tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Kolchoogin <>
Subject Tomcat 7.0 Manager/Host Manager authentication via Tomcat Realms -- is it possible at all?
Date Mon, 04 Apr 2011 05:09:00 GMT
Dear colleagues,

    I'm trying to use Tomcat Realms as authentication source
_specifically for Tomcat Manager and Host Manager_.

    Short problem description: it doesn't work.

    Long problem description: Tomcat even _doesn't try to initialise
MySQL connection_ -- I removed MySQL Connector/J for testing purposes,
and Tomcat hasn't given _ever any warning_ to me, besides of existence
of JDBC Realm in server.xml.

1. Yes, I do have fresh installation of Tomcat.
2. Yes, I do have Sun Java 2 EE v1.6.0.3 pl4 -- the latest one.
3. Yes, I have read Tomcat docs and have searched Google.

Nothing helps: all Google search results refers me either to
UserDatabase Realm and conf/tomcat-users.xml (that is obviously works
well -- I've tested it) or to realm authentication for THIRD-PARTY
applications, that I'm not interested in.

Resource definitions:

=== conf/server.xml ===
<Server port="8005" shutdown="SHUTDOWN">

[ . . . . . . . . ]

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    <Resource name="UserDatabase" auth="Container"
              description="User database that can be updated and saved"
              pathname="conf/tomcat-users.xml" />
    <Resource name="jdbc/auth" auth="Container"
              maxIdle="4" />

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
  <Service name="Catalina">

[ . . . . . . . . ]

    <Engine name="Catalina" defaultHost="localhost">

[ . . . . . . . . ]

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase" />
        <Realm className="org.apache.catalina.realm.DataSourceRealm"
               userTable="users" userNameCol="user" userCredCol="password"
               userRoleTable="roles" roleNameCol="role" />

[ . . . . . . . . ]


Once more: there're no log errors and even there're no log _warnings_
after Tomcat is started by me and I'm making an attempt to use Tomcat
Manager. Tomcat gives me HTTP Basic Authentication window in my Web
browser, I'm entering login and password in it, and authentication
fails. No log errors/warnings given. Not even in a case I have removed
(!) mysql-connector-java.jar.

So, what am I doing wrong?
        Andrew Kolchoogin.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message