You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by The Kelley's <ti...@mindspring.com> on 2002/07/17 18:00:46 UTC
Please recommend book or Other Help
I'm having problems with JDBCRealms and JDBCStore in Tomcat.
They seem buggy to me. Any expert help would be great.
I good book would be even better.
I already have James Goodwill's "Apache Jakarta Tomcat" book
Thanks
Tim
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Please recommend book or Other Help
Posted by The Kelley's <ti...@mindspring.com>.
I used the connectionname and connectionpassword too. It did work... Until I
added JDBCStore for session tracking. Then I got a Java:IOException Stream
closed.
Have you tried the JDBCStore?
Tim
-----Original Message-----
From: Eddie Bush [mailto:ekbush@swbell.net]
Sent: Wednesday, July 17, 2002 12:23 PM
To: Tomcat Users List
Subject: Re: Please recommend book or Other Help
What is your problem with the JDBCRealm? I have that going fine. One
thing to note, you probably don't want to append your username/password
to the url. Instead, use connectionName and connectionPassword to
specify them. That was the only real issue I faced in getting it to work.
Regards,
Eddie
The Kelley's wrote:
>I'm having problems with JDBCRealms and JDBCStore in Tomcat.
>They seem buggy to me. Any expert help would be great.
>I good book would be even better.
>I already have James Goodwill's "Apache Jakarta Tomcat" book
>
>Thanks
>Tim
>
>
>--
>To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
>For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: How to specify j_security_check success target
Posted by Brad Rhoads <br...@zethcon.com>.
>The basic flow is designed to go like this:
>- User makes a request for a URL
>- Container sees that this URL is protected by a security constraint
>- Container saves the original request and displays the login page
>- Assuming successful authentication, the container
> performs the *original* request.
>There's no
>such thing as "directing the user to a particular page" in this scenario
Sounds like my understanding was correct. So let me explain what I need and
perhaps you could suggest an approach to take.
My app has it's own security system where I set some session vars at logon.
I check for one of them in my template page and in my struts ActionServlet.
That all works fine. But now I need to protect non-jsp pages, like PDFs. So
I want to use JDBCRealm security. The problem I'm left with is setting up
all the session vars I'm currently doing in my logon action. That's why I
wanted some way to specify the target page.
Hmmm... Right now, if the session var is missing, I redirect to the logon
page. I guess I could change that to a setsessionvar page instead. Because
with the container security on, the only way the session var check could
happen would be if the user had been authenticated. Right? Does that make
sense or is there a better approach?
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: How to specify j_security_check success target
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Wed, 17 Jul 2002, Brad Rhoads wrote:
> Date: Wed, 17 Jul 2002 13:44:55 -0500
> From: Brad Rhoads <br...@zethcon.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>,
> brhoads@zethcon.com
> To: 'Tomcat Users List' <to...@jakarta.apache.org>
> Subject: How to specify j_security_check success target
>
>
> When using FORM security, your logon page must post to j_security_check. If
> the logon fails, then you end up at the page specified in
> <form-errror-page>. From what I understand, if the logon is successful,
> you'll be sent to what ever page you initially requested. Correct?
>
> If so, how do I override that behavior? Let's say after a logon I always
> want the user to go to mainmenu.jsp.
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
> <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
You're trying to use form based login incorrectly.
The basic flow is designed to go like this:
- User makes a request for a URL
- Container sees that this URL is protected by a security constraint
- Container saves the original request and displays the login page
- Assuming successful authentication, the container
performs the *original* request.
If it still doesn't make sense, temporarily switch your app to use BASIC
authentication (where the browser pops up the dialog box). There's no
such thing as "directing the user to a particular page" in this scenario.
Form based login is designed to work exactly the same (from a user
experience point of view) with the sole exception being that your login
page is used instead of the browser's dialog box.
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
How to specify j_security_check success target
Posted by Brad Rhoads <br...@zethcon.com>.
When using FORM security, your logon page must post to j_security_check. If
the logon fails, then you end up at the page specified in
<form-errror-page>. From what I understand, if the logon is successful,
you'll be sent to what ever page you initially requested. Correct?
If so, how do I override that behavior? Let's say after a logon I always
want the user to go to mainmenu.jsp.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Please recommend book or Other Help
Posted by Eddie Bush <ek...@swbell.net>.
What is your problem with the JDBCRealm? I have that going fine. One
thing to note, you probably don't want to append your username/password
to the url. Instead, use connectionName and connectionPassword to
specify them. That was the only real issue I faced in getting it to work.
Regards,
Eddie
The Kelley's wrote:
>I'm having problems with JDBCRealms and JDBCStore in Tomcat.
>They seem buggy to me. Any expert help would be great.
>I good book would be even better.
>I already have James Goodwill's "Apache Jakarta Tomcat" book
>
>Thanks
>Tim
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Please recommend book or Other Help
Posted by The Kelley's <ti...@mindspring.com>.
Jdk1.3
Win 2000
Jakarta Tomcat 4.0.3
Class Path
C:\Program
Files\Borland\InterClient\interclient.jar;C:\DSA\Javaapps\Java-1.1\;C:\JavaD
ev\begJavobj\Code\Chapter16\SRS;c:\jdk1.3\;c:\package\;c:\homeschoolbroker;C
:\jakarta-tomcat-4.0.3\common\lib\servlet.jar;C:\jakarta-tomcat-4.0.3\webapp
s\apress\web-inf\classes;
I have two users configured in mysql SessionTracking and LibraryManager
When I log onto the servlet and go through basic authentication, and then
create a session, I get the following exception when both the JDBCRealm and
JDBCStore are running.
The Exception
The exception I'm getting is
java.io.IOException: Stream closed
at
java.io.BufferedInputStream.ensureOpen(BufferedInputStream.java:123)
at java.io.BufferedInputStream.read(BufferedInputStream.java:273)
at
java.io.ObjectInputStream.readFullyInternal(ObjectInputStream.java:1780)
at java.io.ObjectInputStream.bufferData(ObjectInputStream.java:1750)
at java.io.ObjectInputStream.readShort(ObjectInputStream.java:1935)
at
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:842)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:168)
at
org.apache.catalina.util.CustomObjectInputStream.<init>(CustomObjectInputStr
eam.java:103)
at org.apache.catalina.session.JDBCStore.load(JDBCStore.java:518)
at
org.apache.catalina.session.StoreBase.processExpires(StoreBase.java:295)
at org.apache.catalina.session.StoreBase.run(StoreBase.java:350)
at java.lang.Thread.run(Thread.java:484)
Web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
'-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'
'http://java.sun.com/j2ee/dtds/web-app_2_3.dtd'>
<web-app>
<servlet>
<servlet-name>login</servlet-name>
<servlet-class>chapter2.login</servlet-class>
</servlet>
<taglib>
<taglib-uri>/library2</taglib-uri>
<taglib-location>/WEB-INF/lib/taglib.tld</taglib-location>
</taglib>
****************************************************************************
I physically took out this portion because of the bug I told you about. I
just pasted it in here so you could see what it looked like
****************************************************************************
*************
<!--Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Library Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LibraryManager</role-name>
</auth-constraint>
</security-constraint>
<!-- Login configuration for this application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Library Mananger</realm-name>
</login-config>
</web-app>
The server.xml file ( let me know if you want all of it, this is the
relative portion pertaining to JDBCStore.
<!--This is the JDBCStore that I wrote you about in the email -->
<Manager className="org.apache.catalina.session.PersistentManager"
debug="99"
saveOnRestart="true"
maxActiveSessions="-1"
minIdleSwap="-1"
maxIdleSwap="-1"
maxIdleBackup="-1">
<Store className="org.apache.catalina.session.JDBCStore"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/tomcatsessions?user=SessionTracking;pa
ssword=tracking"
sessionTable="sessions"
sessionIdCol="id"
sessionDataCol="data"
sessionValidCol="valid"
sessionMaxInactiveCol="maxinactive"
sessionLastAccessedCol="lastaccess"
checkInterval="60"
debug="99" />
</Manager>
</Context>
This is the JDBCRealm portion of the server.xml
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/tomcatusers"
connectionName="LibraryManager"
connectionPassword="home7lib8"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="users_roles" roleNameCol="role_name" />
-----Original Message-----
From: Paul D. Bain [mailto:paul_bain@bigfoot.com]
Sent: Wednesday, July 17, 2002 3:05 PM
To: Tomcat Users List
Subject: Re: Please recommend book or Other Help
At Wednesday 7/17/02 12:00 PM, you wrote:
>I'm having problems with JDBCRealms and JDBCStore in Tomcat.
>They seem buggy to me.
Could you please furnish us with more information? It would be
helpful to us to know your configuration, e.g., server.xml, web.xml,
version of JDK being used, classpath, etc.
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Please recommend book or Other Help
Posted by "Paul D. Bain" <pa...@bigfoot.com>.
At Wednesday 7/17/02 12:00 PM, you wrote:
>I'm having problems with JDBCRealms and JDBCStore in Tomcat.
>They seem buggy to me.
Could you please furnish us with more information? It would be
helpful to us to know your configuration, e.g., server.xml, web.xml,
version of JDK being used, classpath, etc.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Please recommend book or Other Help
Posted by The Kelley's <ti...@mindspring.com>.
I just gave it three stars at amazon. I didn't see anything on RMI. It's
basically on how to set up Tomcat and uses some of 4.0's features. Tomcat
valves , filters, log4j and etc. It's not very detailed.
The JDBCStore is a great idea but I'm almost convinced it's buggy. I'm new
so that makes it tougher. I may buy Marty hall's book and see how he does
things. I'm pretty sure he doesn't use JDBCStore.
-----Original Message-----
From: James Milks [mailto:jamesm@videotron.ca]
Sent: Wednesday, July 17, 2002 12:01 PM
To: Tomcat Users List; timdona@mindspring.com
Subject: RE: Please recommend book or Other Help
Sorry I can't offer help, but I am also looking for a good book. What is
your opinion on James Goodwill's "Apache Jakarta Tomcat"? Does it discuss
RMI at all?
James
-----Original Message-----
From: The Kelley's [mailto:timdona@mindspring.com]
Sent: July 17, 2002 12:01 PM
To: tomcat-user@jakarta.apache.org
Subject: Please recommend book or Other Help
I'm having problems with JDBCRealms and JDBCStore in Tomcat.
They seem buggy to me. Any expert help would be great.
I good book would be even better.
I already have James Goodwill's "Apache Jakarta Tomcat" book
Thanks
Tim
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Please recommend book or Other Help
Posted by James Milks <ja...@videotron.ca>.
Sorry I can't offer help, but I am also looking for a good book. What is
your opinion on James Goodwill's "Apache Jakarta Tomcat"? Does it discuss
RMI at all?
James
-----Original Message-----
From: The Kelley's [mailto:timdona@mindspring.com]
Sent: July 17, 2002 12:01 PM
To: tomcat-user@jakarta.apache.org
Subject: Please recommend book or Other Help
I'm having problems with JDBCRealms and JDBCStore in Tomcat.
They seem buggy to me. Any expert help would be great.
I good book would be even better.
I already have James Goodwill's "Apache Jakarta Tomcat" book
Thanks
Tim
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>