Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 55B5811F63 for ; Fri, 5 Sep 2014 13:17:41 +0000 (UTC) Received: (qmail 22128 invoked by uid 500); 5 Sep 2014 13:17:31 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 22052 invoked by uid 500); 5 Sep 2014 13:17:30 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 22041 invoked by uid 99); 5 Sep 2014 13:17:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Sep 2014 13:17:30 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dmikusa@pivotal.io designates 74.125.82.180 as permitted sender) Received: from [74.125.82.180] (HELO mail-we0-f180.google.com) (74.125.82.180) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Sep 2014 13:17:26 +0000 Received: by mail-we0-f180.google.com with SMTP id w61so11824872wes.11 for ; Fri, 05 Sep 2014 06:17:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=EKjvehPRq6iK6YvUzRMtjscZFY+vTGK6Y5f/fEpKW00=; b=PjdTLCDwfcjf+hZ1oYibVv/lWf847yW2kIkle8/tWFSLEJ1cFhQeHWxwl5gmiuKWsI FfEp2pzZ1pLQznA2lNQy71Rhi3GkqDFZKBgaHJFYjRKNFzTHmpJ4zsYeNVdQjgGvLMad LxV4dsE7hFQdQSkH3/4XebFHz98gpIaE1WKBU0TFlagn3ZUCG5ALhU/2KTQ2beCvO/Xj oulA5FLlj4pUcPmf2glkCRXMR+1T3uZXjvgJCc0/keai9Jub3ieJzkka2v4kfZnGKASe wk/xBNGFRRt/f42fhZnuLOVaxzsKWs8ReI3F6AKFh7Ovq3Yi+br/wTrDvuh9Q1I1zgcr 3DBg== X-Gm-Message-State: ALoCoQloRUJ8XUrv+G9PFxJsIPbTrX5dVzY2xQqdYttAhZ7y21ao6eD8uRGJ/0cnGuF0WjTIVmi1 MIME-Version: 1.0 X-Received: by 10.180.20.40 with SMTP id k8mr3809380wie.38.1409923024412; Fri, 05 Sep 2014 06:17:04 -0700 (PDT) Received: by 10.217.12.205 with HTTP; Fri, 5 Sep 2014 06:17:04 -0700 (PDT) In-Reply-To: <9C513C0238C1B14F80890E902BA352374BBBB1@003FCH1MPN2-051.003f.mgd2.msft.net> References: <9C513C0238C1B14F80890E902BA352374BA8AE@003FCH1MPN2-051.003f.mgd2.msft.net> <5de18e98-65b7-49f0-9c08-92d1a958704c@email.android.com> <9C513C0238C1B14F80890E902BA352374BB931@003FCH1MPN2-051.003f.mgd2.msft.net> <5408711C.2060205@christopherschultz.net> <9C513C0238C1B14F80890E902BA352374BBBB1@003FCH1MPN2-051.003f.mgd2.msft.net> Date: Fri, 5 Sep 2014 09:17:04 -0400 Message-ID: Subject: Re: web.xml authentication and Tomcat Realm From: Daniel Mikusa To: Tomcat Users List Content-Type: multipart/alternative; boundary=bcaec53d57af07ff7a050251495d X-Virus-Checked: Checked by ClamAV on apache.org --bcaec53d57af07ff7a050251495d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Sep 4, 2014 at 8:02 PM, Dalecki, Janusz wrote: > > > -----Original Message----- > From: Christopher Schultz [mailto:chris@christopherschultz.net] > Sent: Friday, 5 September 2014 12:03 AM > To: Tomcat Users List > Subject: Re: web.xml authentication and Tomcat Realm > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Janusz, > > On 9/4/14 2:30 AM, Dalecki, Janusz wrote: > > -----Original Message----- From: Felix Schumacher > > [mailto:felix.schumacher@internetallee.de] Sent: Thursday, 4 September > > 2014 3:29 PM To: Tomcat Users List Subject: Re: web.xml authentication > > and Tomcat Realm > > > > > > > >> On 4. September 2014 05:35:42 MESZ, "Dalecki, Janusz" > >> wrote: > >>> Hi, I am just wondering whether somehow I can use web.xml > >>> to point to the Tomcat JDBC Realm that I am using. > >>> Are those two completely disjoint or I can link them together. > >> They are disjoint. > >> > >> web.xml is for the developer who has (almost) no knowledge of the > >> context (environment) in which his application will run. > >> > >> context.xml (or equivalents) is the tool for the administrator to > >> provide that knowledge to the application. > >> > > > It might be silly question, but if I use web.xml login-config element > > =E2=80=93 where do I specify password? I am probably missing something. > > The Realm takes care of the credentials. For a DataSourceRealm of > JDBCRealm, the usernames and passwords are stored in a relational databas= e. > For other Realms, the credentials are stored in other places. > > For instance, if you use a MemoryRealm, the passwords are typically store= d > in an XML file in CATALINA_BASE/conf/tomcat-users.xml. Using a MemoryReal= m > isn't really a good idea for a production system for a number of reasons. > > (Note that using JDBCRealm will give you terrible performance: use a > DataSourceRealm instead with a JNDI DataSource.) > > You really need to read this: > http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJUCHEbAAoJEBzwKT+lPKRYlbsP/jPqVIkl3MhZJdmswWD5AL5y > proOErqB/ytVoT2TvvwSb4oXUe0NI/BqmbCCXW7oaExljcw7Dqvtbt+PH0oW5uAu > G8BXAq2IhJrfrufz1pDZzxx/zWqlQZ1xTVwlKkdYHknx/0jv4IfwUsMZNwz9OeOa > uAJAckflhSPY/qI3/pD9HNoFpZoUS/UEpbmxIeSrjf7jsTJdWI+64xuFXsv6d/1D > /NbYpaf+AznqpSuKogjNy/HTb6B1cl8NESJyB+umwxSn7H0bO07GX+CRAzpFpQxt > Li48qkFrMMZBvTGtQEZmMw+wyOQ28gQ9lLQFs1h2QAuFCGouoW59jY96NJzSuuu1 > cSFGlUNcG4m9oW0zCNlpB0/YD0IODY13QVPPSqVFJhApg6m9uG4os/jb/aMNQ8xo > 6Hv6ri2xYGOCC6f/lhaOR7nSdeFEUSin+XHkF1y6xCBNmBSaZMjDbTt2xga134Fl > dis1i3zEd7W+EZjiY/jerpRWMGuE9oR1g+PbYbVSnU/Ts+sjqvZflJmtgE+MdJ8a > AHPcX0x+8PfPlYBs6yzm0nAHxxqiQdijzzBCwi8KZr7UQPWCtUaHIjmaljUJ+eST > 9U3Ue/ePrdyiJm18p7TmfeKI+aDR8g09oadbb9fOKCUz3DyLRH7Qo9uLmBCzZOIt > 3LJeFneb/hJ25+opQa7X > =3DfCiU > -----END PGP SIGNATURE----- > Hi, > Sorry I need to explain my problem more clearly. > I have put JDBCRealm configuration with all details in the META-INF folde= r: > driverName=3D"org.postgresql.Driver" > connectionURL=3D"jdbc:postgresql://localhost:5432/df_Scheduler?user=3Dpos= tgres&password=3Dadmin" > userTable=3D"users" userNameCol=3D"userName" userCredCol=3D"password" > userRoleTable=3D"user_roles" roleNameCol=3D"roleName"/> > > In my web.xml I have login-config element and security constraint as > follows: > > > Admin > /auth/* > > > SYSADMIN > > > > > SYSADMIN > > > BASIC > > > I have defined users and passwords as explained in the TOMCAT Realm > Configuration =E2=80=93 HOW TO. > When I ask for a page */auth/* the user/password dialog box pops up and n= o > matter what I type in in user name field and password field and pops up > again for ever. > What am I doing wrong? > 1.) Do you have users defined in the database? Do you have the proper roles assigned to those users? 2.) Do you see any errors listed in the log? Either at startup or when you attempt to login? 3.) For more info, you could try increasing the log level for the "org. apache.catalina.realm" package. Dan --bcaec53d57af07ff7a050251495d--