You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by J Malcolm <te...@malcolms.com> on 2005/03/13 19:14:21 UTC
Scoping of JNDI Resources?
I know you can define DataSources, etc. globally to all of Tomcat using
<GlobalNamingResources>. I have also determined that you can define
individual DataSources inside a webApp's <Context></Context> block inside a
<Host> block. But are these the only two options? I would like to define
DataSources that are scoped to a <Host>, but not global to all of Tomcat. I
tried a few things, but couldn't seem to get it to work any other way.
Is there a way to define a DataSource (or any other JNDI resource) at the
host level?
More generally, examples of server.conf are great. But is there a document
that describes all the options and variations of what you do in server.xml?
Thanks.
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Scoping of JNDI Resources?
Posted by J Malcolm <te...@malcolms.com>.
Hassan,
Thank you so much. I figured there had to be some sort of answer for that.
This makes sense.
I really appreciate the help.
Jerry
-----Original Message-----
From: Hassan Schroeder [mailto:hassan@webtuitive.com]
Sent: Monday, March 14, 2005 9:00 AM
To: Tomcat Users List
Subject: Re: Scoping of JNDI Resources?
J Malcolm wrote:
> I've actually got my realms defined per host. That's not the problem. The
> problem is that the datasources for the various realms must be declared
> globally (apparently).
> I'm assuming that any datasource that is defined globally is accessible to
> any Tomcat app that knows the datasource name, right? This means that the
> realm authentication db for one host is accessible to any other host that
> might be able to determine the datasource name.
Ah, OK, this isn't a problem I've had to deal with, but:
<http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html
>
:: I would read this:
The GlobalNamingResources element defines the global JNDI
resources for the Server.
These resources are listed in the server's global JNDI resource
context. This context is distinct from the per-web-application
JNDI contexts described in the JNDI Resources HOW-TO. The resources
defined in this element are not visible in the per-web-application
contexts unless you explicitly link them with <ResourceLink>
elements.
:: as refuting the above concern...
But I don't have time to test that theory right now :-)
HTH!
--
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Scoping of JNDI Resources?
Posted by Hassan Schroeder <ha...@webtuitive.com>.
J Malcolm wrote:
> I've actually got my realms defined per host. That's not the problem. The
> problem is that the datasources for the various realms must be declared
> globally (apparently).
> I'm assuming that any datasource that is defined globally is accessible to
> any Tomcat app that knows the datasource name, right? This means that the
> realm authentication db for one host is accessible to any other host that
> might be able to determine the datasource name.
Ah, OK, this isn't a problem I've had to deal with, but:
<http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html>
:: I would read this:
The GlobalNamingResources element defines the global JNDI
resources for the Server.
These resources are listed in the server's global JNDI resource
context. This context is distinct from the per-web-application
JNDI contexts described in the JNDI Resources HOW-TO. The resources
defined in this element are not visible in the per-web-application
contexts unless you explicitly link them with <ResourceLink>
elements.
:: as refuting the above concern...
But I don't have time to test that theory right now :-)
HTH!
--
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Scoping of JNDI Resources?
Posted by J Malcolm <te...@malcolms.com>.
I've actually got my realms defined per host. That's not the problem. The
problem is that the datasources for the various realms must be declared
globally (apparently). Until yesterday, I was running JDBCRealms where I
could define a different database for each realm inside the host. But I had
to move off of JDBCRealms due to a catastrophic bug discussed in an earlier
thread.
I'm assuming that any datasource that is defined globally is accessible to
any Tomcat app that knows the datasource name, right? This means that the
realm authentication db for one host is accessible to any other host that
might be able to determine the datasource name. Many of my hosts are from
different businesses that must ensure integrity of their security
environment. With a global datasource defined for their realm authority db,
I can't guarantee that another malicious host cannot access and possible
corrupt the db.
It doesn't seem right that there would be this sort of hole in
DataSourceRealms. But right now, the only way I can find to define a
datasource for any realm, even those defined inside a host, is to use global
datasource definitions. Is this really the only way?
Thanks.
Jerry
-----Original Message-----
From: Hassan Schroeder [mailto:hassan@webtuitive.com]
Sent: Sunday, March 13, 2005 7:08 PM
To: Tomcat Users List
Subject: Re: Scoping of JNDI Resources?
J Malcolm wrote:
> But it does not appear that the Default-Context applies to
DataSourceRealms
> for a host. Is there a way to define a datasource for use by a realm in a
> particular host (without making the datasource available to other hosts?)
Ah, Realms, well then:
<http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html>
:: says:
You may nest a Realm inside any Catalina container Engine, Host,
or Context).
Not tested -- I'm also running 5.5.7, but my DataSourceRealm is
applied globally -- but that sounds like it fits the bill...
--
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Scoping of JNDI Resources?
Posted by Hassan Schroeder <ha...@webtuitive.com>.
J Malcolm wrote:
> But it does not appear that the Default-Context applies to DataSourceRealms
> for a host. Is there a way to define a datasource for use by a realm in a
> particular host (without making the datasource available to other hosts?)
Ah, Realms, well then:
<http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html>
:: says:
You may nest a Realm inside any Catalina container Engine, Host,
or Context).
Not tested -- I'm also running 5.5.7, but my DataSourceRealm is
applied globally -- but that sounds like it fits the bill...
--
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Scoping of JNDI Resources?
Posted by J Malcolm <te...@malcolms.com>.
Hassan,
Thanks so much for the info. I am on 5.5.7. I was not aware of the
Default-Context> option. That will be useful.
But it does not appear that the Default-Context applies to DataSourceRealms
for a host. Is there a way to define a datasource for use by a realm in a
particular host (without making the datasource available to other hosts?)
Thanks again.
Jerry
-----Original Message-----
From: Hassan Schroeder [mailto:hassan@webtuitive.com]
Sent: Sunday, March 13, 2005 12:38 PM
To: Tomcat Users List
Subject: Re: Scoping of JNDI Resources?
J Malcolm wrote:
> I know you can define DataSources, etc. globally to all of Tomcat using
> <GlobalNamingResources>. I have also determined that you can define
> individual DataSources inside a webApp's <Context></Context> block inside
a
> <Host> block. But are these the only two options? I would like to define
> DataSources that are scoped to a <Host>, but not global to all of Tomcat.
I
> tried a few things, but couldn't seem to get it to work any other way.
>
> Is there a way to define a DataSource (or any other JNDI resource) at the
> host level?
You didn't mention what version you're running, but take a look at
this page for the <DefaultContext> :
<http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/defaultcontext.html>
> More generally, examples of server.conf are great. But is there a
document
> that describes all the options and variations of what you do in
server.xml?
It's not a single document, but the Server Configuration Reference
(again, this is for the 5.0 branch, adjust as required) covers it
all, element by element:
<http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html>
HTH!
--
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Scoping of JNDI Resources?
Posted by Hassan Schroeder <ha...@webtuitive.com>.
J Malcolm wrote:
> I know you can define DataSources, etc. globally to all of Tomcat using
> <GlobalNamingResources>. I have also determined that you can define
> individual DataSources inside a webApp's <Context></Context> block inside a
> <Host> block. But are these the only two options? I would like to define
> DataSources that are scoped to a <Host>, but not global to all of Tomcat. I
> tried a few things, but couldn't seem to get it to work any other way.
>
> Is there a way to define a DataSource (or any other JNDI resource) at the
> host level?
You didn't mention what version you're running, but take a look at
this page for the <DefaultContext> :
<http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/defaultcontext.html>
> More generally, examples of server.conf are great. But is there a document
> that describes all the options and variations of what you do in server.xml?
It's not a single document, but the Server Configuration Reference
(again, this is for the 5.0 branch, adjust as required) covers it
all, element by element:
<http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html>
HTH!
--
Hassan Schroeder ----------------------------- hassan@webtuitive.com
Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com
dream. code.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org