Return-Path: 
 <tomcat-user-return-121338-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 27574 invoked from network); 12 Feb 2005 18:41:00 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 12 Feb 2005 18:41:00 -0000
Received: (qmail 35639 invoked by uid 500); 12 Feb 2005 18:40:44 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 35623 invoked by uid 500); 12 Feb 2005 18:40:44 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 35609 invoked by uid 99); 12 Feb 2005 18:40:44 -0000
X-ASF-Spam-Status: No, hits=0.6 required=10.0
	tests=HOT_NASTY
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
Received: from simmts5.bellnexxia.net (HELO simmts5-srv.bellnexxia.net)
 (206.47.199.163)
  by apache.org (qpsmtpd/0.28) with ESMTP; Sat, 12 Feb 2005 10:40:41 -0800
Received: from wintermute ([67.70.93.218]) by simmts5-srv.bellnexxia.net
          (InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with SMTP
          id <20050212184038.XDEI1614.simmts5-srv.bellnexxia.net@wintermute>
          for <tomcat-user@jakarta.apache.org>;
          Sat, 12 Feb 2005 13:40:38 -0500
Message-ID: <005901c5114b$731f07c0$0200a8c0@wintermute>
From: "Luke" <luke@lukeshannon.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
References: <20050212182850.26018.qmail@web54402.mail.yahoo.com>
Subject: Re: RE : Security Newbie - Need Help
Date: Sat, 12 Feb 2005 13:40:20 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

You are right. A lot of changes were made to my configuration based on
advice I recieved on the forum.

There could be several things that fixed my problem.

The main thing is I know how to set it up now :-)

Luke

Luke Shannon
Web Design/Development
Java Programmer
http://www.lukeshannon.com
phone: 416-570-1984
----- Original Message ----- 
From: "sven morales" <aka_sergio@yahoo.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Saturday, February 12, 2005 10:28 AM
Subject: Re: RE : Security Newbie - Need Help


> Not to prolong,  I would think if this was the case of
> misplaced element, the DTD for the web.xml would make
> the Digester throw an exception because it does not
> conform.
>
> --- Luke <luke@lukeshannon.com> wrote:
>
> > Hello;
> >
> > I finally got this. It turned out I had my:
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > </login-config>
> >
> > Inside my  <security-constraint> instead of being in
> > the <web-app>.
> >
> > Once I moved this to the correct place in the
> > document. Everything worked
> > fine.
> >
> > Thanks to all that posted advice.
> >
> > Luke
> >
> >
> > Luke Shannon
> > Web Design/Development
> > Java Programmer
> > http://www.lukeshannon.com
> > phone: 416-570-1984
> > ----- Original Message ----- 
> > From: "Luke" <luke@lukeshannon.com>
> > To: "Tomcat Users List"
> > <tomcat-user@jakarta.apache.org>
> > Sent: Friday, February 11, 2005 9:05 PM
> > Subject: Re: RE : Security Newbie - Need Help
> >
> >
> > > Hi;
> > >
> > > I can't get the memory realm to work either. I am
> > still getting the error
> > > below without a login prompt:
> > >
> > >
> > > HTTP Status 403 - Configuration error: Cannot
> > perform access control
> > without
> > > an authenticated principal
> > > type Status report
> > > message Configuration error: Cannot perform access
> > control without an
> > > authenticated principal
> > > description Access to the specified resource
> > (Configuration error: Cannot
> > > perform access control without an authenticated
> > principal) has been
> > > forbidden.
> > > Apache Tomcat/5.0.27
> > >
> > > This has to be something with my application,
> > WEB-INF, server.xml. How
> > > should I proceed to trouble shoot?
> > >
> > > Thanks,
> > >
> > > Luke
> > >
> > > ----- Original Message ----- 
> > > From: "LERBSCHER Jean-Pierre"
> > <jean-pierre.lerbscher@cofiroute.fr>
> > > To: "'Tomcat Users List'"
> > <tomcat-user@jakarta.apache.org>
> > > Sent: Friday, February 11, 2005 12:21 AM
> > > Subject: RE : RE : Security Newbie - Need Help
> > >
> > >
> > > > Could you try MemoryRealm to evict filter
> > mechanisms (like firewall or
> > > > router configuration) between your tomcat serve
> > rand your database ?
> > > >
> > > > As you can see in the servlet specification the
> > security-role element
> > > isn't
> > > > optional.
> > > > <!ELEMENT web-app (icon?, display-name?,
> > description?,
> > > > distributable?, context-param*, filter*,
> > filter-mapping*,
> > > > listener*, servlet*, servlet-mapping*,
> > session-config?, mimemapping*,
> > > > welcome-file-list?, error-page*, taglib*,
> > resourceenv-
> > > > ref*, resource-ref*, security-constraint*,
> > login-config?,
> > > > security-role*, env-entry*, ejb-ref*,
> > ejb-local-ref*)>
> > > >
> > > > -----Message d'origine-----
> > > > De : Luke [mailto:luke@lukeshannon.com]
> > > > Envoy�: vendredi 11 f�rier 2005 08:18
> > > > �: Tomcat Users List
> > > > Objet : Re: RE : Security Newbie - Need Help
> > > >
> > > > Hi Dennis;
> > > >
> > > > Where is IMS defined? Otherwise I have specified
> > everything as you
> > > > recommended. Yet I still get this error once I
> > hit the page (no login
> > > > prompt):
> > > >
> > > >
> > > > HTTP Status 403 - Configuration error: Cannot
> > perform access control
> > > without
> > > > an authenticated principal
> > > > type Status report
> > > > message Configuration error: Cannot perform
> > access control without an
> > > > authenticated principal
> > > > description Access to the specified resource
> > (Configuration error:
> > Cannot
> > > > perform access control without an authenticated
> > principal) has been
> > > > forbidden.
> > > > Apache Tomcat/5.0.28
> > > >
> > > > Thanks,
> > > >
> > > > Luke
> > > >
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Dennis Payne" <DENNIS@mtctrains.com>
> > > > To: <tomcat-user@jakarta.apache.org>
> > > > Sent: Thursday, February 10, 2005 11:23 AM
> > > > Subject: Re: RE : Security Newbie - Need Help
> > > >
> > > >
> > > > > you will not need a roles table for tomcat...
> > it is only useful to
> > your
> > > > own applications that will edit the data. The
> > system only utilizes the
> > the
> > > > user-role table and the user-password table (at
> > least for basic
> > > > authentication).
> > > > >
> > > > > Each servlet in the system  that is secure is
> > setup this way and has
> > an
> > > > associated mapping:
> > > > >
> > > > > <servlet>
> > > > > <servlet-name>EnterAssignment</servlet-name>
> > > > > <display-name>EnterAssignment</display-name>
> > > > > <description>Enter Assignment</description>
> > > > >
> >
> <servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class>
> > > > > <security-role-ref>
> > > > > <role-name>IMS</role-name>
> > > > > <role-link>IMS</role-link>
> > > > > </security-role-ref>
> > > > > </servlet>
> > > > >  ...
> > > > >                <servlet-mapping>
> > > > > <servlet-name>EnterAssignment</servlet-name>
> > > > >
> > <url-pattern>/servlet/EnterAssignment</url-pattern>
> > > > > </servlet-mapping>
> > > > >
> > > > > The server.xml contains a reference to the
> > security tables by using
> > the
> > > > <Realm> tag placed as shown (there are other
> > ways to do it) and all  db
> > > > driver jars have been place in the classpath:
> > > > >
> > > > > <Engine defaultHost="localhost"
> > name="Catalina">
> > > > >    <Host appBase="webapps" name="localhost">
> > > > >       <Logger
> > className="org.apache.catalina.logger.FileLogger"
> > > > prefix="localhost_log." suffix=".txt"
> > timestamp="true" />
> > > > >       <Realm
> > className="org.apache.catalina.realm.JDBCRealm"
> > > > connectionName="username"
> > connectionPassword="password"
> > > >
> >
> connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname"
> > > > driverName="com.mysql.jdbc.Driver"
> > userRoleTable="userrole"
> > > > userTable="userpassword" roleNameCol="userrole"
> > userNameCol="userid"
> > > > userCredCol="passwordid" />
> > > > >    </Host>
> > > > >    <Logger
> > className="org.apache.catalina.logger.FileLogger"
> > > > prefix="catalina_log." suffix=".txt"
> > timestamp="true" />
> > > > >    <Realm
> >
> className="org.apache.catalina.realm.UserDatabaseRealm"
>
> === message truncated ===
>
>
>
>
> __________________________________
> Do you Yahoo!?
> The all-new My Yahoo! - Get yours free!
> http://my.yahoo.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org