Thanks Mark for all those tips. I will go back to the DataSource Realm. As for the location of my auth-error.html, it is in webapps/web-app-name, where my jsp's are.
On Sat, Sep 5, 2009 at 1:55 AM, Mark Thomas <ma...@apache.org> wrote: > Adam Posner wrote: > > Hi, I have been trying to implement form based authentication using > > container managed security. > > I had tried originally to use the DataSource Realm but after struggling > with > > that for so long I gave up because I had tried everything I could think > of > > as far as putting the Realm declaration in varioius places with no luck, > and > > I got conflicting answers between the the Apache-Tomcat docs > > Generally, the docs will give you more accurate information. If you have > problems ask here and on the odd occasion the docs are wrong they'll get > fixed. > > ( which I've > > read multiple times) and what I found in places like mark-mail and > nabble. > > > > So now I am trying to get it working with the JDBC realm instead. > > That is a bad idea. The JDBCRealm is horribly synchronized whereas the > DataSourceRealm uses a connection pool. > > > > server.xml: > I'd strongly suggest removing the comments from this file. It makes it a > lot easier to read. > > > <?xml version='1.0' encoding='utf-8'?> > > <Server port="8005" shutdown="SHUTDOWN"> > > > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > > SSLEngine="on" /> > > <Listener className="org.apache.catalina.core.JasperListener" /> > > <Listener > className="org.apache.catalina.mbeans.ServerLifecycleListener" > > /> > > <Listener > > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" > /> > > > > <GlobalNamingResources> > > > > <Resource name="UserDatabase" auth="Container" > > type="org.apache.catalina.UserDatabase" > > description="User database that can be updated and saved" > > > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > > pathname="conf/tomcat-users.xml" /> > > </GlobalNamingResources> > > > > <Service name="Catalina"> > > <Connector port="8080" protocol="HTTP/1.1" > > connectionTimeout="20000" > > redirectPort="8443" /> > > > > <!-- Define an AJP 1.3 Connector on port 8009 --> > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > <Engine name="Catalina" defaultHost="localhost"> > > > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > > resourceName="UserDatabase"/> > > > > <Host name="localhost" appBase="webapps" > > unpackWARs="true" autoDeploy="true" > > xmlValidation="false" xmlNamespaceAware="false"> > > > > <Context path="/blurbV1" > > docBase="blurbV1" > > debug="99" > > debug doesn't do anything - delete it. This begs the question why did > you add it? Any docs that say you need it are for the wrong Tomcat > version. That is why you are best following the official Tomcat 6 docs. > > reloadable="true"> > > > > <Resource name="jdbc/trailsDB" auth="Container" > > type="javax.sql.DataSource" > > > > driverClassName="com.mysql.jdbc.Driver" > > > > url="jdbc:mysql://localhost:3306/trailsDB?user=buzz&password=999999" > > maxActive="8"/> > > I assume this resource is required by the application since the > JBDCRealm won't use it. > > > <Realm className="org.apache.catalina.realm.JDBCRealm" > > debug="99" > > driverName="com.mysql.jdbc.Driver" > > connectionURL="jdbc:mysql://localhost:3306/trailsDB" > > userTable="users" > > userNameCol="user_name" > > userCredCol="user_pass" > > userRoleTable="user_roles" > > roleNameCol="role_name" > > /> > > You are missing the connectionName and connectionPassword attributes. > Both of which are clearly marked as required in the docs. Again - use > the official docs and life gets a lot easier. > > > </Context> > > > > </Host> > > </Engine> > > </Service> > > </Server> > > > > And my web.xml: > > > > <security-constraint> > > > > <web-resource-collection> > > > > <web-resource-name>UpdateTrails</web-resource-name> > > > > <url-pattern>/*</url-pattern> > > > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > This is bad from a security point of view. This means *only* GET and > POST are protected but all of the other HTTP methods are allowed. I > doubt that is what you want. > > > </web-resource-collection> > > > > <auth-constraint> > > <description>These are the roles who have > access</description> > > <role-name>admin</role-name> > > </auth-constraint> > > > > </security-constraint> > > > > <login-config> > > <auth-method>FORM</auth-method> > > <realm-name>Tomcat Server Configuration Form-Based > > Authentication Area</realm-name> > > <form-login-config> > > <form-login-page>/Login.html</form-login-page> > > <form-error-page>/auth-error.html</form-error-page> > > </form-login-config> > > </login-config> > > > > > > <resource-ref> > > <description>DB Connection</description> > > <res-ref-name>jdbc/trailsDB</res-ref-name> > > <res-type>javax.sql.DataSource</res-type> > > <res-auth>Container</res-auth> > > </resource-ref> > > > > </web-app> > > > > Even though it says DataSource in the above resource-ref tag, all the > info I > > found told me > > to do that even with the JDBCRealm. > > Really? If the official Tomcat docs say you need to do that then they > are wrong. I had a quick look but I couldn't see anything that said > this. Where did you read it and I'll get it fixed. > > > So there seems to be 2 problems. Here's what Tomcat gives me when I > attempt > > to login: > > > > HTTP Status 404 - /blurbV1/auth-error.html > > ------------------------------ > > > > *type* Status report > > > > *message* */blurbV1/auth-error.html* > > > > *description* *The requested resource (/blurbV1/auth-error.html) is not > > available.* > > ------------------------------ > > Apache Tomcat/6.0.16 > > But it should allow me to login since I have the users and the database > > setup with the correct > > user and role tables. Here is the tomcat-users.xml created by Tomcat: > > Huh? Tomcat doesn't create this file. You must have created it. Added to > which it is irrelevant in this case since your context is using the > JDBCRealm, not the UserDatabaseRealm. > > > Any ideas why I might be getting this ? > > The 404 suggests the auth-error.html does not exist. Where is the file > located? > > You are seeing the error page because Tomcat can't connect to your > database to authenticate the user. You need to fix the various problems > outlined above. > > Mark > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
