tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Configuring a context specific JNDI/JDBC Realm
Date Mon, 02 May 2011 16:22:37 GMT
On 02/05/2011 17:11, Mark Hoebeke wrote:
> So, I'm using Tomcat 6.0.26 and I'm developing an application relying on
> a Realm to authenticate users. The Realm is a DataSourceRealm pointing
> to a JNDI Resource declared in the ${catalina.home}/conf/context.xml as
> follows :

You almost certainly don't want to do that. Entries in that file provide
defaults for *every* web application. You have just exposed this
datasource to every context on the Tomcat instance.

> <Resource name="jdbc/mydb"
> 	auth="Container"
> 	type="javax.sql.DataSource"
> 	driverClassName="org.postgresql.Driver"
> 	url="jdbc:postgresql://dbhost:5437/dbname"
> 	username="dbuser" password="dbpasswd"/>
> This declaration is fully functional as the same application relies on
> it for non-authentication related uses that actually work.
> I've tried putting the Realm declaration in the META-INF/context.xml
> file of my application, as follows :
> <Context path="/myapp">
> 	<Realm className="org.apache.catalina.realm.DataSourceRealm"
> auth="Container" debug="99" dataSourceName="jdbc/mydb" userTable="users"
> userRoleTable="roles" userNameCol="name" userCredCol="password"
> roleNameCol="role" digest="SHA-1" />
> </Context>
> (As I'm (re)deploying the app quite frequently I cannot put this
> declaration in the ${catalina.home}/conf/server.xml file, if I'm right).

Wrong. There is nothing stopping you defining the resource in
server.xml. The following changes should fix this:
- move the resource definition to server.xml (under GlobalResources)
- add a resource link to META-INF/context.xml that is included with the WAR
- leave the Realm in META-INF/context.xml

If you do decide to more the Resource definition to META-INF/context.xml
rather than server.xml then you'll need to add the
localDataSource="true" the the Realm definition.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message