Return-Path: 
 <users-return-244281-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3FAD9102B4
	for <apmail-tomcat-users-archive@www.apache.org>;
 Mon, 28 Oct 2013 12:39:31 +0000 (UTC)
Received: (qmail 18737 invoked by uid 500); 28 Oct 2013 12:39:26 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 18647 invoked by uid 500); 28 Oct 2013 12:39:25 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 18638 invoked by uid 99); 28 Oct 2013 12:39:25 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Oct 2013 12:39:25 +0000
X-ASF-Spam-Status: No, hits=-0.1 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jbrianhallphd@me.com designates
 17.172.220.240 as permitted sender)
Received: from [17.172.220.240] (HELO st11p02mm-asmtp005.mac.com)
 (17.172.220.240)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Oct 2013 12:39:17 +0000
Received: from jbrianhallPC
 (pool-108-28-176-253.washdc.fios.verizon.net [108.28.176.253])
 by st11p02mm-asmtp005.mac.com
 (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built
 Aug
 22 2013)) with ESMTPSA id <0MVD00H3TPSN3P50@st11p02mm-asmtp005.mac.com> for
 users@tomcat.apache.org; Mon, 28 Oct 2013 12:38:48 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure
 engine=2.50.10432:5.10.8794,1.0.431,0.0.0000
 definitions=2013-10-28_01:2013-10-28,2013-10-27,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0
 reason=mlx scancount=1 engine=7.0.1-1308280000 definitions=main-1310280070
From: "J. Brian Hall" <jbrianhallphd@me.com>
To: users@tomcat.apache.org
References: 
In-reply-to: 
Subject: RE: Configuring Combined Realm
Date: Mon, 28 Oct 2013 08:38:55 -0400
Message-id: <009d01ced3da$ab07cef0$01176cd0$@me.com>
MIME-version: 1.0
Content-type: multipart/alternative;
 boundary="----=_NextPart_000_009E_01CED3B9.23F9B160"
X-Mailer: Microsoft Outlook 14.0
Thread-index: AQLyT6xEuZqauneNs+yYoyffZfagpZfDFMdQ
Content-language: en-us
X-Virus-Checked: Checked by ClamAV on apache.org

------=_NextPart_000_009E_01CED3B9.23F9B160
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Folks, please ignore my question.  I found the problem.  Basically, I had
the same username / password combination in both databases used under
CombinedRealm, (which would be fine) but the associated "role_name" was
different and that's what caused the problem.  In any event, all is working.
Sorry for the fuss.

 

From: J. Brian Hall [mailto:jbrianhallphd@me.com] 
Sent: Monday, October 28, 2013 7:46 AM
To: 'users@tomcat.apache.org'
Subject: Configuring Combined Realm

 

How can I configure CombinedRealm in order to: (1) use JDBCRealm for my
webapp with form-based authentication while (2) also using the default
UserDatabaseRealm for the Tomcat Web Application Manager?  I can get one or
the other to work, but not both.  Here are the details of my setup:

 

-OS: Windows 7

-Server: Tomcat 7.0.42

-Database: MySQL 5.6

 

Articles I have used up to this point:

1.       Form-based authentication with Tomcat 7 and MySQL:
http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and
-tomcat-7-with-form-based-authentication/

2.       Configuring CombinedRealm:
http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm 

3.       Lastly, note that my database, tables, and Connector/J are setup
per instructions above and I am able to login to my webapp with form-based
authentication when only using JDBCRealm, but I then can't login to the
Tomcat Web Application Manager.

 

I configured the file CATALINA_HOME/config/server.xml in two ways:

 

1.       I've identified the following global resources:

 

<!--Resource for Tomcat Web App Manager-->

<Resource name="UserDatabase"

auth="Container"

type="org.apache.catalina.UserDatabase"

description="User database that can be updated and saved"

factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

pathname="conf/tomcat-users.xml" />

 

<!--Resource for my webapp-->

<Resource name="jdbc/authority"

auth="Container"

type="javax.sql.DataSource"

driverClassName="com.mysql.jdbc.Driver"

description="mySQL Database"

url="jdbc:mysql://localhost:3306/authority"

maxActive="15"

maxidle="3"/>  

 

2.       I've nested Realms within CombinedRealm as follows:

 

<Realm className="org.apache.catalina.realm.CombinedRealm" >

 

<!-- LockOutRealm to prevent brute-force attack. -->

                <Realm className="org.apache.catalina.realm.LockOutRealm"
failureCount="3" lockoutTime="3600"/>

 

                <!-- Default Realm for Tomcat Application Manager -->

                <Realm
className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>

 

                <!-- JDBC Realm for my webapp. -->

                <Realm className="org.apache.catalina.realm.JDBCRealm"

                                driverName="com.mysql.jdbc.Driver"

 
connectionURL="jdbc:mysql://localhost:3306/authority"

                                connectionName="root"

                                connectionPassword="root"

                                userTable="users"

                                userNameCol="user_name"

                                userCredCol="user_pass"

                                userRoleTable="user_roles"

                                roleNameCol="role_name"/>

</Realm>

 

Lastly, I configured my CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml
file as follows:

 

<?xml version="1.0" encoding="ISO-8859-1"?>

<web-app 

                version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" 

                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
<http://java.sun.com/xml/ns/j2ee%20http:/java.sun.com/xml/ns/j2ee/web-app_2_
4.xsd> ">

 

<display-name>webapp</display-name>

<description>Form-Based Authentication with mySQL</description>

 

<resource-ref>

                <description>mySQL Database</description>

                <res-ref-name>jdbc/authority</res-ref-name>

                <res-type>javax.sql.DataSource</res-type>

                <res-auth>Container</res-auth>

</resource-ref>

 

<security-constraint>

                <web-resource-collection>

                <web-resource-name>Protected</web-resource-name>

                                <url-pattern>/*</url-pattern>

                                <http-method>PUT</http-method>

                                <http-method>GET</http-method>

                                <http-method>POST</http-method>

                </web-resource-collection>

    <auth-constraint>

                <role-name>webappuser</role-name>

                </auth-constraint>

                <user-data-constraint>

 
<transport-guarantee>NONE</transport-guarantee>

                </user-data-constraint>

</security-constraint>

 

<login-config>

                <auth-method>FORM</auth-method>

                <form-login-config>

                <form-login-page>/login.jsp</form-login-page>

                <form-error-page>/error.jsp</form-error-page>

        </form-login-config>

</login-config>

                                

</web-app>

 


------=_NextPart_000_009E_01CED3B9.23F9B160--