tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Franck Borel <bo...@ub.uni-freiburg.de>
Subject Re: R: Form Authentication against JNDI Datasource Realm
Date Wed, 12 Apr 2006 14:54:23 GMT

> Thank Franck but it seems it doesn't work anyway.. but I've found some other
> info..
> The defaul server.xml bundled with tomcat installation (i'm Under Windows XP
> OS :-/)
> declare a standard "in Memory" realm based on file /conf/tomcat-users.xml in
> the "Engine" element and I can't delete it because otherwise my host, the
> tomcat manager and the tomcat administration tool won't work; so I try to
> add my login and my password to that file instead of reading them from
> Mysql. With this settings authentication work fine!!.. but I can't use that
> way..
>   
The server.xml is looking for Windows like server.xml for all other OS. 
Tomcat is written in pure Java, so mostly is looking the same in any 
operating system.
I give you a working example with a postgres implementation and you can 
try to make it run on your machine:

1) Server.xml:

<Server port="8005" shutdown="SHUTDOWN">

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">
    <Connector port="8080" />

    <Connector port="8009"
               protocol="AJP/1.3"
               tomcatAuthentication="false"   />

    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase" />

      <Realm className="org.apache.catalina.realm.MemoryRealm" />
<Host name="localhost" appBase="/srv/www/webapps" unpackWARs="true"
            autoDeploy="true" deployOnStartup="false">

<Context path="/shibboleth-fr2"
                    docBase="/srv/www/webapps/shibboleth-fr2"
                    debug="0"
                    reloadable="true">
               <Realm className="org.apache.catalina.realm.JDBCRealm"
                      debug="0"
                      driverName="org.postgresql.Driver"
                      
connectionURL="jdbc:postgresql://localhost:5678?user=me&amp;password=you"
                      userTable="example"
                      userNameCol="example"
                      userCredCol="demo"
                      userRoleTable="demo"
                      roleNameCol="demo"
                      digest="MD5"/>
          </Context>
</Host>
</Engine>

  </Service>
</Server>

2) web.xml --> C:\tomcat\webapps\yourapplication\WEB-INF\web.xml *not* 
C:\tomcat\webapps\conf\web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

        <security-constraint>
            <display-name>Tomcat Server Configuration Security 
Constraint</display-name>
            <web-resource-collection>
                <web-resource-name>Authentification</web-resource-name>
                    <url-pattern>/SSO</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                <role-name>enabled</role-name>
            </auth-constraint>
        </security-constraint>

        <login-config>
            <auth-method>FORM</auth-method>
            <realm-name>Tomcat Server Configuration Form-Based 
Authentication Area</realm-name>
            <form-login-config>
                <form-login-page>/login.jsp</form-login-page>
                <form-error-page>/login-error.jsp</form-error-page>
            </form-login-config>
        </login-config>

        <security-role>
            <description>The role that is required to log in as a 
Shibboleth user</description>
            <role-name>enabled</role-name>
        </security-role>
</web-app>

And don't forget to look at your logging-file --> 
C:\tomcat\logs\catalina.out

> So after that..it seems to me that "Context" Realm configuration DO NOT
> override parent (Engine) configuration but.. isn't it incorrect, is it? but
> Tomcat Guide said that a configuration will be in use "UNLESS OVERRIDEN IN
> CHILD ELEMENT". 
> So what's the problem?
>   

> Ale
>
> -----Messaggio originale-----
> Da: Franck Borel [mailto:borel@ub.uni-freiburg.de]
> Inviato: mercoledì 12 aprile 2006 14.43
> A: Tomcat Users List
> Oggetto: Re: Form Authentication against JNDI Datasource Realm
>
>
> Hi Allesandro,
>
> take the following example and a clean server.xml  and a clean 
> /opt/tomcat/webapps/WEB-INF/web.xml (I really don't what the author of 
> your server.xml/web.xml is trying to do):
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>       driverName="org.gjt.mm.mysql.Driver"
>  
> connectionURL="jdbc:mysql://localhost/authority?user=dbuser&amp;password=dbp
> ass"
>        userTable="users" userNameCol="user_name" userCredCol="user_pass"
>    userRoleTable="user_roles" roleNameCol="role_name"/>
>
> Search the context element and put your realm inside:
> <Server...>
>   <Service...>
>     <Connector ...>..</Connector>
>     <Engine ..>
>       <Host>
>         <Context>Insert here !<Context/>
> |   </Host>
>  </Service>
> ...
> </Server>
>
> Now, change add following to your web.xml:
> <security-constraint>
>         <web-resource-collection>
>           <web-resource-name>Authentication</web-resource-name>
>           <url-pattern>*</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>           <role-name>demo</role-name>
>         </auth-constraint>
>      </security-constraint>
>
>     <login-config>
>       <auth-method>FORM</auth-method>
>         <realm-name>Tomcat Configuration</realm-name>
>           <form-login-config>
>             <form-login-page>/login.jsp</form-login-page>
>             <form-error-page>/login-error.jsp</form-error-page>
>           </form-login-config>
>     </login-config>
>
> Create a login.jsp and a login-error.jsp like the following example:
>
> <head>
>   <title>Example Organization WebLogin</title>
> </head>
> <body>
> <p>Please login:</p>
> <form method="post" action="j_security_check">
> <table>
> <tr>
> <td><strong>UID</strong></td>
> <td><input name="j_username" type="text" id="j_username" size="16" 
> /></td><\/tr>
> <tr>
> <td>
> <strong>Password</strong>
> </td>
> <td class="login">
> <input name="j_password" type= "password" id="j_password" size= "16" /></td>
> <td class="login">
> <input name="Login" type="submit" id="Login" value="Login" />
>  </td>
> </tr>
> </table>
> </form>
> </body>
> </html>
>
> Restart Tomcat and try it!
>
> -- Franck
> |
>   
>> Hello,
>> I'm new to Tomcat and I need some help. 
>> I have to configure tomcat to authenticate users of a single web
>>     
> application
>   
>> against MySql Database tables of users and roles.
>> Following Tomcat guide I made this steps:
>>
>> 1) Create users and roles table as described in tomcat guide and copping
>> Connector/j jar to /CATALINA_HOME/common/lib.
>> 2) Configure MysqlDB and table as DataSourceResource in the application
>> context in /META-INF/context.xml
>> 3) Define Datasource realm to use  the Reosource
>> 4) add in /WEB-INF/web.xml  a <resource-ref> to the resource 
>> 5) add in /WEB-INF/web.xml <security-constraint>, <login-config> and
>> <security-role>  configuration
>> 6) write login.jsp with the standard form action and fields
>>
>> The problem is that I could get the login page correctly whenever i try to
>> request a protected page, but I always get the Error page even if I insert
>> the right username/password. 
>> I've tried to reconfigure the DB resource as Global resource in server.xml
>> (jdbc/PMSGlobal instead of jdbc/PMSRead) but I still get the same
>> behaviour...I guess that non authentication ever happen..
>>
>>
>>
>> These are my server.xml, context.xml and web.xml (sorry, auto comments are
>> in  english but the ones adde by myself are in italian :-/ ...)
>>
>> SERVER.XML:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!-- Example Server Configuration File --><!-- Note that component
>>     
> elements
>   
>> are nested corresponding to their
>>      parent-child relationships with each other --><!-- A "Server" is a
>> singleton element that represents the entire JVM,
>>      which may contain one or more "Service" instances.  The Server
>>      listens for a shutdown command on the indicated port.
>>
>>      Note:  A "Server" is not itself a "Container", so you may not
>>      define subcomponents such as "Valves" or "Loggers" at this level.
>>  --><Server port="8005" shutdown="SHUTDOWN" debug="0">
>>
>>
>>   <!-- Comment these entries out to disable JMX MBeans support -->
>>   <!-- You may also configure custom components (e.g. Valves/Realms) by 
>>        including your own mbean-descriptor file(s), and setting the 
>>        "descriptors" attribute to point to a ';' seperated list of paths
>>        (in the ClassLoader sense) of files to add to the default list.
>>        e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
>>   -->
>>   <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
>> debug="0"/>
>>   <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
>> debug="0"/>
>>
>>   <!-- Global JNDI resources -->
>>   <GlobalNamingResources>
>>
>>     <!-- Test entry for demonstration purposes -->
>>     <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
>>
>>     <!-- Editable user database that can also be used by
>>          UserDatabaseRealm to authenticate users -->
>>     <Resource name="UserDatabase" auth="Container"
>> type="org.apache.catalina.UserDatabase" description="User database that
>>     
> can
>   
>> be updated and saved">
>>     </Resource>
>>     <ResourceParams name="UserDatabase">
>>       <parameter>
>>         <name>factory</name>
>>         <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
>>       </parameter>
>>       <parameter>
>>         <name>pathname</name>
>>         <value>conf/tomcat-users.xml</value>
>>       </parameter>
>>     </ResourceParams>
>>     
>>     <Resource name="jdbc/PMSGlobal" auth="Container"
>> 		type="javax.sql.DataSource" scope="Shareable">
>> 	</Resource>
>>
>> 	<ResourceParams name="jdbc/PMSGlobal">
>> 		<parameter>
>> 			<name>factory</name>
>> 			<value>
>> 	
>> org.apache.commons.dbcp.BasicDataSourceFactory
>> 			</value>
>> 		</parameter>
>> 		<!-- Don't set this any higher than max_connections on your
>> 			MySQL server, usually this should be a 10 or a few
>> 10's
>> 			of connections, not hundreds or thousands -->
>> 		<parameter>
>> 			<name>maxActive</name>
>> 			<value>10</value>
>> 		</parameter>
>> 		<!-- You don't want to many idle connections hanging around
>> 			if you can avoid it, only enough to soak up a spike
>> in
>> 			the load -->
>> 		<parameter>
>> 			<name>maxIdle</name>
>> 			<value>5</value>
>> 		</parameter>
>> 		<!-- Don't use autoReconnect=true, it's going away
>> eventually
>> 			and it's a crutch for older connection pools that
>> couldn't
>> 			test connections. You need to decide if your
>> application is
>> 			supposed to deal with SQLExceptions (hint, it
>> should), and
>> 			how much of a performance penalty you're willing to
>> pay
>> 			to ensure 'freshness' of the connection -->
>> 		<parameter>
>> 			<name>validationQuery</name>
>> 			<value>SELECT 1</value>
>> 		</parameter>
>> 		<!-- The most conservative approach is to test connections
>> 			before they're given to your application. For most
>> applications
>> 			this is okay, the query used above is very small and
>> takes
>> 			no real server resources to process, other than the
>> time used
>> 			to traverse the network.
>> 			If you have a high-load application you'll need to
>> rely on
>> 			something else. -->
>> 		<parameter>
>> 			<name>testOnBorrow</name>
>> 			<value>true</value>
>> 		</parameter>
>> 		<!-- Otherwise, or in addition to testOnBorrow, you can test
>> 			while connections are sitting idle -->
>> 		<parameter>
>> 			<name>testWhileIdle</name>
>> 			<value>true</value>
>> 		</parameter>
>> 		<!-- You have to set this value, otherwise even though
>> 			you've asked connections to be tested while idle,
>> 			the idle evicter thread will never run -->
>> 		<parameter>
>> 			<name>timeBetweenEvictionRunsMillis</name>
>> 			<value>10000</value>
>> 		</parameter>
>> 		<!-- Don't allow connections to hang out idle too long,
>> 			never longer than what wait_timeout is set to on the
>> 			server...A few minutes or even fraction of a minute
>> 			is sometimes okay here, it depends on your
>> application
>> 			and how much spikey load it will see -->
>> 		<parameter>
>> 			<name>minEvictableIdleTimeMillis</name>
>> 			<value>60000</value>
>> 		</parameter>
>> 		<!-- Username and password used when connecting to MySQL -->
>> 		<parameter>
>> 			<name>username</name>
>> 			<value>user</value>
>> 		</parameter>
>> 		<parameter>
>> 			<name>password</name>
>> 			<value>pass</value><!-- Aggioranre se viene cambiata
>> nel DB -->
>> 		</parameter>
>> 		<!-- Class name for the Connector/J driver -->
>> 		<parameter>
>> 			<name>driverClassName</name>
>> 			<value>com.mysql.jdbc.Driver</value>
>> 		</parameter>
>> 		<!-- The JDBC connection url for connecting to MySQL, notice
>> 			that if you want to pass any other MySQL-specific
>> parameters
>> 			you should pass them here in the URL, setting them
>> using the
>> 			parameter tags above will have no effect, you will
>> also
>> 			need to use &amp; to separate parameter values as
>> the
>> 			ampersand is a reserved character in XML -->
>> 		<parameter>
>> 			<name>url</name>
>> 			<value>jdbc:mysql://localhost:3306/pms</value>
>> 		</parameter>
>> 	</ResourceParams>
>>
>>   </GlobalNamingResources>
>>
>>   <!-- A "Service" is a collection of one or more "Connectors" that share
>>        a single "Container" (and therefore the web applications visible
>>        within that Container).  Normally, that Container is an "Engine",
>>        but this is not required.
>>
>>        Note:  A "Service" is not itself a "Container", so you may not
>>        define subcomponents such as "Valves" or "Loggers" at this level.
>>    -->
>>
>>   <!-- Define the Tomcat Stand-Alone Service -->
>>   <Service name="Catalina">
>>
>>     <!-- A "Connector" represents an endpoint by which requests are
>>     
> received
>   
>>          and responses are returned.  Each Connector passes requests on to
>> the
>>          associated "Container" (normally an Engine) for processing.
>>
>>          By default, a non-SSL HTTP/1.1 Connector is established on port
>> 8080.
>>          You can also enable an SSL HTTP/1.1 Connector on port 8443 by
>>          following the instructions below and uncommenting the second
>> Connector
>>          entry.  SSL support requires the following steps (see the SSL
>> Config
>>          HOWTO in the Tomcat 5 documentation bundle for more detailed
>>          instructions):
>>          * If your JDK version 1.3 or prior, download and install JSSE
>>     
> 1.0.2
>   
>> or
>>            later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
>>          * Execute:
>>              %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>> (Windows)
>>              $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
>> (Unix)
>>            with a password value of "changeit" for both the certificate
>>     
> and
>   
>>            the keystore itself.
>>
>>          By default, DNS lookups are enabled when a web application calls
>>          request.getRemoteHost().  This can have an adverse impact on
>>          performance, so you can disable it by setting the
>>          "enableLookups" attribute to "false".  When DNS lookups are
>> disabled,
>>          request.getRemoteHost() will return the String version of the
>>          IP address of the remote client.
>>     -->
>>
>>     <!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified
>>          during installation  -->
>>     <Connector port="8080" maxThreads="150" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false" redirectPort="8443"
>> acceptCount="100" debug="0" connectionTimeout="20000"
>> disableUploadTimeout="true" compression="on"/>
>>     <!-- Note : To disable connection timeouts, set connectionTimeout
>>     
> value
>   
>>      to 0 -->
>> 	
>> 	<!-- Note : To use gzip compression you could set the following
>> properties :
>> 	
>> 			   compression="on" 
>> 			   compressionMinSize="2048" 
>> 			   noCompressionUserAgents="gozilla, traviata" 
>> 			   compressableMimeType="text/html,text/xml"
>> 	-->
>>
>>     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>>     
>>     <Connector port="8443" maxThreads="150" minSpareThreads="25"
>> maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" debug="0" scheme="https" secure="true"
>>     
> clientAuth="false"
>   
>> sslProtocol="TLS" compression="on"/>
>>     
>>
>>     <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
>>     <Connector port="8009" enableLookups="false" redirectPort="8443"
>> debug="0" protocol="AJP/1.3"/>
>>
>>     <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
>>     <!-- See proxy documentation for more information about using this.
>>     
> -->
>   
>>     <!--
>>     <Connector port="8082" 
>>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>                enableLookups="false"
>>                acceptCount="100" debug="0" connectionTimeout="20000"
>>                proxyPort="80" disableUploadTimeout="true" />
>>     -->
>>
>>     <!-- An Engine represents the entry point (within Catalina) that
>> processes
>>          every request.  The Engine implementation for Tomcat stand alone
>>          analyzes the HTTP headers included with the request, and passes
>> them
>>          on to the appropriate Host (virtual host). -->
>>
>>     <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
>>     <Engine name="Standalone" defaultHost="localhost" debug="0"
>> jvmRoute="jvm1">         
>>     --> 
>>          
>>     <!-- Define the top level container in our container hierarchy -->
>>     <Engine name="Catalina" defaultHost="localhost" debug="0">
>>
>>       <!-- The request dumper valve dumps useful debugging information
>>     
> about
>   
>>            the request headers and cookies that were received, and the
>> response
>>            headers and cookies that were sent, for all requests received
>>     
> by
>   
>>            this instance of Tomcat.  If you care only about requests to a
>>            particular virtual host, or a particular application, nest this
>>            element inside the corresponding <Host> or <Context> entry
>> instead.
>>
>>            For a similar mechanism that is portable to all Servlet 2.4
>>            containers, check out the "RequestDumperFilter" Filter in the
>>            example application (the source for this filter may be found in
>>            "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
>>
>>            Request dumping is disabled by default.  Uncomment the
>>     
> following
>   
>>            element to enable it. -->
>>       <!--
>>       <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
>>       -->
>>
>>       <!-- Global logger unless overridden at lower levels -->
>>       <Logger className="org.apache.catalina.logger.FileLogger"
>> prefix="catalina_log." suffix=".txt" timestamp="true"/>
>>
>>       <!-- Because this Realm is here, an instance will be shared globally
>> -->
>>
>>       <!-- This Realm uses the UserDatabase configured in the global JNDI
>>            resources under the key "UserDatabase".  Any edits
>>            that are performed against this UserDatabase are immediately
>>            available for use by the Realm.  -->
>>       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> debug="0" resourceName="UserDatabase"/>
>>
>>       <!-- Comment out the old realm but leave here for now in case we
>>            need to go back quickly -->
>>       <!--
>>       <Realm className="org.apache.catalina.realm.MemoryRealm" />
>>       -->
>>
>>       <!-- Replace the above Realm with one of the following to get a
>>     
> Realm
>   
>>            stored in a database and accessed via JDBC -->
>>
>>       <!--
>>       <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
>>              driverName="org.gjt.mm.mysql.Driver"
>>           connectionURL="jdbc:mysql://localhost/authority"
>>          connectionName="test" connectionPassword="test"
>>               userTable="users" userNameCol="user_name"
>> userCredCol="user_pass"
>>           userRoleTable="user_roles" roleNameCol="role_name" />
>>       -->
>>
>>       <!--
>>       <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
>>              driverName="oracle.jdbc.driver.OracleDriver"
>>           connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
>>          connectionName="scott" connectionPassword="tiger"
>>               userTable="users" userNameCol="user_name"
>> userCredCol="user_pass"
>>           userRoleTable="user_roles" roleNameCol="role_name" />
>>       -->
>>
>>       <!--
>>       <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
>>              driverName="sun.jdbc.odbc.JdbcOdbcDriver"
>>           connectionURL="jdbc:odbc:CATALINA"
>>               userTable="users" userNameCol="user_name"
>> userCredCol="user_pass"
>>           userRoleTable="user_roles" roleNameCol="role_name" />
>>       -->
>>
>>       <!-- Define the default virtual host
>>            Note: XML Schema validation will not work with Xerces 2.2.
>>        -->
>>       <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true"
>> autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
>>
>>      
>>         <!-- Normally, users must authenticate themselves to each web app
>>              individually.  Uncomment the following entry if you would
>>     
> like
>   
>>              a user to be authenticated the first time they encounter a
>>              resource protected by a security constraint, and then have
>>     
> that
>   
>>              user identity maintained across *all* web applications
>> contained
>>              in this virtual host. -->
>>         <!--
>>         <Valve className="org.apache.catalina.authenticator.SingleSignOn"
>>                    debug="0"/>
>>         -->
>>
>>         <!-- Access log processes all requests for this virtual host.  By
>>              default, log files are created in the "logs" directory
>>     
> relative
>   
>> to
>>              $CATALINA_HOME.  If you wish, you can specify a different
>>              directory with the "directory" attribute.  Specify either a
>> relative
>>              (to $CATALINA_HOME) or absolute path to the desired
>>     
> directory.
>   
>>         -->
>>         <!--
>>         <Valve className="org.apache.catalina.valves.AccessLogValve"
>>                  directory="logs"  prefix="localhost_access_log."
>> suffix=".txt"
>>                  pattern="common" resolveHosts="false"/>
>>         -->
>>
>>         <!-- Logger shared by all Contexts related to this virtual host.
>>     
> By
>   
>>              default (when using FileLogger), log files are created in the
>> "logs"
>>              directory relative to $CATALINA_HOME.  If you wish, you can
>> specify
>>              a different directory with the "directory" attribute.
>>     
> Specify
>   
>> either a
>>              relative (to $CATALINA_HOME) or absolute path to the desired
>>              directory.-->
>>         <Logger className="org.apache.catalina.logger.FileLogger"
>> directory="logs" 	prefix="localhost_log." suffix=".txt"
>> timestamp="true"/></Host>
>>
>>     </Engine>
>>
>>   </Service>
>>
>> </Server>
>>
>> CONTEXT.XML
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <!-- Definizione del contesto applicativo per l'applicazione web.
>> 	in questo file sono specificate tutte le impostazioni specifiche di
>> tomcat 
>> 	per l'applicazione
>> -->
>>
>> <context docBase="/PMS" path="/PMS" override="true" relodable="true"
>> 	directory="/logs/pms" debug="5" swallowOutput="true"
>> 	useNaming="true">
>> 	
>> 	<!--  Definisco un logger per l'applicazione -->
>> 	<Logger className="org.apache.catalina.logger.FileLogger"
>> 		verbosity="3" directory="/log/pms" timestamp="true">
>> 	</Logger>
>> 	
>> 	<!--  registro mySQL come risorsa global -->
>> 	<ResourceLink name="jdbc/PMSGlobal"
>> 				  type="javax.sql.DataSource"
>> 				  global="jdbc/PMSGlobal"/>
>> 	
>> 	
>> 	<!-- Registro mysql come risorsa JNDI.Tomcat gestirà il pooling
>> delle 
>> 		connessioni. Servono 3 risorse diverse a seconda dell'utente
>> DB,
>> 		(e quindi del suo livello di protezione) che accede a mySQL
>> -->
>>
>> 	<Resource name="jdbc/PMSRead" auth="Container"
>> 		type="javax.sql.DataSource" scope="Shareable">
>> 	</Resource>
>>
>> 	<ResourceParams name="jdbc/PMSRead">
>> 		<parameter>
>> 			<name>factory</name>
>> 			<value>
>> 	
>> org.apache.commons.dbcp.BasicDataSourceFactory
>> 			</value>
>> 		</parameter>
>> 		<!-- Don't set this any higher than max_connections on your
>> 			MySQL server, usually this should be a 10 or a few
>> 10's
>> 			of connections, not hundreds or thousands -->
>> 		<parameter>
>> 			<name>maxActive</name>
>> 			<value>10</value>
>> 		</parameter>
>> 		<!-- You don't want to many idle connections hanging around
>> 			if you can avoid it, only enough to soak up a spike
>> in
>> 			the load -->
>> 		<parameter>
>> 			<name>maxIdle</name>
>> 			<value>5</value>
>> 		</parameter>
>> 		<!-- Don't use autoReconnect=true, it's going away
>> eventually
>> 			and it's a crutch for older connection pools that
>> couldn't
>> 			test connections. You need to decide if your
>> application is
>> 			supposed to deal with SQLExceptions (hint, it
>> should), and
>> 			how much of a performance penalty you're willing to
>> pay
>> 			to ensure 'freshness' of the connection -->
>> 		<parameter>
>> 			<name>validationQuery</name>
>> 			<value>SELECT 1</value>
>> 		</parameter>
>> 		<!-- The most conservative approach is to test connections
>> 			before they're given to your application. For most
>> applications
>> 			this is okay, the query used above is very small and
>> takes
>> 			no real server resources to process, other than the
>> time used
>> 			to traverse the network.
>> 			If you have a high-load application you'll need to
>> rely on
>> 			something else. -->
>> 		<parameter>
>> 			<name>testOnBorrow</name>
>> 			<value>true</value>
>> 		</parameter>
>> 		<!-- Otherwise, or in addition to testOnBorrow, you can test
>> 			while connections are sitting idle -->
>> 		<parameter>
>> 			<name>testWhileIdle</name>
>> 			<value>true</value>
>> 		</parameter>
>> 		<!-- You have to set this value, otherwise even though
>> 			you've asked connections to be tested while idle,
>> 			the idle evicter thread will never run -->
>> 		<parameter>
>> 			<name>timeBetweenEvictionRunsMillis</name>
>> 			<value>10000</value>
>> 		</parameter>
>> 		<!-- Don't allow connections to hang out idle too long,
>> 			never longer than what wait_timeout is set to on the
>> 			server...A few minutes or even fraction of a minute
>> 			is sometimes okay here, it depends on your
>> application
>> 			and how much spikey load it will see -->
>> 		<parameter>
>> 			<name>minEvictableIdleTimeMillis</name>
>> 			<value>60000</value>
>> 		</parameter>
>> 		<!-- Username and password used when connecting to MySQL -->
>> 		<parameter>
>> 			<name>username</name>
>> 			<value>user</value>
>> 		</parameter>
>> 		<parameter>
>> 			<name>password</name>
>> 			<value>pass</value><!-- Aggioranre se viene cambiata
>> nel DB -->
>> 		</parameter>
>> 		<!-- Class name for the Connector/J driver -->
>> 		<parameter>
>> 			<name>driverClassName</name>
>> 			<value>com.mysql.jdbc.Driver</value>
>> 		</parameter>
>> 		<!-- The JDBC connection url for connecting to MySQL, notice
>> 			that if you want to pass any other MySQL-specific
>> parameters
>> 			you should pass them here in the URL, setting them
>> using the
>> 			parameter tags above will have no effect, you will
>> also
>> 			need to use &amp; to separate parameter values as
>> the
>> 			ampersand is a reserved character in XML -->
>> 		<parameter>
>> 			<name>url</name>
>> 			<value>jdbc:mysql://localhost:3306/pms</value>
>> 		</parameter>
>> 	</ResourceParams>
>>
>>
>> 	<!-- Definisco il Realm dell'applicazione per mapparsi sulle tabelle
>> degli 
>> 		utenti e dei ruoli definita nel DB -->
>> 	<Realm classname="org.apache.catalina.realm.DataSourceRealm"
>> 	 		dataSourceName="java:comp/env/jdbc/PMSGlobal"
>> 	 		debug="99" 
>> 	 		roleNameCol="role" userCredCol="password"
>> userNameCol="username"
>> 	 		userRoleTable="roles" userTable="users"
>> 	 />
>>
>> 	<!--
>> 		<Realm classname="org.apache.catalina.realm.JDBCRealm"
>> debug="99"
>> 		driverName="com.mysql.jdbc.Driver"
>> 		connectionURL="jdbc:mysql://localhost:3306/pms"
>> 		connectionName="PMSREad" connectionPassword="read"
>> userTable="users"
>> 		userRoleTable="roles" userNameCol="username"
>> userCredCol="password"
>> 		roleNameCol="role">
>>
>> 		</Realm> -->
>>
>> </context>
>>
>> WEB.XML:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <web-app id="WebApp_ID" version="2.4"
>> 	xmlns="http://java.sun.com/xml/ns/j2ee"
>> 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> 	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
>> 	<display-name>PSM</display-name>
>> 	<welcome-file-list>
>> 		<welcome-file>home.jsp</welcome-file>
>> 		<welcome-file>index.jsp</welcome-file>
>> 		<welcome-file>default.jsp</welcome-file>
>> 	</welcome-file-list>
>>
>> 	<!-- Definisco le reference al database Mysql -->
>> 	<resource-ref>
>> 		<description>PMS DBRead connection</description>
>> 		<res-ref-name>jdbc/PMSRead</res-ref-name>
>> 		<res-type>javax.sql.DataSource</res-type>
>> 		<res-sharing-scope>Shareable</res-sharing-scope>
>> 		<res-auth>Container</res-auth>
>> 	</resource-ref>
>> 	
>> 	<resource-ref>
>> 		<description>PMS DBRead connection Global</description>
>> 		<res-ref-name>java:comp/env/jdbc/PMSGlobal</res-ref-name>
>> 		<res-type>javax.sql.DataSource</res-type>
>> 		<res-sharing-scope>Shareable</res-sharing-scope>
>> 		<res-auth>Container</res-auth>
>> 	</resource-ref>
>>
>>
>> 	<!-- Sezione di gestione dell'accesso. l'autorizzazione è verificata
>>
>> 		utilizzando un'autenticazione basata su form -->
>>
>> 	<security-constraint>
>> 		<web-resource-collection>
>> 			<web-resource-name>Entire
>> Application</web-resource-name>
>> 			<description>
>> 				L'accesso è consentito solo agli utenti
>> autorizzati
>> 			</description>
>> 			<url-pattern>/*</url-pattern><!--  Tutti i file
>> dell'applicazione -->
>> 		</web-resource-collection>
>> 		<auth-constraint>
>> 			<description>
>> 				Questi sono i ruoli che hanno accesso al
>> sito
>> 			</description>
>> 			<role-name>root</role-name>
>> 		</auth-constraint>
>>
>> 		<!--  seleziona la forma di sicureza a livello di trasporto
>> dati:
>> 			NONE = nessuna CONFIDENTIAL o INTEGRAL = SSL Tunnel
>> -->
>> 		<user-data-constraint>
>> 			<!--  dovrà essere almeno CONFIDENTIAL se non
>> INTEGRAL.. -->
>> 			<transport-guarantee>NONE</transport-guarantee>
>> 		</user-data-constraint>
>> 	</security-constraint>
>>
>> 	<!--  login via Form Authentication -->
>> 	<login-config>
>> 		<auth-method>FORM</auth-method>
>> 		<form-login-config>
>> 			<form-login-page>/login.jsp</form-login-page>
>> 			<form-error-page>
>> 				/ErrorPages/loginError.jsp
>> 			</form-error-page>
>> 		</form-login-config>
>> 	</login-config>
>>
>>
>> 	<!-- <login-config>
>> 		<auth-method>BASIC</auth-method>
>> 		</login-config>
>> 	-->
>>
>>
>> 	<!--  Ruoli ammessi ad accedere al sito -->
>> 	<security-role>
>> 		<description>Administrator </description>
>> 		<role-name>root</role-name>
>> 	</security-role>
>>
>> </web-app>
>>
>>
>> I'm using tomcat 5.0.28, MySql 5, Connector/J 3.1.12,  java 1.4.2_08 SDK
>>     
> and
>   
>> Eclipse with Web plugins
>>
>> Please Help me! 
>>
>> Ale
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>   
>>     
>
>
>   


-- 
====================================================================
Dipl.-Hyd. Franck Borel               Universitaetsbibliothek Freiburg
EMail: borel@ub.uni-freiburg.de       EDV-Dezernat
Tel. : +49-761 / 203-3908             Werthmannplatz 2 | Postfach 1629
Fax  : +49-761 / 203-3987             79098 Freiburg   | 79016 Freiburg



Mime
View raw message