You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ricardo Gladwell <ri...@ubqtmedia.com> on 2001/04/12 14:09:29 UTC

Basic HTTP Authorization and JDBCRealm

Dear All,

I'm using JDBCRealm on Tomcat through IIS 5.0 on Windows 2000 to
authenticate users for my companies Intranet. I managed to configure my
server to authenticate user via HTTP basic authorization. However, when I
attempt to log into my web application I receive the following errors in my
<jvm.stderr.log> file:

2001-04-12 12:54:33 - ContextManager: JDBCRealm: JDBCRealm.authenticate:
SELECT Password FROM People WHERE UserName = ?
2001-04-12 12:54:34 - ContextManager: JDBCRealm: Authentication unsuccessful
for user null

With a bit a research it would appear that the JDBCRealm interceptor is not
reading the HTTP Authorization header properly. The authenticate( String,
Hashtable ) method is being passed a null value for the username, or the
authenticate( Request, Response ) is not receiving the headers. Perhaps IIS
or the ISAPI redirector are stripping this header when it passes the request
onto Tomcat?

If anyone could tell me what I'm doing wrong or where the problem is likely
to lie, I would be most grateful as this conundrum is eating up days of my
time. Here is the configuration for my server.xml file (the SimpleRealm
interceptor is commented out):

        <RequestInterceptor
            className="org.apache.tomcat.request.JDBCRealm"
            debug="99"

			driverName="sun.jdbc.odbc.JdbcOdbcDriver"

	    	connectionURL="jdbc:odbc:Intranet"
              	connectionName="user"
              	connectionPassword="pass"

	    	userTable="People"
            	userNameCol="UserName"
            	userCredCol="Password"

			userRoleTable="Roles"
           		roleNameCol="RoleName"
		/>

Here is the configuration from the web.xml for my web application:

	<security-constraint>

		<web-resource-collection>
			<web-resource-name>Intranet</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>

		<auth-constraint>
			<role-name>IntranetUser</role-name>
		</auth-constraint>

	</security-constraint>

	<login-config>
		<auth-method>BASIC</auth-method>
		<realm-name>UBQT Media Intranet</realm-name>
	</login-config>

TIA...

--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444