tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Posner <cuco2...@gmail.com>
Subject Re: Realm configuration issues
Date Sat, 05 Sep 2009 23:01:00 GMT
Thanks Mark for all those tips. I will go back to the DataSource Realm. As
for the location of my auth-error.html, it is in
webapps/web-app-name, where my jsp's are.

On Sat, Sep 5, 2009 at 1:55 AM, Mark Thomas <markt@apache.org> wrote:

> Adam Posner wrote:
> > Hi, I have been trying to implement form based authentication using
> > container managed security.
> > I had tried originally to use the DataSource Realm but after struggling
> with
> > that for so long I gave up because I had tried everything I could think
> of
> > as far as putting the Realm declaration in varioius places with no luck,
> and
> > I got conflicting answers between the the Apache-Tomcat docs
>
> Generally, the docs will give you more accurate information. If you have
> problems ask here and on the odd occasion the docs are wrong they'll get
> fixed.
>
>  ( which I've
> > read multiple times) and what I found in places like mark-mail and
> nabble.
> >
> > So now I am trying to get it working with the JDBC realm instead.
>
> That is a bad idea. The JDBCRealm is horribly synchronized whereas the
> DataSourceRealm uses a connection pool.
>
>
> > server.xml:
> I'd strongly suggest removing the comments from this file. It makes it a
> lot easier to read.
>
> > <?xml version='1.0' encoding='utf-8'?>
> > <Server port="8005" shutdown="SHUTDOWN">
> >
> >   <Listener className="org.apache.catalina.core.AprLifecycleListener"
> > SSLEngine="on" />
> >   <Listener className="org.apache.catalina.core.JasperListener" />
> >   <Listener
> className="org.apache.catalina.mbeans.ServerLifecycleListener"
> > />
> >   <Listener
> > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
> >
> >   <GlobalNamingResources>
> >
> >     <Resource name="UserDatabase" auth="Container"
> >               type="org.apache.catalina.UserDatabase"
> >               description="User database that can be updated and saved"
> >
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >               pathname="conf/tomcat-users.xml" />
> >   </GlobalNamingResources>
> >
> >   <Service name="Catalina">
> >     <Connector port="8080" protocol="HTTP/1.1"
> >                connectionTimeout="20000"
> >                redirectPort="8443" />
> >
> >     <!-- Define an AJP 1.3 Connector on port 8009 -->
> >     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
> >     <Engine name="Catalina" defaultHost="localhost">
> >
> >       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >              resourceName="UserDatabase"/>
> >
> >       <Host name="localhost"  appBase="webapps"
> >             unpackWARs="true" autoDeploy="true"
> >             xmlValidation="false" xmlNamespaceAware="false">
> >
> >         <Context path="/blurbV1"
> >              docBase="blurbV1"
> >              debug="99"
>
> debug doesn't do anything - delete it. This begs the question why did
> you add it? Any docs that say you need it are for the wrong Tomcat
> version. That is why you are best following the official Tomcat 6 docs.
> >              reloadable="true">
> >
> >             <Resource name="jdbc/trailsDB" auth="Container"
> >                   type="javax.sql.DataSource"
> >
> >                   driverClassName="com.mysql.jdbc.Driver"
> >
> > url="jdbc:mysql://localhost:3306/trailsDB?user=buzz&amp;password=999999"
> >                        maxActive="8"/>
>
> I assume this resource is required by the application since the
> JBDCRealm won't use it.
>
> >             <Realm className="org.apache.catalina.realm.JDBCRealm"
> >                    debug="99"
> >                    driverName="com.mysql.jdbc.Driver"
> >                    connectionURL="jdbc:mysql://localhost:3306/trailsDB"
> >                    userTable="users"
> >                    userNameCol="user_name"
> >                    userCredCol="user_pass"
> >                    userRoleTable="user_roles"
> >                    roleNameCol="role_name"
> >             />
>
> You are missing the connectionName and connectionPassword attributes.
> Both of which are clearly marked as required in the docs. Again - use
> the official docs and life gets a lot easier.
>
> >               </Context>
> >
> >       </Host>
> >     </Engine>
> >   </Service>
> > </Server>
> >
> > And my web.xml:
> >
> >   <security-constraint>
> >
> >     <web-resource-collection>
> >
> >         <web-resource-name>UpdateTrails</web-resource-name>
> >
> >         <url-pattern>/*</url-pattern>
> >
> >         <http-method>GET</http-method>
> >         <http-method>POST</http-method>
>
> This is bad from a security point of view. This means *only* GET and
> POST are protected but all of the other HTTP methods are allowed. I
> doubt that is what you want.
>
> >     </web-resource-collection>
> >
> >         <auth-constraint>
> >             <description>These are the roles who have
> access</description>
> >             <role-name>admin</role-name>
> >         </auth-constraint>
> >
> > </security-constraint>
> >
> > <login-config>
> >     <auth-method>FORM</auth-method>
> >     <realm-name>Tomcat Server Configuration Form-Based
> >         Authentication Area</realm-name>
> >     <form-login-config>
> >         <form-login-page>/Login.html</form-login-page>
> >         <form-error-page>/auth-error.html</form-error-page>
> >     </form-login-config>
> >         </login-config>
> >
> >
> > <resource-ref>
> >     <description>DB Connection</description>
> >     <res-ref-name>jdbc/trailsDB</res-ref-name>
> >     <res-type>javax.sql.DataSource</res-type>
> >     <res-auth>Container</res-auth>
> > </resource-ref>
> >
> > </web-app>
> >
> > Even though it says DataSource in the above resource-ref tag, all the
> info I
> > found told me
> > to do that even with the JDBCRealm.
>
> Really? If the official Tomcat docs say you need to do that then they
> are wrong. I had a quick look but I couldn't see anything that said
> this. Where did you read it and I'll get it fixed.
>
> > So there seems to be 2 problems. Here's what Tomcat gives me when I
> attempt
> > to login:
> >
> > HTTP Status 404 - /blurbV1/auth-error.html
> > ------------------------------
> >
> > *type* Status report
> >
> > *message* */blurbV1/auth-error.html*
> >
> > *description* *The requested resource (/blurbV1/auth-error.html) is not
> > available.*
> > ------------------------------
> > Apache Tomcat/6.0.16
> > But it should allow me to login since I have the users and the database
> > setup with the correct
> > user and role tables. Here is the tomcat-users.xml created by Tomcat:
>
> Huh? Tomcat doesn't create this file. You must have created it. Added to
> which it is irrelevant in this case since your context is using the
> JDBCRealm, not the UserDatabaseRealm.
>
> > Any ideas why I might be getting this ?
>
> The 404 suggests the auth-error.html does not exist. Where is the file
> located?
>
> You are seeing the error page because Tomcat can't connect to your
> database to authenticate the user. You need to fix the various problems
> outlined above.
>
> Mark
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message