Am 17. Juli 2015 19:03:58 MESZ, schrieb "Arno Schäfer" <arno.schae...@sqs.com>: >Hi all, > >I am using Tomcat 7.0.54 with java 1.7 and 1.8 on a Windows 8.1 System, >maintaining our webapp with around 1000 JSP pages and I am NOT a web >developer. > >I have inherited this application and all of the previous owners are no >longer available. So the last 2months I do a lot of reading and >debugging the whole bunch of java and jsp code and I think, that I have >a basic understanding what the software is doing and how it is >implemented at least. >The last days I found a lot of configuration issues and I was able to >get the whole stuff running in a very downsized environment build on a >standard tomcat Installation. >I got rid of all special configuration inside the server.xml, so that I >was able to fix some things and do it, like it was described in the >beautiful tomcat documentation and available wiki's. > >That's only for some explanations, before the stupid questions may >follow: > >I have to use basic authentication without an own login form. The >behavior I see, is that if the webapp is starting a realm instance is >correctly created and initialized in my webapp, but if the first >request arrive, also the tomcat itself instantiate one object of this >class and took the credentials from the automatically upcoming login >form (here IExplorer 11).
I think tomcat will always inject a realm into to host when it finds none. But that realm should not interfere with your requests to your webapp. Where have you defined your own realm? How many andwhich webapps do you have? Have you looked at the access logs to see whether the requests all are directed entirely at your webapp and not some other? Regards, Felix > >My understanding from reading the documentation is, that, if I >configure my own realm in my context.xml (what I have done), that the >webapp will use it. That seems to be ok, but why also tomcat itself >instantiate an object of my custom realm and take the first request >when I want to access my webapp. Therefore I have no own control about >my JSessions and so my session management leaks, because I didn't got >the info's from the logins, what the tomcat is doing now. > >What is wrong in my configuration or in my understanding? I want be the >only one, that got the requests for the authentication for my webapp. > >Here are my server.xml, it only contain one Realm line of our realm in >the 'Host' section (I strip the comments and the header lines, which >are unchanged): > > <GlobalNamingResources> ><Resource name="UserDatabase" auth="Container" >type="org.apache.catalina.UserDatabase" description="User database that >can be updated and saved" >factory="org.apache.catalina.users.MemoryUserDatabaseFactory" >pathname="conf/tomcat-users.xml"/> > </GlobalNamingResources> > > <Service name="Catalina"> ><Connector acceptCount="100" connectionTimeout="200000" >maxThreads="150" port="9150" protocol="HTTP/1.1" redirectPort="8443"/> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/> > <Engine defaultHost="localhost" name="Catalina"> > [<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>] > ><Host appBase="webapps" autoDeploy="true" name="localhost" >unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false"> >[<Realm className="de.myproject.tomcat.realm.BITRealm" >domainName="dom1" .../>] > </Host> > </Engine> > </Service> > >The lines in brackets I have switched on and off in several attempts >without the wished result. Without a realm definition in server.xml and >only in the context.xml I have had equal results and one combination I >have had one time, was that I have to authenticate twice and the first >time with the data of tomcat-users.xml and the second time with my own >one. > >Is it possible that there is some more configured in some of the >web.xml's or other directories in WEB-INF, what cause this behavior? I >have searched there for some words like security, realm, userdatabase >and so on, but have found nothing. > >Hopefully I have explained my problem as good as I know and somebody >see my point :) > >Thanks in advance, best regards, >mit freundlichen Grüßen >Arno > >_________________________________________________________ > >SQS hat bei den AIM Awards 2014 zum zweiten Mal die begehrte >Auszeichnung "International Company of the Year" erhalten. ><http://www.sqs.com/portal/news/de/pressemitteilungen-aim-awards-international-company-of-the-year.php> > >Vorsitzender des Aufsichtsrats: David Bellin >Vorstand: Diederik Vos (CEO) ? Ralph Gillessen (COO) ? René Gawron >(CFO) >SQS AG ? Stollwerckstraße 11 ? 51149 Köln >Sitz der Gesellschaft: Köln ? Amtsgericht Köln, HRB 12764 > >This e-mail may contain confidential and/or privileged information. If >you are not the intended recipient >(or have received this e-mail in error) please notify the sender >immediately and destroy this e-mail. >Any unauthorised copying, disclosure or distribution of the material in >this e-mail is strictly forbidden. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
