tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: JDBCRealm conection timeout failure on getPassword
Date Mon, 08 Oct 2012 01:57:22 GMT
Comments inline.

On 10/7/2012 3:31 PM, Aladin Dajani wrote:
> Hello Pid,
>
> I cannot dismiss that there may be inaccuracies as you mentioned in your
> response, perhaps you could help me figure them out.
>
> Here are the cases I tried (the first three were outlined in the wiki
> http://wiki.apache.org/tomcat/TomcatDataSourceRealms)
>
> MY REALM ELEMENT:
>          <Realm className="org.apache.catalina.realm.DataSourceRealm"
>              dataSourceName="jdbc/MyAppDB"
>              userTable="users"
>              userNameCol="username"
>              userCredCol="password"
>              userRoleTable="roles"
>              roleNameCol="rolename"
>              digest="digestname"
>          />
>
> MY RESOURCE ELEMENT:
> <Resource
>   name="jdbc/MyAppDB"
> type="javax.sql.DataSource"
> auth="Container"
> driverClassName="com.mysql.jdbc.Driver"
> maxActive="100"
> maxWait="10000"
> maxIdle="30"
> password="password"
> logAbandoned="true"
> username="username"
> removeAbandoned="true"
> removeAbandonedTimeout="60"
> url="jdbc:mysql://localhost:3306/databasename"
> />
>

It might be nice to have a validation query here, so you know you're 
getting a connection to the database.

>
> Case 1:
> Everything in META-INF/context.xml
> META-INF/context.xml contains:
>   <Context>
>      <MY RESOURCE ELEMENT GOES HERE>
>      <MY REALM ELEMENT GOES HERE>
>   </Context>
>

Please note that you are missing a localDataSource="true" in your Realm 
element of context.xml. This is required when both the Realm and the 
Resource are defined in context.xml. The Wiki mentions this, but maybe 
it's not prominent enough.

> $CATALINA_HOME/conf/server.xml contains:
>    <GlobalNamingResources>
>      <Resource
> auth="Container"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> name="UserDatabase"
> pathname="conf/tomcat-users.xml"
> type="org.apache.catalina.UserDatabase"/>
>    </GlobalNamingResources>
>
>    and
>    <Engine>
>        <Realm className="org.apache.catalina.realm.LockOutRealm">
>          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
>        </Realm>
>        <Host>..</Host>
>    </Engine>
>
> $CATALINA_HOME/conf.context.xml conatins
>   <Context>
>      <WatchedResource>WEB-INF/web.xml</WatchedResource>
>   </Context>
>
> Result:  Login form is presented but login fails when valid credentials are
> used
>
>   $CATALINA_HOME/logs/localhos.data.log contains:
>   Oct 7, 2012 5:05:55 PM org.apache.catalina.realm.DataSourceRealm open
>   SEVERE: Exception performing authentication
>   javax.naming.NameNotFoundException: Name jdbc is not bound in this Context
>
>   <Note> I suspect some issue with context.xml since tomcat did not copy it
> to $CATALINA_HOME/conf/localhost
>
> =================================
>
> Case 2:
>   Using GlobalNamingResources and META-INF/context.xml
>
>   META-INF/context.xml contains:
>   <Context>
>      <MY REALM ELEMENT GOES HERE>
>   </Context>
>
>
>
> $CATALINA_HOME/conf/server.xml contains:
>    <GlobalNamingResources>
>      <Resource
>          auth="Container"
>          description="User database that can be updated and saved"
>          factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>          name="UserDatabase"
>          pathname="conf/tomcat-users.xml"
>          type="org.apache.catalina.UserDatabase"/>
>
>       <MY RESOURCE ELEMENT GOES HERE>
>
>    </GlobalNamingResources>
>
>     No changes to <Engine> or <Host> elements
>     No change to $CATALINA_HOME/conf.context.xml conatins
>
> Result:
>   Fails.  Application's login form fails to display.
>   tomcat7-stdout.date.log contains:
>   Cannot get connection: javax.naming.NameNotFoundException: Name jdbc is
> not bound in this Context
>
>   <Note> I suspect some issue with context.xml since tomcat did not copy it
> to $CATALINA_HOME/conf/localhost
> ================================
>
> case 3:
> Using $CATALINA_HOME/conf/server.xml only:
>
>   META-INF/context.xml : Does not exist.
>
> $CATALINA_HOME/conf/server.xml contains:
>    <GlobalNamingResources>
>      <Resource
> auth="Container"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> name="UserDatabase"
> pathname="conf/tomcat-users.xml"
> type="org.apache.catalina.UserDatabase"/>
>
>          <MY RESOURCE ELEMENT GOES HERE>
>    </GlobalNamingResources>
>
>    and
>    <Engine>
>        <Realm className="org.apache.catalina.realm.LockOutRealm">
>          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
>
>          <MY REALM ELEMENT GOES HERE>
>
>        </Realm>
>        <Host>..</Host>
>    </Engine>
>
>     No change to $CATALINA_HOME/conf.context.xml conatins
>
> Result:
>   Same as result in case #2
>
> ==================================
> Case 4:
>   Using $CATALINA_HOME/conf/server.xml only part II:
>   Same as in case 3 above except that the REALM element goes inside the
> <Host> element:
>    <Engine>
>        <Realm className="org.apache.catalina.realm.LockOutRealm">
>          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
>        </Realm>
>        <Host>
>          <MY REALM ELEMENT GOES HERE>
>        </Host>
>    </Engine>
>
>     No change to $CATALINA_HOME/conf.context.xml conatins
>     META-INF/context.xml : Not used (does not exist)
>
> Result:
>    Same as cases #2 and 3 above
>
> ======================================
>
> Case 5:
>   Using $CATALINA_HOME/conf/server.xml and $CATALINA_HOME/conf/context.xml
>   Same as in case 3 above with another copy of resource element added to
> $CATALINA_HOME/conf/context.xml (in addition to the one in server.xml)
>
> $CATALINA_HOME/conf.context.xml conatins
>   <Context>
>      <WatchedResource>WEB-INF/web.xml</WatchedResource>
>      <MY RESOURCE ELEMENT GOES HERE>
>   </Context>
>
> Result:
> SUCCESS. Login form is presented and login succeeds when valid credentials
> are used.
>
>
> Thanks
> Aladin
>

I'm assuming that this is really $CATALINA_HOME/conf/context.xml.

This is the global context.xml for all applications (Engines, Hosts) in 
the JVM. It's interesting that this works, but the others do not.

It sounds like you're missing a resource-ref element in web.xml. I don't 
know if it's necessary in the servlet 3.0 spec (I should really read 
it), but something like this may be required.

     <resource-ref>
         <description>Your database</description>
         <res-ref-name>jdbc/MyAppDB</res-ref-name>
         <res-type>javax.sql.DataSource</res-type>
         <res-auth>Container</res-auth>
         <res-sharing-scope>Shareable</res-sharing-scope>
     </resource-ref>

Missing that usually gives the type of non-bound error messages you're 
seeing in the log files.

Also, I'm wondering why your context.xml file is not being copied over 
to $CATALINA_BASE/conf/Catalina/localhost/app-name.xml (assuming 
localhost and the default Engine name).

Post your complete web.xml and context.xml with any sensitive 
information obfuscated.

. . . . just my two cents.

/mde/

> On Sun, Oct 7, 2012 at 4:35 PM, Pid <pid@pidster.com> wrote:
>
>> On 07/10/2012 19:40, Aladin Dajani wrote:
>>> Thank you all for your help.  I now have DataSourceRealm based
>>> authentication up and running with my connection pool.
>>>
>>> One thing I want to mention is that I was unable to make teh scenarios
>>> described in the wiki work until I duplicated the Resource definition in
>>> both server.xml and in context.xml.
>>
>> That is unlikely to be accurate unless you are using the datasource for
>> something else.  The GlobalResources definition will be the one working.
>>
>> The tomcat/conf/context.xml definition will only be valid for Realms
>> created inside the Context; and will create a separate pool for each
>> application deployed.
>>
>>
>> p
>>
>>
>> I tried several combinations as
>>> described in the wiki and outside and this is the one that worked, for
>> now
>>> this is what matters to me.
>>>
>>> Thanks....
>>>
>>>
>>>
>>> On Sun, Oct 7, 2012 at 11:33 AM, Mark Eggers <its_toasted@yahoo.com>
>> wrote:
>>>
>>>> On 10/7/2012 8:22 AM, Pid * wrote:
>>>>
>>>>> On 7 Oct 2012, at 15:26, Aladin Dajani <aladin.dajani@gmail.com>
>> wrote:
>>>>>
>>>>>   OK So I tried to use DataSourceRealm.  Seems simple enough. but I get
>> the
>>>>>> following exception:
>>>>>>
>>>>>> Oct 7, 2012 9:54:51 AM org.apache.catalina.realm.**DataSourceRealm
>> open
>>>>>> SEVERE: Exception performing authentication
>>>>>> javax.naming.**NameNotFoundException: Name jdbc is not bound in this
>>>>>> Context
>>>>>>
>>>>>> Here is my configuration.  context.xml is unchanged from previous
>> setup
>>>>>> (works well for pooled database access within the app)
>>>>>>
>>>>>> {catalina-base}\conf\context.**xml:
>>>>>>      <Resource
>>>>>> name="jdbc/MyAppDB"
>>>>>> auth="Container"
>>>>>> driverClassName="com.mysql.**jdbc.Driver"
>>>>>> logAbandoned="true"
>>>>>> maxActive="100"
>>>>>> maxIdle="30"
>>>>>> maxWait="10000"
>>>>>> password="password"
>>>>>> username="user"
>>>>>> removeAbandoned="true"
>>>>>> removeAbandonedTimeout="60"
>>>>>> type="javax.sql.DataSource"
>>>>>> url="jdbc:mysql://localhost:**3306/databasename"
>>>>>> />
>>>>>>
>>>>>> Server.xml replaces the JDBCRealm with the DataSourceRealm as below
>>>>>>
>>>>>> {catalina-base}\conf\server.**xml:
>>>>>>        <Realm className="org.apache.**catalina.realm.LockOutRealm">
>>>>>> <Realm className="org.apache.**catalina.realm.**DataSourceRealm"
>>>>>> dataSourceName="jdbc/MyAppDB"
>>>>>> userTable="users"
>>>>>> userNameCol="username"
>>>>>> userCredCol="password"
>>>>>> userRoleTable="roles"
>>>>>> roleNameCol="rolename"
>>>>>>          digest="MD5"
>>>>>> />
>>>>>>        </Realm>
>>>>>>
>>>>>> Have I missed a configuration somewhere ?
>>>>>>
>>>>>
>>>>> Yes, define the Resource in GlobalResources in server.xml.
>>>>>
>>>>>
>>>>> p
>>>>>
>>>>
>>>> Here's the Wiki document on the various combinations:
>>>>
>>>> http://wiki.apache.org/tomcat/**TomcatDataSourceRealms<
>> http://wiki.apache.org/tomcat/TomcatDataSourceRealms>
>>>>
>>>> /mde/
>>>>
>>>>
>>>>>> Thanks.
>>>>>> On Sun, Oct 7, 2012 at 9:36 AM, Felix Schumacher <
>>>>>> felix.schumacher@**internetallee.de <
>> felix.schumacher@internetallee.de>>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Aladin Dajani <aladin.dajani@gmail.com> schrieb:
>>>>>>>
>>>>>>>   Hello List,
>>>>>>>>
>>>>>>>> My application is configured for JDBCRealm authentication
uses a
>> MySQL
>>>>>>>> database.
>>>>>>>> For my own use inside the application, I have setup a connection
>> pool
>>>>>>>> to
>>>>>>>> access the database,  However, the configuration of JDBCRealm
in
>>>>>>>> server.xml
>>>>>>>> uses astand-alone connection.  Since MySQL times-out connections
>> after
>>>>>>>> 8
>>>>>>>> hours, I get the following error in tomcat logs as I try
to log-in
>>>>>>>> after
>>>>>>>> the connection times out:
>>>>>>>>
>>>>>>>> Oct 7, 2012 8:36:51 AM org.apache.catalina.realm.**JDBCRealm
>>>>>>>> getPassword
>>>>>>>> SEVERE: Exception performing authentication
>>>>>>>> com.mysql.jdbc.exceptions.**jdbc4.**MySQLNonTransientConnectionExc**
>>>>>>>> eption:
>>>>>>>> No
>>>>>>>> operations allowed after connection closed.Connection was
implicitly
>>>>>>>> closed
>>>>>>>> by the driver.
>>>>>>>>
>>>>>>>> Users do not notice this error (I presume tomcat's JDBCRealm
will
>>>>>>>> create a
>>>>>>>> new connection), but it US disconcerting to have all these
>> exceptions
>>>>>>>> in
>>>>>>>> tomcat logs, especially that when the server goes into production
>> mode,
>>>>>>>> I
>>>>>>>> fear this will have adverse effects.
>>>>>>>>
>>>>>>>> Is it possible to have JDBDRealm use the same connection
pool which
>> my
>>>>>>>> application uses (which is setup in tomcat's context.xml
so it
>> should
>>>>>>>> be accessible to all applications in tomcat).
>>>>>>>>
>>>>>>>
>>>>>>> Have a look at DatasourceRealm.
>>>>>>>
>>>>>>> Regards
>>>>>>> Felix
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>
>>>>
>>>>
>> ------------------------------**------------------------------**---------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<
>> users-unsubscribe@tomcat.apache.org>
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>>
>> --
>>
>> [key:62590808]
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message