Hi all
I am trying to set up a security realm on Tomcat using JDBCRealm and MD5
encryption. It works perfectly when using plain text, but it fails the
moment I switch to a MD5 digest. I have been through the documentation,
forums and FAQ's but I am afraid I can not resolve this on my own, so help
would be appreciated.
When attempting to login, the logfile simply states:
JDBCRealm[/asdf]: Username username1 NOT successfully authenticated
I checked and when generating the MD5 with the command line it seems the
same. I have tried to play with the database character encoding, without
success. If this is the incorrect, please point it out.
The relevant section of the context file is:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
digest="MD5"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/mydb?user=myusername&password
=mypassword"
userTable="authuser" userNameCol="uname" userCredCol="passwd"
userRoleTable="user_roles" roleNameCol="role_name"/>
In the web.xml, the relevant section is:
<security-constraint>
<display-name> Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>*.htm</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>operations</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>My Authentication Area</realm-name>
<form-login-config>
<form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
<form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>operations</role-name>
</security-role>
The relevant part of the database schema is as follows:
CREATE TABLE authuser (
id int(4) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
uname varchar(25) NOT NULL UNIQUE default ''
COMMENT 'Username',
passwd varchar(32) NOT NULL default ''
COMMENT 'Encrypted password',
INDEX FKIndexUserId (id)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='Users table';
CREATE TABLE user_roles (
id int(4) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT COMMENT 'Id',
uname varchar(15) not null
COMMENT 'name, same as in Authuser table',
role_name varchar(15) not null
COMMENT 'Role this user is allowed',
CONSTRAINT CSconstraint FOREIGN KEY (uname) REFERENCES authuser(uname)
);
ALTER TABLE user_roles ADD UNIQUE(uname, role_name);
Finally, at the risk of making the mail too long, here is the relevant parts
login.jsp:
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<table cellspacing="0" cellpadding="0" align="center" width="700">
<tr>
<td valign="top" class="main_table" colspan="2"><br>
<b class="blue"> Log into system </b>
<hr align="left">
<br>
<table cellspacing="0" cellpadding="0">
<tr>
<td>
<img src="Images/lock1.jpg" alt="">
</td>
<td>
<table>
<tr>
<td
align="right" class="input_table_td">Username:</td>
<td
class="input_table_td"><input type="text" name="j_username"></td>
</tr>
<tr>
<td
align="right" class="input_table_td2">Password:</td>
<td
class="input_table_td2"><input type="password" name="j_password"></td>
</tr>
<tr>
<td
align="right"><input type="submit" value="Log In"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
I am using:
Tomcat 5.0
MySql 4.1.7nt
JDK 1.4
Thank you in advance
Rian
