Comments inline.
On 10/7/2012 3:31 PM, Aladin Dajani wrote:
Hello Pid,
I cannot dismiss that there may be inaccuracies as you mentioned in your
response, perhaps you could help me figure them out.
Here are the cases I tried (the first three were outlined in the wiki
http://wiki.apache.org/tomcat/TomcatDataSourceRealms)
MY REALM ELEMENT:
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/MyAppDB"
userTable="users"
userNameCol="username"
userCredCol="password"
userRoleTable="roles"
roleNameCol="rolename"
digest="digestname"
/>
MY RESOURCE ELEMENT:
<Resource
name="jdbc/MyAppDB"
type="javax.sql.DataSource"
auth="Container"
driverClassName="com.mysql.jdbc.Driver"
maxActive="100"
maxWait="10000"
maxIdle="30"
password="password"
logAbandoned="true"
username="username"
removeAbandoned="true"
removeAbandonedTimeout="60"
url="jdbc:mysql://localhost:3306/databasename"
/>
It might be nice to have a validation query here, so you know you're
getting a connection to the database.
Case 1:
Everything in META-INF/context.xml
META-INF/context.xml contains:
<Context>
<MY RESOURCE ELEMENT GOES HERE>
<MY REALM ELEMENT GOES HERE>
</Context>
Please note that you are missing a localDataSource="true" in your Realm
element of context.xml. This is required when both the Realm and the
Resource are defined in context.xml. The Wiki mentions this, but maybe
it's not prominent enough.
$CATALINA_HOME/conf/server.xml contains:
<GlobalNamingResources>
<Resource
auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase"
pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
and
<Engine>
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host>..</Host>
</Engine>
$CATALINA_HOME/conf.context.xml conatins
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
Result: Login form is presented but login fails when valid credentials are
used
$CATALINA_HOME/logs/localhos.data.log contains:
Oct 7, 2012 5:05:55 PM org.apache.catalina.realm.DataSourceRealm open
SEVERE: Exception performing authentication
javax.naming.NameNotFoundException: Name jdbc is not bound in this Context
<Note> I suspect some issue with context.xml since tomcat did not copy it
to $CATALINA_HOME/conf/localhost
=================================
Case 2:
Using GlobalNamingResources and META-INF/context.xml
META-INF/context.xml contains:
<Context>
<MY REALM ELEMENT GOES HERE>
</Context>
$CATALINA_HOME/conf/server.xml contains:
<GlobalNamingResources>
<Resource
auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase"
pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
<MY RESOURCE ELEMENT GOES HERE>
</GlobalNamingResources>
No changes to <Engine> or <Host> elements
No change to $CATALINA_HOME/conf.context.xml conatins
Result:
Fails. Application's login form fails to display.
tomcat7-stdout.date.log contains:
Cannot get connection: javax.naming.NameNotFoundException: Name jdbc is
not bound in this Context
<Note> I suspect some issue with context.xml since tomcat did not copy it
to $CATALINA_HOME/conf/localhost
================================
case 3:
Using $CATALINA_HOME/conf/server.xml only:
META-INF/context.xml : Does not exist.
$CATALINA_HOME/conf/server.xml contains:
<GlobalNamingResources>
<Resource
auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase"
pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
<MY RESOURCE ELEMENT GOES HERE>
</GlobalNamingResources>
and
<Engine>
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<MY REALM ELEMENT GOES HERE>
</Realm>
<Host>..</Host>
</Engine>
No change to $CATALINA_HOME/conf.context.xml conatins
Result:
Same as result in case #2
==================================
Case 4:
Using $CATALINA_HOME/conf/server.xml only part II:
Same as in case 3 above except that the REALM element goes inside the
<Host> element:
<Engine>
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host>
<MY REALM ELEMENT GOES HERE>
</Host>
</Engine>
No change to $CATALINA_HOME/conf.context.xml conatins
META-INF/context.xml : Not used (does not exist)
Result:
Same as cases #2 and 3 above
======================================
Case 5:
Using $CATALINA_HOME/conf/server.xml and $CATALINA_HOME/conf/context.xml
Same as in case 3 above with another copy of resource element added to
$CATALINA_HOME/conf/context.xml (in addition to the one in server.xml)
$CATALINA_HOME/conf.context.xml conatins
<Context>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<MY RESOURCE ELEMENT GOES HERE>
</Context>
Result:
SUCCESS. Login form is presented and login succeeds when valid credentials
are used.
Thanks
Aladin
I'm assuming that this is really $CATALINA_HOME/conf/context.xml.
This is the global context.xml for all applications (Engines, Hosts) in
the JVM. It's interesting that this works, but the others do not.
It sounds like you're missing a resource-ref element in web.xml. I don't
know if it's necessary in the servlet 3.0 spec (I should really read
it), but something like this may be required.
<resource-ref>
<description>Your database</description>
<res-ref-name>jdbc/MyAppDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
Missing that usually gives the type of non-bound error messages you're
seeing in the log files.
Also, I'm wondering why your context.xml file is not being copied over
to $CATALINA_BASE/conf/Catalina/localhost/app-name.xml (assuming
localhost and the default Engine name).
Post your complete web.xml and context.xml with any sensitive
information obfuscated.
. . . . just my two cents.
/mde/
On Sun, Oct 7, 2012 at 4:35 PM, Pid <p...@pidster.com> wrote:
On 07/10/2012 19:40, Aladin Dajani wrote:
Thank you all for your help. I now have DataSourceRealm based
authentication up and running with my connection pool.
One thing I want to mention is that I was unable to make teh scenarios
described in the wiki work until I duplicated the Resource definition in
both server.xml and in context.xml.
That is unlikely to be accurate unless you are using the datasource for
something else. The GlobalResources definition will be the one working.
The tomcat/conf/context.xml definition will only be valid for Realms
created inside the Context; and will create a separate pool for each
application deployed.
p
I tried several combinations as
described in the wiki and outside and this is the one that worked, for
now
this is what matters to me.
Thanks....
On Sun, Oct 7, 2012 at 11:33 AM, Mark Eggers <its_toas...@yahoo.com>
wrote:
On 10/7/2012 8:22 AM, Pid * wrote:
On 7 Oct 2012, at 15:26, Aladin Dajani <aladin.daj...@gmail.com>
wrote:
OK So I tried to use DataSourceRealm. Seems simple enough. but I get
the
following exception:
Oct 7, 2012 9:54:51 AM org.apache.catalina.realm.**DataSourceRealm
open
SEVERE: Exception performing authentication
javax.naming.**NameNotFoundException: Name jdbc is not bound in this
Context
Here is my configuration. context.xml is unchanged from previous
setup
(works well for pooled database access within the app)
{catalina-base}\conf\context.**xml:
<Resource
name="jdbc/MyAppDB"
auth="Container"
driverClassName="com.mysql.**jdbc.Driver"
logAbandoned="true"
maxActive="100"
maxIdle="30"
maxWait="10000"
password="password"
username="user"
removeAbandoned="true"
removeAbandonedTimeout="60"
type="javax.sql.DataSource"
url="jdbc:mysql://localhost:**3306/databasename"
/>
Server.xml replaces the JDBCRealm with the DataSourceRealm as below
{catalina-base}\conf\server.**xml:
<Realm className="org.apache.**catalina.realm.LockOutRealm">
<Realm className="org.apache.**catalina.realm.**DataSourceRealm"
dataSourceName="jdbc/MyAppDB"
userTable="users"
userNameCol="username"
userCredCol="password"
userRoleTable="roles"
roleNameCol="rolename"
digest="MD5"
/>
</Realm>
Have I missed a configuration somewhere ?
Yes, define the Resource in GlobalResources in server.xml.
p
Here's the Wiki document on the various combinations:
http://wiki.apache.org/tomcat/**TomcatDataSourceRealms<
http://wiki.apache.org/tomcat/TomcatDataSourceRealms>
/mde/
Thanks.
On Sun, Oct 7, 2012 at 9:36 AM, Felix Schumacher <
felix.schumacher@**internetallee.de <
felix.schumac...@internetallee.de>>
wrote:
Aladin Dajani <aladin.daj...@gmail.com> schrieb:
Hello List,
My application is configured for JDBCRealm authentication uses a
MySQL
database.
For my own use inside the application, I have setup a connection
pool
to
access the database, However, the configuration of JDBCRealm in
server.xml
uses astand-alone connection. Since MySQL times-out connections
after
8
hours, I get the following error in tomcat logs as I try to log-in
after
the connection times out:
Oct 7, 2012 8:36:51 AM org.apache.catalina.realm.**JDBCRealm
getPassword
SEVERE: Exception performing authentication
com.mysql.jdbc.exceptions.**jdbc4.**MySQLNonTransientConnectionExc**
eption:
No
operations allowed after connection closed.Connection was implicitly
closed
by the driver.
Users do not notice this error (I presume tomcat's JDBCRealm will
create a
new connection), but it US disconcerting to have all these
exceptions
in
tomcat logs, especially that when the server goes into production
mode,
I
fear this will have adverse effects.
Is it possible to have JDBDRealm use the same connection pool which
my
application uses (which is setup in tomcat's context.xml so it
should
be accessible to all applications in tomcat).
Have a look at DatasourceRealm.
Regards
Felix
Thanks.
------------------------------**------------------------------**---------
To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<
users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail: users-h...@tomcat.apache.org
--
[key:62590808]
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
