
> >     <web-ressource-name>test</web-ressource-name>


----- Original Message ----- 
From: "Adam Hardy" <ahardy.struts@cyberspaceroad.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Tuesday, September 23, 2003 12:39 PM
Subject: Re: JDBC Realm problems


> Your config looks OK. Are you getting any errors logged when you try to
> log on?
>
> On 09/23/2003 04:43 PM Laurent Perez wrote:
> > Hello
> >
> > I am trying to protect a webapp I wrote using a JDBCRealm, but it
> > doesn't seem to work as expected. I am using Tomcat 4.1.27, and
> > Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
> >
> > My realm is described as follows, in $tomcat/conf/server.xml :
> >
> > <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
> >         driverName="org.postgresql.Driver"
> >         digest="md5"
> >         connectionURL="jdbc:postgresql://127.0.0.1/mydb"
> >         connectionName="mylogin" connectionPassword="mypass"
> >         userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
> >         userRoleTable="named_roles" roleNameCol="role" />
> >
> > When I start Tomcat, I can see it connecting and idling to mydb, so JDBC
> > driver works. Also 'mylogin' has read access on named_roles.
> >
> > My webapp is called 'test' and located within $tomcat/webapps/, its
> > WEB-INF/web.xml is as follows :
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> >
> > <!DOCTYPE web-app
> >     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> >     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> >
> > <web-app>
> >   <security-constraint>
> >   <web-ressource-collection>
> >     <web-ressource-name>test</web-ressource-name>
> >     <url-pattern>/*</url-pattern>
> >   </web-ressource-collection>
> >   <auth-constraint>
> >     <role-name>myrole</role-name>
> >   </auth-constraint>
> >   </security-constraint>
> >   <login-config>
> >   <auth-method>BASIC</auth-method>
> >   <realm-name>test</realm-name>
> >   </login-config>
> >   <security-role>
> >     <role-name>myrole</role-name>
> >   </security-role>
> > </web-app>
> >
> > The 'myrole' role is defined in my named_roles table, and I have several
> > users under that role. I did add <security-role> tags because Tomcat
> > would warn me about 'myrole' not being within <security-role> tags on
> > startup.
> >
> > Now when I am trying to access http://localhost:8080/test, no
> > authentication window pops up, I can access it freely, which shouldn't
> > be correct (?). When I look at logs, I can see :
> > 2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator
> > for method BASIC
> > 2003-09-23 14:14:52 StandardManager[/test]: Seeding random number
> > generator class java.security.SecureRandom
> > 2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number
> > generator has been completed
> >
> > If BASIC auth method is activated, why isn't my browser showing up an
> > auth window ? :-/
> >
> > Also I know Postgres doesn't store md5 password files like
> > md5_func(password), but instead md5_func(password+login), will it cause
> > problems with Tomcat's digest=md5 behaviour ?
> >
> > Thanks for any help
> >
> > Laurent Perez
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> -- 
> struts 1.1 + tomcat 4.1.27 + java 1.4.2
> Linux 2.4.20 RH9
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



Mime
View raw message