You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Sim IJskes <si...@nyx.xs4all.nl> on 2000/04/01 20:59:41 UTC

tomcat-users.xml

I have the file:

<tomcat-users>
  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="sim" password="pass" roles="kiwiadmin" />
</tomcat-users>

But when i try to list or modify this file with:

java org.apache.tomcat.security.file.FileRealmTool

i get:

Exception in thread "main" java.lang.IllegalArgumentException: Bad
hexadecimal digit
        at org.apache.tomcat.util.HexUtils.convert(HexUtils.java:135)
        at
org.apache.tomcat.security.file.FileRealmDatabase.readUser(FileRealmDatabase.java:422)
        at
org.apache.tomcat.security.file.FileRealmDatabase.read(FileRealmDatabase.java:327)
        at
org.apache.tomcat.security.file.FileRealmDatabase.<init>(FileRealmDatabase.java:143)
        at
org.apache.tomcat.security.file.FileRealmTool.open(FileRealmTool.java:530)
        at
org.apache.tomcat.security.file.FileRealmTool.main(FileRealmTool.java:167)

When i remove the users and recreate the file with the tool, it creates
a <user> element without the 'roles' attribute. This tomcat itself does
not like. It complains about a null pointer.

Any ideas? Is it a bug?

Gr. Sim

Re: tomcat-users.xml

Posted by Sim IJskes <si...@nyx.xs4all.nl>.

Sim IJskes wrote:

> I have got my own application working now. It revolved around having the
> protected pages in the root of the context or in a subdirectory.

BTW: did i tell you that i'm very happy that it works? A thank-you to
every developer that worked on the product!

Re: tomcat-users.xml

Posted by Sim IJskes <si...@nyx.xs4all.nl>.

"Craig R. McClanahan" wrote:

> I was able to get basic authentication working by editing the file
> "$TOMCAT_HOME/webapps/examples/WEB-INF/web.xml and changing the <auth-method> element from FORM
> to BASIC.  Then, accessing the following URL:

I have got my own application working now. It revolved around having the
protected pages in the root of the context or in a subdirectory. 

1st:

i tried with the pages in the root and <url-pattern>*.jsp</url-pattern>,
that didn't work.

2nd:

i tried with the pages in the root and <url-pattern>/</url-pattern>,
that didn't work.

3rd:

i tried with the pages in the root and <url-pattern>/*</url-pattern>,
that didn't work.

4th:

i tried with the pages in the pages subdir and
<url-pattern>/pages/*</url-pattern>, and this worked.

Are [1...3] in contradiction with the standard? Or did i find a bug?

Gr. Sim

Non-technical question

Posted by Jeff Neuenschwander <je...@collegeguy.com>.

Does anyone have any nice little icons for the bottom of webpages that say
"powered by tomcat," or anything cool like that?

If not, can I get permission from the jakarta team to take the little tomcat
guy and make one or two?

Jeff

Re: tomcat-users.xml

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

Sim IJskes wrote:

> "Craig R. McClanahan" wrote:
>
> > As Costin said, FileRealmTool does not work and it will not work with 3.1 -- edit the
> > tomcat-users.xml file directly for now.  FileRealmTool was part of an experimental approach
> > that used different conventions for how it's XML data was stored, and is not compatible.
>
> Forgive me if i'm not explicit enough. Again: Does the Basic security
> stuff work? I have big (bug) problems getting it to work, as i'm new
> here i don't know what features do work and don't. No i'm not talking
> about the FileRealm stuf. Just SecurityCheck and MemoryRealm. B.T.W. I
> did edit the tomcat-users.xml file by hand.
>

I was able to get basic authentication working by editing the file
"$TOMCAT_HOME/webapps/examples/WEB-INF/web.xml and changing the <auth-method> element from FORM
to BASIC.  Then, accessing the following URL:

    http://localhost:8080/examples/jsp/security/protected

correctly caused the basic authentication dialog to come up, and it correctly rejected all
username/password combinations other than the one defined in the conf/tomcat-users.xml file
(tomcat/tomcat).  If you can find a scenario like this that doesn't work correctly, could you
please report it?

In addition, form-based login works at least partially -- it accepts valid logins from the form
that is displayed.  However, it currently appears to ignore the <form-error-page> declaration if
you enter an invalid username/password, and simply redisplays the login form again.  Digest and
SSL based authentication is not currently supported.

Both of the submitted bugs (161 and 162) dealt specifically with FileRealmTool, which is not
going to be supported.  Also, you'll probably need to restart Tomcat after hand editing the
conf/tomcat-users.xml file.

By the way, I just checked in a change to the protected page that comes up when you successfully
logged in, to show you what username you logged in as (that is, the value of
request.getRemoteUser()).  This change will be reflected in the final release.

>
> Thanks,
>
> Sim
>

Craig McClanahan

Re: tomcat-users.xml

Posted by Sim IJskes <si...@nyx.xs4all.nl>.

"Craig R. McClanahan" wrote:

> As Costin said, FileRealmTool does not work and it will not work with 3.1 -- edit the
> tomcat-users.xml file directly for now.  FileRealmTool was part of an experimental approach
> that used different conventions for how it's XML data was stored, and is not compatible.

Forgive me if i'm not explicit enough. Again: Does the Basic security
stuff work? I have big (bug) problems getting it to work, as i'm new
here i don't know what features do work and don't. No i'm not talking
about the FileRealm stuf. Just SecurityCheck and MemoryRealm. B.T.W. I
did edit the tomcat-users.xml file by hand.

Thanks,

Sim

Re: tomcat-users.xml

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

Sim IJskes wrote:

> Costin Manolache wrote:
> >
> > FileRealmTool is not part of the "main" source code and it's not supported.
> >
> > Please edit <tomcat-users> if you want to play with that. It is just a very simple
> > storage, with clear text passwords and a lot of limitations - it's there just to provide
> >  a simple default.
>
> Did you get it working? I just filed a bugreport:
> http://jakarta.apache.org/bugs/show_bug.cgi?id=164
>
> Gr. Sim
>

As Costin said, FileRealmTool does not work and it will not work with 3.1 -- edit the
tomcat-users.xml file directly for now.  FileRealmTool was part of an experimental approach
that used different conventions for how it's XML data was stored, and is not compatible.

I'm going to propose (on the developer's list) removing it from the 3.1 release to avoid
confusion.

Craig McClanahan

Re: tomcat-users.xml

Posted by Sim IJskes <si...@nyx.xs4all.nl>.

Costin Manolache wrote:
> 
> FileRealmTool is not part of the "main" source code and it's not supported.
> 
> Please edit <tomcat-users> if you want to play with that. It is just a very simple
> storage, with clear text passwords and a lot of limitations - it's there just to provide
>  a simple default.

Did you get it working? I just filed a bugreport:
http://jakarta.apache.org/bugs/show_bug.cgi?id=164

Gr. Sim

Re: tomcat-users.xml

Posted by Costin Manolache <co...@eng.sun.com>.

FileRealmTool is not part of the "main" source code and it's not supported.

Please edit <tomcat-users> if you want to play with that. It is just a very simple
storage, with clear text passwords and a lot of limitations - it's there just to provide
 a simple default.

We'll add the "real" thing in next versions of tomcat - integration with apache, support
for common user authentication systems ( PAM, Win native, etc - via JAAS ).

Costin


Sim IJskes wrote:

> I have the file:
>
> <tomcat-users>
>   <user name="tomcat" password="tomcat" roles="tomcat" />
>   <user name="sim" password="pass" roles="kiwiadmin" />
> </tomcat-users>
>
> But when i try to list or modify this file with:
>
> java org.apache.tomcat.security.file.FileRealmTool
>
> i get:
>
> Exception in thread "main" java.lang.IllegalArgumentException: Bad
> hexadecimal digit
>         at org.apache.tomcat.util.HexUtils.convert(HexUtils.java:135)
>         at
> org.apache.tomcat.security.file.FileRealmDatabase.readUser(FileRealmDatabase.java:422)
>         at
> org.apache.tomcat.security.file.FileRealmDatabase.read(FileRealmDatabase.java:327)
>         at
> org.apache.tomcat.security.file.FileRealmDatabase.<init>(FileRealmDatabase.java:143)
>         at
> org.apache.tomcat.security.file.FileRealmTool.open(FileRealmTool.java:530)
>         at
> org.apache.tomcat.security.file.FileRealmTool.main(FileRealmTool.java:167)
>
> When i remove the users and recreate the file with the tool, it creates
> a <user> element without the 'roles' attribute. This tomcat itself does
> not like. It complains about a null pointer.
>
> Any ideas? Is it a bug?
>
> Gr. Sim
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org