tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <dmik...@pivotal.io>
Subject Re: web.xml authentication and Tomcat Realm
Date Fri, 05 Sep 2014 13:17:04 GMT
On Thu, Sep 4, 2014 at 8:02 PM, Dalecki, Janusz <jdalecki@tycoint.com>
wrote:

>
>
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Friday, 5 September 2014 12:03 AM
> To: Tomcat Users List
> Subject: Re: web.xml authentication and Tomcat Realm
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Janusz,
>
> On 9/4/14 2:30 AM, Dalecki, Janusz wrote:
> > -----Original Message----- From: Felix Schumacher
> > [mailto:felix.schumacher@internetallee.de] Sent: Thursday, 4 September
> > 2014 3:29 PM To: Tomcat Users List Subject: Re: web.xml authentication
> > and Tomcat Realm
> >
> >
> >
> >> On 4. September 2014 05:35:42 MESZ, "Dalecki, Janusz"
> >> <jdalecki@tycoint.com> wrote:
> >>> Hi, I am just wondering whether somehow I can use web.xml
> >>> <login-config/> to point to the Tomcat JDBC Realm that I am using.
> >>> Are those two completely disjoint or I can link them together.
> >> They are disjoint.
> >>
> >> web.xml is for the developer who has (almost) no knowledge of the
> >> context (environment) in which his application will run.
> >>
> >> context.xml (or equivalents) is the tool for the administrator to
> >> provide that knowledge to the application.
> >>
>
> > It might be silly question, but if I use web.xml login-config element
> > – where do I specify password? I am probably missing something.
>
> The Realm takes care of the credentials. For a DataSourceRealm of
> JDBCRealm, the usernames and passwords are stored in a relational database.
> For other Realms, the credentials are stored in other places.
>
> For instance, if you use a MemoryRealm, the passwords are typically stored
> in an XML file in CATALINA_BASE/conf/tomcat-users.xml. Using a MemoryRealm
> isn't really a good idea for a production system for a number of reasons.
>
> (Note that using JDBCRealm will give you terrible performance: use a
> DataSourceRealm instead with a JNDI DataSource.)
>
> You really need to read this:
> http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJUCHEbAAoJEBzwKT+lPKRYlbsP/jPqVIkl3MhZJdmswWD5AL5y
> proOErqB/ytVoT2TvvwSb4oXUe0NI/BqmbCCXW7oaExljcw7Dqvtbt+PH0oW5uAu
> G8BXAq2IhJrfrufz1pDZzxx/zWqlQZ1xTVwlKkdYHknx/0jv4IfwUsMZNwz9OeOa
> uAJAckflhSPY/qI3/pD9HNoFpZoUS/UEpbmxIeSrjf7jsTJdWI+64xuFXsv6d/1D
> /NbYpaf+AznqpSuKogjNy/HTb6B1cl8NESJyB+umwxSn7H0bO07GX+CRAzpFpQxt
> Li48qkFrMMZBvTGtQEZmMw+wyOQ28gQ9lLQFs1h2QAuFCGouoW59jY96NJzSuuu1
> cSFGlUNcG4m9oW0zCNlpB0/YD0IODY13QVPPSqVFJhApg6m9uG4os/jb/aMNQ8xo
> 6Hv6ri2xYGOCC6f/lhaOR7nSdeFEUSin+XHkF1y6xCBNmBSaZMjDbTt2xga134Fl
> dis1i3zEd7W+EZjiY/jerpRWMGuE9oR1g+PbYbVSnU/Ts+sjqvZflJmtgE+MdJ8a
> AHPcX0x+8PfPlYBs6yzm0nAHxxqiQdijzzBCwi8KZr7UQPWCtUaHIjmaljUJ+eST
> 9U3Ue/ePrdyiJm18p7TmfeKI+aDR8g09oadbb9fOKCUz3DyLRH7Qo9uLmBCzZOIt
> 3LJeFneb/hJ25+opQa7X
> =fCiU
> -----END PGP SIGNATURE-----
> Hi,
> Sorry I need to explain my problem more clearly.
> I have put JDBCRealm configuration with all details in the META-INF folder:
> <Realm className="org.apache.catalina.realm.JDBCRealm"
> driverName="org.postgresql.Driver"
> connectionURL="jdbc:postgresql://localhost:5432/df_Scheduler?user=postgres&amp;password=admin"
> userTable="users" userNameCol="userName" userCredCol="password"
> userRoleTable="user_roles" roleNameCol="roleName"/>
>
> In my web.xml I have login-config element and security constraint as
> follows:
> <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>Admin</web-resource-name>
>                         <url-pattern>/auth/*</url-pattern>
>                 </web-resource-collection>
>                 <auth-constraint>
>                         <role-name>SYSADMIN</role-name>
>                 </auth-constraint>
>         </security-constraint>
>
>         <security-role>
>                 <role-name>SYSADMIN</role-name>
>         </security-role>
> <login-config>
>                 <auth-method>BASIC</auth-method>
>                 <!--realm-name>Admin</realm-name-->
>         </login-config>
> I have defined users and passwords as explained in the TOMCAT Realm
> Configuration – HOW TO.
> When I ask for a page */auth/* the user/password dialog box pops up and no
> matter what I type in in user name field and password field and pops up
> again for ever.
> What am I doing wrong?
>

1.) Do you have users defined in the database?  Do you have the proper
roles assigned to those users?

2.) Do you see any errors listed in the log?  Either at startup or when you
attempt to login?

3.) For more info, you could try increasing the log level for the "org.
apache.catalina.realm" package.

Dan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message