tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Configuring Combined Realm
Date Mon, 28 Oct 2013 12:37:52 GMT
Hello Brian,

On Mo, 2013-10-28 at 07:46 -0400, J. Brian Hall wrote:
> How can I configure CombinedRealm in order to: (1) use JDBCRealm for my
> webapp with form-based authentication while (2) also using the default
> UserDatabaseRealm for the Tomcat Web Application Manager?  I can get one or
> the other to work, but not both.  Here are the details of my setup:

you don't need CombinedRealm to setup two different Realms for two
different contexts (webapps). In fact, it is not what you want. Just put
the realm definitions into the contexts for the webapps.

So the context for your webapp - I will name it appA - would probably be
something like this (file:
$CATALINA_BASE/conf/Catalina/localhost/appA.xml or
$CATALINA_BASE/webapps/appA/META-INF/context.xml)

<Context>
  <Realm className="org.apache.catalina.realm.DataSourceRealm"
     dataSourceName="jdbc/authority"... />
  ...
</Context>

While the context definition for the manager application would take the
realm definition for the UserDatabaseRealm (file:
$CATALINA_BASE/conf/Catalina/localhost/manager.xml or
$CATALINA_BASE/webapps/manager/META-INF/context.xml)

<Context antiResourceLocking="false" privileged="true" >
 <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="UserDatabase"/>
 ...
</Context>

You can wrap those realms with the LockOutRealm as done in your
examples, of course.

Note, that I replaced JDBCRealm with DataSourceRealm, since it is better
suited for production.

Look at
http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html#DataSourceRealm
for more details to configure it.

Regards
 Felix
> 
>  
> 
> -OS: Windows 7
> 
> -Server: Tomcat 7.0.42
> 
> -Database: MySQL 5.6
> 
>  
> 
> Articles I have used up to this point:
> 
> 1.       Form-based authentication with Tomcat 7 and MySQL:
> http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and
> -tomcat-7-with-form-based-authentication/
> 
> 2.       Configuring CombinedRealm:
> http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm 
> 
> 3.       Lastly, note that my database, tables, and Connector/J are setup
> per instructions above and I am able to login to my webapp with form-based
> authentication when only using JDBCRealm, but I then can't login to the
> Tomcat Web Application Manager.
> 
>  
> 
> I configured the file CATALINA_HOME/config/server.xml in two ways:
> 
>  
> 
> 1.       I've identified the following global resources:
> 
>  
> 
> <!--Resource for Tomcat Web App Manager-->
> 
> <Resource name="UserDatabase"
> 
> auth="Container"
> 
> type="org.apache.catalina.UserDatabase"
> 
> description="User database that can be updated and saved"
> 
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> 
> pathname="conf/tomcat-users.xml" />
> 
>  
> 
> <!--Resource for my webapp-->
> 
> <Resource name="jdbc/authority"
> 
> auth="Container"
> 
> type="javax.sql.DataSource"
> 
> driverClassName="com.mysql.jdbc.Driver"
> 
> description="mySQL Database"
> 
> url="jdbc:mysql://localhost:3306/authority"
> 
> maxActive="15"
> 
> maxidle="3"/>  
> 
>  
> 
> 2.       I've nested Realms within CombinedRealm as follows:
> 
>  
> 
> <Realm className="org.apache.catalina.realm.CombinedRealm" >
> 
>  
> 
> <!-- LockOutRealm to prevent brute-force attack. -->
> 
>                 <Realm className="org.apache.catalina.realm.LockOutRealm"
> failureCount="3" lockoutTime="3600"/>
> 
>                 <!-- Default Realm for Tomcat Application Manager -->
> 
>                 <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> 
>  
> 
>                 <!-- JDBC Realm for my webapp. -->
> 
>                 <Realm className="org.apache.catalina.realm.JDBCRealm"
> 
>                                 driverName="com.mysql.jdbc.Driver"
> 
>  
> connectionURL="jdbc:mysql://localhost:3306/authority"
> 
>                                 connectionName="root"
> 
>                                 connectionPassword="root"
> 
>                                 userTable="users"
> 
>                                 userNameCol="user_name"
> 
>                                 userCredCol="user_pass"
> 
>                                 userRoleTable="user_roles"
> 
>                                 roleNameCol="role_name"/>
> 
> </Realm>
> 
>  
> 
> Lastly, I configured my CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml
> file as follows:
> 
>  
> 
> <?xml version="1.0" encoding="ISO-8859-1"?>
> 
> <web-app 
> 
>                 version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" 
> 
>                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> 
>                 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
> 
>  
> 
> <display-name>webapp</display-name>
> 
> <description>Form-Based Authentication with mySQL</description>
> 
>  
> 
> <resource-ref>
> 
>                 <description>mySQL Database</description>
> 
>                 <res-ref-name>jdbc/authority</res-ref-name>
> 
>                 <res-type>javax.sql.DataSource</res-type>
> 
>                 <res-auth>Container</res-auth>
> 
> </resource-ref>
> 
>  
> 
> <security-constraint>
> 
>                 <web-resource-collection>
> 
>                 <web-resource-name>Protected</web-resource-name>
> 
>                                 <url-pattern>/*</url-pattern>
> 
>                                 <http-method>PUT</http-method>
> 
>                                 <http-method>GET</http-method>
> 
>                                 <http-method>POST</http-method>
> 
>                 </web-resource-collection>
> 
>     <auth-constraint>
> 
>                 <role-name>webappuser</role-name>
> 
>                 </auth-constraint>
> 
>                 <user-data-constraint>
> 
>  
> <transport-guarantee>NONE</transport-guarantee>
> 
>                 </user-data-constraint>
> 
> </security-constraint>
> 
>  
> 
> <login-config>
> 
>                 <auth-method>FORM</auth-method>
> 
>                 <form-login-config>
> 
>                 <form-login-page>/login.jsp</form-login-page>
> 
>                 <form-error-page>/error.jsp</form-error-page>
> 
>         </form-login-config>
> 
> </login-config>
> 
>                                 
> 
> </web-app>
> 
>  
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message