Why do your posted XML fragments have asterisks and odd annotations like
<#>? Since what you posted doesn't appear to be just a copy & paste, it
would be good to see the actual elements, attributes, and values.
My mistake. I copied from the rendered XML doc instead of from the
source. Here's the correct posting of the web.xml excerpt:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLManger and Manager command</web-resource-name>
<url-pattern>/jmxproxy/*</url-pattern>
<url-pattern>/html/*</url-pattern>
<url-pattern>/list</url-pattern>
<url-pattern>/expire</url-pattern>
<url-pattern>/sessions</url-pattern>
<url-pattern>/start</url-pattern>
<url-pattern>/stop</url-pattern>
<url-pattern>/install</url-pattern>
<url-pattern>/remove</url-pattern>
<url-pattern>/deploy</url-pattern>
<url-pattern>/undeploy</url-pattern>
<url-pattern>/reload</url-pattern>
<url-pattern>/save</url-pattern>
<url-pattern>/serverinfo</url-pattern>
<url-pattern>/status/*</url-pattern>
<url-pattern>/roles</url-pattern>
<url-pattern>/resources</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>JDBCRealm</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>manager</role-name>
</security-role>
And here's the server.xml excerpt (which I should have pointed out is
inside the server/service/engine container):
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql:///Tomcat_Realm" connectionName="xxxx"
connectionPassword="xxxx"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name" digest="MD5" />
1) Make sure the debug level for the <Realm> is something large (e.g.,
"99", not "*99*").
Debug was set correctly, as shown above.
2) Check the logs after you make a request to the manager.
Here's the contents of catalina.<date-time>.log. The only thing I see
that seems perhaps relevant is the warning about no matching property
for debug. Does it mean I have the realm descriptor in the wrong
location (server/service/engine/realm)? I placed it right after the
userDatabaseRealm that comes with the Tomcat distribution. There are
warnings about docBases inside the host appbase that are being ignored.
I don't understand these, but they don't seem related to my problem.
These warnings pertain to <appname>.xml files inside
${catalina.home}\conf\catalina\localhost\, with <context> elements
defined with IP address and access log valves.
Mar 19, 2008 10:21:23 PM org.apache.catalina.startup.HostConfig
checkResources
INFO: Undeploying context [/admin]
Mar 19, 2008 10:21:28 PM org.apache.coyote.http11.Http11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
Mar 19, 2008 10:21:29 PM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Mar 19, 2008 10:21:30 PM org.apache.coyote.http11.Http11Protocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
Mar 19, 2008 10:21:33 PM
org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Realm} Setting
property 'debug' to '99' did not find a matching property.
Mar 19, 2008 10:21:33 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: C:\Program Files\Apache Software Foundation\Tomcat
6.0\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program
Files\ActivIdentity\ActivClient Mini\;C:\Program
Files\QuickTime\QTSystem\;C:\Program Files\MySQL\MySQL Server 5.0\bin
Mar 19, 2008 10:21:33 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Mar 19, 2008 10:21:33 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 509 ms
Mar 19, 2008 10:21:33 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 19, 2008 10:21:33 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.16
Mar 19, 2008 10:21:34 PM org.apache.catalina.startup.HostConfig
deployDescriptor
WARNING: A docBase C:\Program Files\Apache Software Foundation\Tomcat
6.0\webapps\gators inside the host appBase has been specified, and will
be ignored
Mar 19, 2008 10:21:34 PM org.apache.catalina.startup.HostConfig
deployDescriptor
WARNING: A docBase C:\Program Files\Apache Software Foundation\Tomcat
6.0\webapps\manager inside the host appBase has been specified, and will
be ignored
Mar 19, 2008 10:21:34 PM org.apache.catalina.startup.HostConfig
deployDescriptor
WARNING: A docBase C:\Program Files\Apache Software Foundation\Tomcat
6.0\webapps\Pics inside the host appBase has been specified, and will be
ignored
Mar 19, 2008 10:21:34 PM org.apache.catalina.startup.HostConfig
deployDescriptor
WARNING: A docBase C:\Program Files\Apache Software Foundation\Tomcat
6.0\webapps\ROOT inside the host appBase has been specified, and will be
ignored
Mar 19, 2008 10:21:34 PM org.apache.catalina.startup.HostConfig
deployDescriptor
WARNING: A docBase C:\Program Files\Apache Software Foundation\Tomcat
6.0\webapps\webdav inside the host appBase has been specified, and will
be ignored
Mar 19, 2008 10:21:35 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 19, 2008 10:21:35 PM org.apache.jk.common.ChannelSocket init
3) Use database tracing, Wireshark, or equivalent to see if the Realm is
actually trying to reach the database when you attempt to use the
manager.
Not sure how to do this, but I'll look into it. Thanks for your suggestions.
-Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
