tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paulo Alvim" <al...@powerlogic.com.br>
Subject RES: [java] RE: bug JDBC Real with CLIENT-CERT
Date Tue, 30 Nov 2004 13:08:52 GMT
Thanks for your answer, Mark...

I'm sorry...I was talking about JNDIRealm. We use it to authenticate to
ActiveDirectory with the configuration bellow (names changed):

 <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="0"
   connectionURL="ldap://plcbhdc:389"
connectionName="cn=alvim,cn=Users,dc=powerlogic"
connectionPassword="1234567"
        userBase="cn=Users,dc=powerlogic" userSearch="sAMAccountName={0}"
userSubtree="true" roleBase="CN=Builtin,dc=powerlogic"
      roleSearch="(member={0})" roleSubTree="true" userRoleName="member"
      roleName="cn" />

...and sometimes against our database schema:

 <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="0"
             driverName="oracle.jdbc.driver.OracleDriver"
          connectionURL="jdbc:oracle:thin:@plcxdb:1521:oraxxxxx"
         connectionName="xxxxxxx3" connectionPassword="xxxxx"
              userTable="EC_USUARIO" userNameCol="LOGIN" userCredCol="SENHA"
          userRoleTable="EC_GRUPOXUSUARIO" roleNameCol="NOME_GRUPO"
digest="SHA"/>

We need to use CLIENT-CERT together with FORM-BASED authentication - is it
possible to use both in the same WAR?

We could make CLIENT-CERT work with MemoryReal but since we couldn't make it
work with JDBCRealm we are wondering it won't work with JNDI too (we can't
test this at this moment)...

We are using Tomcat 5.0.28 and we didn't like to migrate it, because our
apps are running ok...only if necessary...

Thanks again!

Alvim



-----Mensagem original-----
De: Mark Thomas [mailto:markt@apache.org]
Enviada em: segunda-feira, 29 de novembro de 2004 18:31
Para: 'Tomcat Users List'
Assunto: RE: [java] RE: bug JDBC Real with CLIENT-CERT


The JDBC stuff is all there and works. I don’t understand how this then fits
in
with AD/LDAP? Could you enlighten me? I assume you don't mean the JNDI realm
(which I haven't done anything with or even tested if CLIENT-CERT will work
with)

Mark

> -----Original Message-----
> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> Sent: Monday, November 29, 2004 9:47 PM
> To: Tomcat Users List
> Cc: raphael@powerlogic.com.br
> Subject: RES: [java] RE: bug JDBC Real with CLIENT-CERT
>
> Thanks, Mark!
>
> Could you tell me if my kind of issues (JDBC/Ldap Realm) are there?...
>
>
> Alvim.
>
> -----Mensagem original-----
> De: Mark Thomas [mailto:markt@apache.org]
> Enviada em: segunda-feira, 29 de novembro de 2004 17:02
> Para: 'Tomcat Users List'
> Assunto: [java] RE: bug JDBC Real with CLIENT-CERT
>
>
> I committed some patches to support CLIENT-CERT to 5.5.x
> recently. Should be
> in
> the next release. If you want them now, you can always grab
> them from CVS.
>
> Mark
>
> > -----Original Message-----
> > From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> > Sent: Monday, November 29, 2004 4:02 PM
> > To: Tomcat Users List
> > Subject: bug JDBC Real with CLIENT-CERT
> >
> > Hi,
> >
> > I'm trying to use Client-Cert authentication with Tomcat
> > 5.0.28. I could
> > make it work using Memory Realm but when I changed to
> > JDBCRealm I received
> > an authorization error...
> >
> > In truth, it seems that there's a bug with Client-Cert and
> > others Realm
> > since 4.x.
> >
> > I've just read about that in a few links:
> >
> > http://issues.apache.org/bugzilla/show_bug.cgi?id=30352
> >
> > http://www.junlu.com/msg/43156.html
> >
> > Anyone could update that information? Is there any fix or
> > patchs in Tomcat
> > 5.0.28? I'll need to use it with JDBCRealm and with LDAP (Active
> > Directory)...
> >
> > Thanks a lot!
> >
> > Paulo Alvim
> > Powerlogic - Brazil
> >
> >
> > -----Mensagem original-----
> > De: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> > Enviada em: sábado, 27 de novembro de 2004 14:20
> > Para: Tomcat Users List
> > Assunto: RES: [work] CLIENT-CERT
> >
> >
> > Hi,
> >
> > The questions are:
> >
> > 1. Is it possible to use two authentication methods (FORM and
> > CLIENT_CERT)
> > in the same J2EE application?
> >
> > 2. If so, how could we do it in Tomcat 5.0.19?
> >
> > Thanks in advance!
> >
> > Paulo Alvim/Raphael
> > Powerlogic - Brazil
> >
> > -----Mensagem original-----
> > De: Raphael Gallo [mailto:raphael@powerlogic.com.br]
> > Enviada em: sexta-feira, 26 de novembro de 2004 17:44
> > Para: Tomcat Users List
> > Assunto: [work] CLIENT-CERT
> >
> >
> > Hi,
> >
> >
> >         It´s possible use FORM authentication and CLIENT-CERT
> > in the same
> > application. How can I do this ?
> >
> >
> >
> > Thanks,
> >
> > Raphael Gallo
> > raphael@powerlogic.com.br
> >
> >
> >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message