Folks, please ignore my question. I found the problem. Basically, I had the same username / password combination in both databases used under CombinedRealm, (which would be fine) but the associated "role_name" was different and that's what caused the problem. In any event, all is working. Sorry for the fuss.
From: J. Brian Hall [mailto:jbrianhall...@me.com] Sent: Monday, October 28, 2013 7:46 AM To: 'users@tomcat.apache.org' Subject: Configuring Combined Realm How can I configure CombinedRealm in order to: (1) use JDBCRealm for my webapp with form-based authentication while (2) also using the default UserDatabaseRealm for the Tomcat Web Application Manager? I can get one or the other to work, but not both. Here are the details of my setup: -OS: Windows 7 -Server: Tomcat 7.0.42 -Database: MySQL 5.6 Articles I have used up to this point: 1. Form-based authentication with Tomcat 7 and MySQL: http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and -tomcat-7-with-form-based-authentication/ 2. Configuring CombinedRealm: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm 3. Lastly, note that my database, tables, and Connector/J are setup per instructions above and I am able to login to my webapp with form-based authentication when only using JDBCRealm, but I then can't login to the Tomcat Web Application Manager. I configured the file CATALINA_HOME/config/server.xml in two ways: 1. I've identified the following global resources: <!--Resource for Tomcat Web App Manager--> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> <!--Resource for my webapp--> <Resource name="jdbc/authority" auth="Container" type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver" description="mySQL Database" url="jdbc:mysql://localhost:3306/authority" maxActive="15" maxidle="3"/> 2. I've nested Realms within CombinedRealm as follows: <Realm className="org.apache.catalina.realm.CombinedRealm" > <!-- LockOutRealm to prevent brute-force attack. --> <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockoutTime="3600"/> <!-- Default Realm for Tomcat Application Manager --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <!-- JDBC Realm for my webapp. --> <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="com.mysql.jdbc.Driver" connectionURL="jdbc:mysql://localhost:3306/authority" connectionName="root" connectionPassword="root" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name"/> </Realm> Lastly, I configured my CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml file as follows: <?xml version="1.0" encoding="ISO-8859-1"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd <http://java.sun.com/xml/ns/j2ee%20http:/java.sun.com/xml/ns/j2ee/web-app_2_ 4.xsd> "> <display-name>webapp</display-name> <description>Form-Based Authentication with mySQL</description> <resource-ref> <description>mySQL Database</description> <res-ref-name>jdbc/authority</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref> <security-constraint> <web-resource-collection> <web-resource-name>Protected</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>webappuser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> </web-app>
