tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: JDBC Realm problems
Date Tue, 23 Sep 2003 16:39:32 GMT
Your config looks OK. Are you getting any errors logged when you try to 
log on?

On 09/23/2003 04:43 PM Laurent Perez wrote:
> Hello
> 
> I am trying to protect a webapp I wrote using a JDBCRealm, but it 
> doesn't seem to work as expected. I am using Tomcat 4.1.27, and 
> Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
> 
> My realm is described as follows, in $tomcat/conf/server.xml :
> 
> <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
>         driverName="org.postgresql.Driver"
>         digest="md5"
>         connectionURL="jdbc:postgresql://127.0.0.1/mydb"
>         connectionName="mylogin" connectionPassword="mypass"
>         userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
>         userRoleTable="named_roles" roleNameCol="role" />
> 
> When I start Tomcat, I can see it connecting and idling to mydb, so JDBC 
> driver works. Also 'mylogin' has read access on named_roles.
> 
> My webapp is called 'test' and located within $tomcat/webapps/, its 
> WEB-INF/web.xml is as follows :
> 
> <?xml version="1.0" encoding="ISO-8859-1"?>
> 
> <!DOCTYPE web-app
>     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
>     "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> 
> <web-app>
>   <security-constraint>
>   <web-ressource-collection>
>     <web-ressource-name>test</web-ressource-name>
>     <url-pattern>/*</url-pattern>
>   </web-ressource-collection>
>   <auth-constraint>
>     <role-name>myrole</role-name>
>   </auth-constraint>
>   </security-constraint>
>   <login-config>
>   <auth-method>BASIC</auth-method>
>   <realm-name>test</realm-name>
>   </login-config>
>   <security-role>
>     <role-name>myrole</role-name>
>   </security-role>
> </web-app>
> 
> The 'myrole' role is defined in my named_roles table, and I have several 
> users under that role. I did add <security-role> tags because Tomcat 
> would warn me about 'myrole' not being within <security-role> tags on 
> startup.
> 
> Now when I am trying to access http://localhost:8080/test, no 
> authentication window pops up, I can access it freely, which shouldn't 
> be correct (?). When I look at logs, I can see :
> 2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator 
> for method BASIC
> 2003-09-23 14:14:52 StandardManager[/test]: Seeding random number 
> generator class java.security.SecureRandom
> 2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number 
> generator has been completed
> 
> If BASIC auth method is activated, why isn't my browser showing up an 
> auth window ? :-/
> 
> Also I know Postgres doesn't store md5 password files like 
> md5_func(password), but instead md5_func(password+login), will it cause 
> problems with Tomcat's digest=md5 behaviour ?
> 
> Thanks for any help
> 
> Laurent Perez
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

-- 
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9


Mime
View raw message