tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Brian Hall" <jbrianhall...@me.com>
Subject RE: Configuring Combined Realm
Date Mon, 28 Oct 2013 12:44:03 GMT
Hey Felix, thanks much.  This is a better alternative for what I am doing.

-----Original Message-----
From: Felix Schumacher [mailto:felix.schumacher@internetallee.de] 
Sent: Monday, October 28, 2013 8:38 AM
To: Tomcat Users List
Subject: Re: Configuring Combined Realm

Hello Brian,

On Mo, 2013-10-28 at 07:46 -0400, J. Brian Hall wrote:
> How can I configure CombinedRealm in order to: (1) use JDBCRealm for 
> my webapp with form-based authentication while (2) also using the 
> default UserDatabaseRealm for the Tomcat Web Application Manager?  I 
> can get one or the other to work, but not both.  Here are the details of
my setup:

you don't need CombinedRealm to setup two different Realms for two different
contexts (webapps). In fact, it is not what you want. Just put the realm
definitions into the contexts for the webapps.

So the context for your webapp - I will name it appA - would probably be
something like this (file:
$CATALINA_BASE/conf/Catalina/localhost/appA.xml or
$CATALINA_BASE/webapps/appA/META-INF/context.xml)

<Context>
  <Realm className="org.apache.catalina.realm.DataSourceRealm"
     dataSourceName="jdbc/authority"... />
  ...
</Context>

While the context definition for the manager application would take the
realm definition for the UserDatabaseRealm (file:
$CATALINA_BASE/conf/Catalina/localhost/manager.xml or
$CATALINA_BASE/webapps/manager/META-INF/context.xml)

<Context antiResourceLocking="false" privileged="true" >  <Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="UserDatabase"/>
 ...
</Context>

You can wrap those realms with the LockOutRealm as done in your examples, of
course.

Note, that I replaced JDBCRealm with DataSourceRealm, since it is better
suited for production.

Look at
http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html#DataSourceRealm
for more details to configure it.

Regards
 Felix
> 
>  
> 
> -OS: Windows 7
> 
> -Server: Tomcat 7.0.42
> 
> -Database: MySQL 5.6
> 
>  
> 
> Articles I have used up to this point:
> 
> 1.       Form-based authentication with Tomcat 7 and MySQL:
> http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mys
> ql-and -tomcat-7-with-form-based-authentication/
> 
> 2.       Configuring CombinedRealm:
> http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm
> 
> 3.       Lastly, note that my database, tables, and Connector/J are setup
> per instructions above and I am able to login to my webapp with 
> form-based authentication when only using JDBCRealm, but I then can't 
> login to the Tomcat Web Application Manager.
> 
>  
> 
> I configured the file CATALINA_HOME/config/server.xml in two ways:
> 
>  
> 
> 1.       I've identified the following global resources:
> 
>  
> 
> <!--Resource for Tomcat Web App Manager-->
> 
> <Resource name="UserDatabase"
> 
> auth="Container"
> 
> type="org.apache.catalina.UserDatabase"
> 
> description="User database that can be updated and saved"
> 
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> 
> pathname="conf/tomcat-users.xml" />
> 
>  
> 
> <!--Resource for my webapp-->
> 
> <Resource name="jdbc/authority"
> 
> auth="Container"
> 
> type="javax.sql.DataSource"
> 
> driverClassName="com.mysql.jdbc.Driver"
> 
> description="mySQL Database"
> 
> url="jdbc:mysql://localhost:3306/authority"
> 
> maxActive="15"
> 
> maxidle="3"/>
> 
>  
> 
> 2.       I've nested Realms within CombinedRealm as follows:
> 
>  
> 
> <Realm className="org.apache.catalina.realm.CombinedRealm" >
> 
>  
> 
> <!-- LockOutRealm to prevent brute-force attack. -->
> 
>                 <Realm className="org.apache.catalina.realm.LockOutRealm"
> failureCount="3" lockoutTime="3600"/>
> 
>                 <!-- Default Realm for Tomcat Application Manager -->
> 
>                 <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> 
>  
> 
>                 <!-- JDBC Realm for my webapp. -->
> 
>                 <Realm className="org.apache.catalina.realm.JDBCRealm"
> 
>                                 driverName="com.mysql.jdbc.Driver"
> 
>  
> connectionURL="jdbc:mysql://localhost:3306/authority"
> 
>                                 connectionName="root"
> 
>                                 connectionPassword="root"
> 
>                                 userTable="users"
> 
>                                 userNameCol="user_name"
> 
>                                 userCredCol="user_pass"
> 
>                                 userRoleTable="user_roles"
> 
>                                 roleNameCol="role_name"/>
> 
> </Realm>
> 
>  
> 
> Lastly, I configured my 
> CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml
> file as follows:
> 
>  
> 
> <?xml version="1.0" encoding="ISO-8859-1"?>
> 
> <web-app
> 
>                 version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" 
> 
>                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> 
>                 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
> 
>  
> 
> <display-name>webapp</display-name>
> 
> <description>Form-Based Authentication with mySQL</description>
> 
>  
> 
> <resource-ref>
> 
>                 <description>mySQL Database</description>
> 
>                 <res-ref-name>jdbc/authority</res-ref-name>
> 
>                 <res-type>javax.sql.DataSource</res-type>
> 
>                 <res-auth>Container</res-auth>
> 
> </resource-ref>
> 
>  
> 
> <security-constraint>
> 
>                 <web-resource-collection>
> 
>                 <web-resource-name>Protected</web-resource-name>
> 
>                                 <url-pattern>/*</url-pattern>
> 
>                                 <http-method>PUT</http-method>
> 
>                                 <http-method>GET</http-method>
> 
>                                 <http-method>POST</http-method>
> 
>                 </web-resource-collection>
> 
>     <auth-constraint>
> 
>                 <role-name>webappuser</role-name>
> 
>                 </auth-constraint>
> 
>                 <user-data-constraint>
> 
>  
> <transport-guarantee>NONE</transport-guarantee>
> 
>                 </user-data-constraint>
> 
> </security-constraint>
> 
>  
> 
> <login-config>
> 
>                 <auth-method>FORM</auth-method>
> 
>                 <form-login-config>
> 
>                 <form-login-page>/login.jsp</form-login-page>
> 
>                 <form-error-page>/error.jsp</form-error-page>
> 
>         </form-login-config>
> 
> </login-config>
> 
>                                 
> 
> </web-app>
> 
>  
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message