tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <>
Subject Re: connection autoReconnect?
Date Thu, 26 Jan 2012 23:59:06 GMT
----- Original Message -----

> From: Jerry Malcolm <>
> To: Tomcat Users List <>
> Cc: 
> Sent: Thursday, January 26, 2012 2:58 PM
> Subject: Re: connection autoReconnect?
>T hanks to all for the assistance.  I'll try adding those parameters.  But
> I'm always a bit nervous about possibly just band-aiding a problem that I
> don't really understand.
> Regarding the defensive coding approach, this error often occurs on the sql
> query by the internal TC security authentication code that looks up ids and
> passwords for login.  I don't own that code.  I would think any required
> defensive code would be already present in base TC code, yet it's failing
> there as well.  Basically, if I could figure out how to defend against this
> in my code, there's still nothing I can do, coding-wise, to defend against
> it in a security auth call to sql, right?

How are you doing authentication?

Using a straight JDBCRealm for authentication and authorization really creates a lot of problems.

From the document at:

     The JDBC Realm uses a single db connection. This requires that realm
     based authentication be synchronized, i.e. only one authentication can
     be done at a time. This could be a bottleneck for applications with
     high volumes of realm based authentications.

Also if people don't authenticate for a time, then the database's idle timeout will disconnect
the database and no one will be able to log in.

What you need is a DataSourceRealm. This provides the capabilities of a database pool along
with the Realm interface for authentication and authorization.

The information on how to set this up is scattered across several documents. Fortunately,
there's a Wiki page available:

It's based on Tomcat 6, so you should check the particulars against Tomcat 7 before blindly
copying configuration components.

. . . . just my two cents.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message