Adam Posner wrote: > Hi, I have been trying to implement form based authentication using > container managed security. > I had tried originally to use the DataSource Realm but after struggling with > that for so long I gave up because I had tried everything I could think of > as far as putting the Realm declaration in varioius places with no luck, and > I got conflicting answers between the the Apache-Tomcat docs
Generally, the docs will give you more accurate information. If you have problems ask here and on the odd occasion the docs are wrong they'll get fixed. ( which I've > read multiple times) and what I found in places like mark-mail and nabble. > > So now I am trying to get it working with the JDBC realm instead. That is a bad idea. The JDBCRealm is horribly synchronized whereas the DataSourceRealm uses a connection pool. > server.xml: I'd strongly suggest removing the comments from this file. It makes it a lot easier to read. > <?xml version='1.0' encoding='utf-8'?> > <Server port="8005" shutdown="SHUTDOWN"> > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > <Listener className="org.apache.catalina.core.JasperListener" /> > <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" > /> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> > > <GlobalNamingResources> > > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > </GlobalNamingResources> > > <Service name="Catalina"> > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > <Engine name="Catalina" defaultHost="localhost"> > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> > > <Host name="localhost" appBase="webapps" > unpackWARs="true" autoDeploy="true" > xmlValidation="false" xmlNamespaceAware="false"> > > <Context path="/blurbV1" > docBase="blurbV1" > debug="99" debug doesn't do anything - delete it. This begs the question why did you add it? Any docs that say you need it are for the wrong Tomcat version. That is why you are best following the official Tomcat 6 docs. > reloadable="true"> > > <Resource name="jdbc/trailsDB" auth="Container" > type="javax.sql.DataSource" > > driverClassName="com.mysql.jdbc.Driver" > > url="jdbc:mysql://localhost:3306/trailsDB?user=buzz&password=999999" > maxActive="8"/> I assume this resource is required by the application since the JBDCRealm won't use it. > <Realm className="org.apache.catalina.realm.JDBCRealm" > debug="99" > driverName="com.mysql.jdbc.Driver" > connectionURL="jdbc:mysql://localhost:3306/trailsDB" > userTable="users" > userNameCol="user_name" > userCredCol="user_pass" > userRoleTable="user_roles" > roleNameCol="role_name" > /> You are missing the connectionName and connectionPassword attributes. Both of which are clearly marked as required in the docs. Again - use the official docs and life gets a lot easier. > </Context> > > </Host> > </Engine> > </Service> > </Server> > > And my web.xml: > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>UpdateTrails</web-resource-name> > > <url-pattern>/*</url-pattern> > > <http-method>GET</http-method> > <http-method>POST</http-method> This is bad from a security point of view. This means *only* GET and POST are protected but all of the other HTTP methods are allowed. I doubt that is what you want. > </web-resource-collection> > > <auth-constraint> > <description>These are the roles who have access</description> > <role-name>admin</role-name> > </auth-constraint> > > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>Tomcat Server Configuration Form-Based > Authentication Area</realm-name> > <form-login-config> > <form-login-page>/Login.html</form-login-page> > <form-error-page>/auth-error.html</form-error-page> > </form-login-config> > </login-config> > > > <resource-ref> > <description>DB Connection</description> > <res-ref-name>jdbc/trailsDB</res-ref-name> > <res-type>javax.sql.DataSource</res-type> > <res-auth>Container</res-auth> > </resource-ref> > > </web-app> > > Even though it says DataSource in the above resource-ref tag, all the info I > found told me > to do that even with the JDBCRealm. Really? If the official Tomcat docs say you need to do that then they are wrong. I had a quick look but I couldn't see anything that said this. Where did you read it and I'll get it fixed. > So there seems to be 2 problems. Here's what Tomcat gives me when I attempt > to login: > > HTTP Status 404 - /blurbV1/auth-error.html > ------------------------------ > > *type* Status report > > *message* */blurbV1/auth-error.html* > > *description* *The requested resource (/blurbV1/auth-error.html) is not > available.* > ------------------------------ > Apache Tomcat/6.0.16 > But it should allow me to login since I have the users and the database > setup with the correct > user and role tables. Here is the tomcat-users.xml created by Tomcat: Huh? Tomcat doesn't create this file. You must have created it. Added to which it is irrelevant in this case since your context is using the JDBCRealm, not the UserDatabaseRealm. > Any ideas why I might be getting this ? The 404 suggests the auth-error.html does not exist. Where is the file located? You are seeing the error page because Tomcat can't connect to your database to authenticate the user. You need to fix the various problems outlined above. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
