tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rian Brand" <rian.br...@gmail.com>
Subject JDBCRealm authentication failing with MD5
Date Sat, 20 May 2006 13:01:33 GMT
Hi all

 

I am trying to set up a security realm on Tomcat using JDBCRealm and MD5
encryption. It works perfectly when using plain text, but it fails the
moment I switch to a MD5 digest. I have been through the documentation,
forums and FAQ's but I am afraid I can not resolve this on my own, so help
would be appreciated.

 

When attempting to login, the logfile simply states:

JDBCRealm[/asdf]: Username username1 NOT successfully authenticated

 

I checked and when generating the MD5 with the command line it seems the
same. I have tried to play with the database character encoding, without
success. If this is the incorrect, please point it out.

 

The relevant section of the context file is:

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"

    digest="MD5"

      driverName="org.gjt.mm.mysql.Driver"

 
connectionURL="jdbc:mysql://localhost:3306/mydb?user=myusername&amp;password
=mypassword"

       userTable="authuser" userNameCol="uname" userCredCol="passwd"

   userRoleTable="user_roles" roleNameCol="role_name"/>

 

In the web.xml, the relevant section is:

     <security-constraint>

      <display-name> Security Constraint</display-name>

      <web-resource-collection>

         <web-resource-name>Protected Area</web-resource-name>

<!--         Define the context-relative URL(s) to be protected -->

         <url-pattern>*.htm</url-pattern>

      </web-resource-collection>

      <auth-constraint>

         <!-- Anyone with one of the listed roles may access this area -->

         <role-name>operations</role-name>

      </auth-constraint>

    </security-constraint>

 

    <!-- Default login configuration uses form-based authentication -->

    <login-config>

      <auth-method>FORM</auth-method>

      <realm-name>My Authentication Area</realm-name>

      <form-login-config>

        <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>

        <form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>

      </form-login-config>

    </login-config>

        

    <!-- Security roles referenced by this web application -->

    <security-role>

      <role-name>operations</role-name>

    </security-role>

 

The relevant part of the database schema is as follows:

CREATE TABLE authuser (

  id int(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,

  uname varchar(25) NOT NULL UNIQUE default ''
COMMENT 'Username',

  passwd varchar(32) NOT NULL default ''
COMMENT 'Encrypted password',

  INDEX FKIndexUserId (id)

) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Users table';

 

CREATE TABLE user_roles (

  id int(4) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT       COMMENT 'Id',

  uname                                    varchar(15) not null
COMMENT 'name, same as in Authuser table',

  role_name                               varchar(15) not null
COMMENT 'Role this user is allowed',

  CONSTRAINT CSconstraint FOREIGN KEY (uname) REFERENCES authuser(uname)

);

ALTER TABLE user_roles ADD UNIQUE(uname, role_name);

 

Finally, at the risk of making the mail too long, here is the relevant parts
login.jsp:

<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >

<table cellspacing="0" cellpadding="0" align="center" width="700">

            <tr>

                        <td valign="top" class="main_table" colspan="2"><br>

                        <b class="blue"> Log into system </b>

                        <hr align="left">

                        <br>

                        <table cellspacing="0" cellpadding="0">

                                    <tr>

                                                <td>&nbsp;&nbsp;&nbsp;&nbsp;
<img src="Images/lock1.jpg" alt="">

 
&nbsp;&nbsp;&nbsp;&nbsp;</td>

                                                <td>

                                                <table>

                                                            <tr>

                                                                        <td
align="right" class="input_table_td">Username:</td>

                                                                        <td
class="input_table_td"><input type="text" name="j_username"></td>

                                                            </tr>

                                                            <tr>

                                                                        <td
align="right" class="input_table_td2">Password:</td>

                                                                        <td
class="input_table_td2"><input type="password" name="j_password"></td>

                                                            </tr>

                                                            <tr>

                                                        <td
align="right"><input type="submit" value="Log In"></td>

                                                            </tr>

                                                </table>

                                                </td>

                                    </tr>

                        </table>

            </form>

 

I am using:

Tomcat 5.0

MySql 4.1.7nt

JDK 1.4

 

Thank you in advance

 

Rian


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message