You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Marc Farrow <ma...@gmail.com> on 2006/05/30 21:30:12 UTC

Realm Tag in webappnamecontext.xml

I have a context with the following Realm tag.  However, when I navigate to
the page, the page pulls up without any type of authentication.  What am I
missing?  I have read the "Realm Configuration HOW-TO" at apache.org.


<Context path="/mycontext">
    <Realm  name="testRealm"
            className="org.apache.catalina.realm.JNDIRealm"

connectionURL="LDAP://myldapmachine001.mytest.com/CN=mycn,OU=Groups,DC=mycompany,DC=com"

alternateURL="LDAP://myldapmachine002.mytest.com/CN=mycn,OU=Groups,DC=mycompany,DC=com"
    />
</Context>

-- 
Marc Farrow

Re: Realm Tag in webappnamecontext.xml

Posted by Marc Farrow <ma...@gmail.com>.

Thanks Mark.  I did figure out my configuration problem!

On 6/2/06, Mark Thomas <ma...@apache.org> wrote:
>
> Marc Farrow wrote:
> >  <auth-contraint/>
>
> And there is the problem. An empty <auth-constraint> allows
> unauthenticated access as per SRV.12.8.1
>
> An empty <auth-constraint> is not the same as an <auth-constraint>
> that specifies no roles and therefore denies access to all as per
> SRV.12.8.1.
>
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Marc Farrow

Re: Realm Tag in webappnamecontext.xml

Posted by Mark Thomas <ma...@apache.org>.

Marc Farrow wrote:
>  <auth-contraint/>

And there is the problem. An empty <auth-constraint> allows
unauthenticated access as per SRV.12.8.1

An empty <auth-constraint> is not the same as an <auth-constraint>
that specifies no roles and therefore denies access to all as per
SRV.12.8.1.


Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Realm Tag in webappnamecontext.xml

Posted by Marc Farrow <ma...@gmail.com>.

Ok, I have read both the Tomcat's Realm How-to and also the Servlet Specs.
I have the following application context and web.xml files.  When I go to
http://localhost:8080/mywebappcontext/index.jsp, then page pulls up and no
dialog box comes up asking the user for username/password.  I know I am
missing something.  I can only guess that the way I have it set up, that the
servlet container is validating against LDAP (anonymous access is turned
off) without any credentials being presented.

Are there any thoughts/leads?

Goal of security constraint:
More information on the LDAP setup in case that may be culprit.  We created
a new group called TestGroup that is in the structure defined by the URL.
We want to check the memberOf attribute of this group to see if the username
the is a member of that group.


mywebappcontext.xml:
<Context path="/mywebappcontext">
    <Realm  name="testRealm"
            className="org.apache.catalina.realm.JNDIRealm"

connectionURL="ldaps://ldapmachine1/CN=TestGroup,OU=Groups,DC=mycompany,DC=net"


alternateURL="ldaps://ldapmachine2/CN=TestGroup,OU=Groups,DC=mycompany,DC=net"
    />
</Context>

web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
         version="2.4">

    <servlet>
        <servlet-name>Servlet</servlet-name>
        <servlet-class>com.mycompany.MyServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Turnover Servlet</servlet-name>
        <url-pattern>/servlet</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>5</session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>
            index.jsp
        </welcome-file>
    </welcome-file-list>
    <security-constraint>
  <web-resource-collection>
   <web-resource-name>Restricted web resources (all)</web-resource-name>
   <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-contraint/>
    </security-constraint>

</web-app>



On 5/30/06, Mark Thomas <ma...@apache.org> wrote:
>
> Marc Farrow wrote:
> > I have a context with the following Realm tag.  However, when I navigate
> to
> > the page, the page pulls up without any type of authentication.  What am
> I
> > missing?  I have read the "Realm Configuration HOW-TO" at apache.org.
>
> How you read chapter SRV.12 of the servlet spec? Specifically, what
> did you put in web.xml?
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Marc Farrow

Re: Realm Tag in webappnamecontext.xml

Posted by Mark Thomas <ma...@apache.org>.

Marc Farrow wrote:
> I have a context with the following Realm tag.  However, when I navigate to
> the page, the page pulls up without any type of authentication.  What am I
> missing?  I have read the "Realm Configuration HOW-TO" at apache.org.

How you read chapter SRV.12 of the servlet spec? Specifically, what
did you put in web.xml?

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org