Security Newbie - Need Help

[Luke <lu...@lukeshannon.com>]

Hi;

I am trying to install a security realm for my application. I am expecting a
browser login window. But instead I get:

 HTTP Status 403 - Configuration error: Cannot perform access control
without an authenticated principal
type Status report
message Configuration error: Cannot perform access control without an
authenticated principal
description Access to the specified resource (Configuration error: Cannot
perform access control without an authenticated principal) has been
forbidden.
Apache Tomcat/5.0.28

Why I am not getting the login window?

Here is the web.xml in project root/WEB-INF

<security-constraint>
<web-resource-collection>
<web-resource-name>fw</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</security-constraint>


 <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
        driverName="org.gjt.mm.mysql.Driver"

connectionURL="jdbc:mysql://localhost/applicationusers?user=user&amp;passwor
d=password"
        userTable="applicationusers" userNameCol="user_name"
        userCredCol="user_pass" userRoleTable="user_roles"
roleNameCol="role_name" />

The table structure was created using the following sql:

create table users (
  user_name         varchar(15) not null primary key,
  user_pass         varchar(15) not null

);

create table user_roles (
  user_name         varchar(15) not null,
  role_name         varchar(15) not null,
  primary key (user_name, role_name)
);

How can I trouble shoot this? The log doesn't show anything. Any tips would
be great.

Thanks,

Luke



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org