tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Ling" <jason.h.l...@gmail.com>
Subject Re: Configuring DataSourceRealm using Oracle
Date Mon, 03 Mar 2008 21:36:28 GMT
I got what you way:  the <realm-name> and the <Realm> are not the same thing
and not related in the security configuration I am trying to learn.  I will
try to find time to do some reading on http to understand that realm.

My next goal is a JNDIRealm (LDAP).

Thank you very much for your kind help, David!


Jason


On Mon, Mar 3, 2008 at 4:12 PM, david delbecq <delbd+jakarta@oma.be> wrote:

> What is in the web.xml is not tomcat specific. The "realm" you see in
> web.xml is related to the notion of realm used by http protocol, that is
> a string showed to user when the login with http basic authentification,
> and which server for browser to seperate login in different "realms" for
> a same server (eg an admin realm, a shopping realm, a clerk realms)
>
> The link between a webapplication and a tomcat realm (that is, a source
> for users passwords and roles) is done in a context.xml file, which is
> tomcat specific. The file can be either located in META-INF/context.xml
> in your webapp for auto configuration or be put manually in tomcat
> config (conf/Catalina/<host>/<webapp>.xml)
> Jason Ling a écrit :
> > Thank you, David.  Now it works!
> >
> > I looked back into the documentation for DataSource, and then configured
> one
> > in the server.xml file as a JNDI <Resource>.  It seems to me that the
> > <Realm> gets associated with the <Resource> by jdbc/webappDB, and that
> tells
> > tomcat server where to find the Oracle server.
> >
> > Nevertheless, I still still have a few questions:
> >
> > What is the the <realm-name> sub-element of <login-config> for in the
> > application's web.xml file, when and how is it used?  Suppose I
> configure
> > more than one <Realm> in server.xml, is that the scenario where I need
> to
> > use the <real-name> tag to specify which Realm to use?  In that case,
> > <realm-name>what is the name</realm-name>  for the realm?
> >
> > Thanks a lot for your guide!
> >
> >
> > Jason
> >
> >
> >
> > On Mon, Mar 3, 2008 at 3:11 PM, david delbecq <delbd+jakarta@oma.be>
> wrote:
> >
> >
> >> And, actually, you didn't do the part where you configure the
> datasource
> >> that your realm will use, information that is provided in the link i
> >> pointed you to. If you did actually configure the datasource (which is
> >> separate from the datasourcerealm), you wouldn't say
> >>
> >>
> >>> I still wonder
> >>> how Tomcat would know where to go
> >>>
> >> moreover none of the configuration statements you pasted show any track
> >> of your datasource configuration, which agina is separate from the
> realm.
> >>
> >>
> >> Jason Ling a écrit :
> >>
> >>> Thank you, David.
> >>>
> >>> Sorry, I sent this message two times, each time only the quoted
> message
> >>>
> >> was
> >>
> >>> sent, but not my reply.  This is another try.
> >>>
> >>> Actually I did read the document you provided the link to.  In that
> >>>
> >> document
> >>
> >>> (The Realm Component) the following attributes are listed for the
> >>> DataSourceRealm:
> >>>
> >>>    dataSourceName
> >>>    roleNameCol
> >>>    userCredCol
> >>>    userNameCol
> >>>    userRoleTable
> >>>    userTable
> >>>
> >>> and I actually used all of them in my first attempted configuration as
> >>>
> >> shown
> >>
> >>> in my original email:
> >>>
> >>>    First attempt:
> >>>    ++++++++++
> >>>    I replaced the above-mentioned <Realm> element with the following
> >>>
> >> one,
> >>
> >>> mimicking the example for mySQL in the documentation:
> >>>
> >>>       <Realm  className="org.apache.catalina.realm.DataSourceRealm"
> >>>          dataSourceName="jdbc/webappDB"
> >>>               userTable="users" userNameCol="user_name"
> >>> userCredCol="user_pass"
> >>>           userRoleTable="user_roles" roleNameCol="role_name" />
> >>>
> >>> And that did not work out, you know, as I mentioned.  I still do not
> >>>
> >> know
> >>
> >>> what was wrong with my configuration for DataSourceRealm.  I still
> >>>
> >> wonder
> >>
> >>> how Tomcat would know where to go to look for the users table and the
> >>> user_roles table, which are on the Oracle server which is
> >>>
> >> sb.lehman.cuny.edu,
> >>
> >>> and is not in any of the attributes listed above.  Did I miss any
> >>>
> >> components
> >>
> >>> in the configuration that I tried?
> >>>
> >>>
> >>> Jason
> >>>
> >>>
> >>>
> >>> On Mon, Mar 3, 2008 at 1:11 PM, David Delbecq <delbd+jakarta@oma.be>
> >>>
> >> wrote:
> >>
> >>>
> >>>> Jason Ling a écrit :
> >>>>
> >>>>
> >>>>> I changed the <Realm> element in the server.xml file, and
it became:
> >>>>>
> >>>>>       <Realm  className="org.apache.catalina.realm.DataSourceRealm"
> >>>>>          dataSourceName="jdbc/webappDB"
> >>>>>              driverName="oracle.jdbc.OracleDriver"
> >>>>>           connectionURL="jdbc:oracle:thin:@sb.lehman.cuny.edu:1521
> >>>>>
> >> :idm0"
> >>
> >>>>>          connectionName="webappdb" connectionPassword="GreenHorn"
> >>>>>               userTable="users" userNameCol="user_name"
> >>>>> userCredCol="user_pass"
> >>>>>           userRoleTable="user_roles" roleNameCol="role_name" />
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>> your are using the datasourcerealm with parameters from the
> jdbcrealm,
> >>>> those are two separate realms. For datasource realm, you need to
> define
> >>>> a datasource that matches the one specified in
> >>>>
> >>>> dataSourceName="jdbc/webappDB"
> >>>>
> >>>> To get more information on how to configure a datasource, please go
> >>>> there:
> >>>>
> >>>>
> >>>>
> >>
> http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html
> >>
> >>>> ---------------------------------------------------------------------
> >>>> To start a new topic, e-mail: users@tomcat.apache.org
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >>
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message