You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Guillaume M <ge...@gmail.com> on 2009/06/11 11:48:22 UTC
Realm and Datasource configuration in Context
I'm sorry I'm a bit lost with all the information I had found on realm
configuration problems. Thanks in advance for any help.
I had read it could come from the version so I had tried on two different ones:
On my Vista version, I have the error "the name jdbc isn't bound to
the context".
I had tried to use the datasource and mysql from a JSP page, it work
just fine when the security is off... So I guess my realm is wrong
somewhere... I had added the useNaming="true", the
localDataSource="true" and the autoReconnect="true" as adviced in
several threads though I still have the same troubles.
On my XP version, it seems better but when I use the right
login/password I have a HTTP 403 error message. I had only read it
could come from a wrong role-name so I had copied them directly from
mySQL and I still have the same problem... This version
reacts as expected with a false password.
Version 1 :
Windows Vista SP1
Tomcat 6.0.20
MySQL 5.1.35
To correct white page problems I had to use:
netsh int ip reset
netsh winsock reset
It might explain where my problems come from...
Here parts of the the main files used for security:
context.xml
<code>
<?xml version="1.0" encoding="ISO-8859-1"?>
<Context docBase="${app.name}" path="/CQC" privileged="true"
antiResourceLocking="false" antiJARLocking="false" debug="1"
reloadable="true" useNaming="true">
<Resource name="jdbc/authen"
auth="Container"
type="javax.sql.DataSource"
username="guillaume"
password="PASSWORD"
url="jdbc:mysql://192.168.1.44:3306/securite_cqc?autoReconnect=true"
driverClassName="com.mysql.jdbc.Driver"
maxIdle="6000"
maxWait="1000"
maxActive="20000"
validationQuery="Select 1"
removeAbandonned="true"
removeAbandonnedTimeout="1000000"
logAbandonned="true" />
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/authen"
userTable="users"
userNameCol="user_name"
userCredCol="user_password"
userRoleTable="user_roles"
roleNameCol="role_name"
localDataSource="true"
autoReconnect="true"
debug="99"
digest="md5" />
</Context>
</code>
mySQL tables
<code>
mysql> select * from users;
+-----------+----------------------------------+
| user_name | user_password |
+-----------+----------------------------------+
| bruno | md5password |
| essai | md5password |
| franck | md5password |
| guillaume | md5password |
| julien | md5password |
| laurent | md5password |
| noel | md5password |
| tomcat | md5password |
| virginie | md5password |
+-----------+----------------------------------+
9 rows in set (0.00 sec)
mysql> select * from user_roles;
+-----------+----------------+
| user_name | role_name |
+-----------+----------------+
| bruno | utilisateur |
| essai | utilisateur |
| franck | utilisateur |
| guillaume | administrateur |
| julien | utilisateur |
| laurent | administrateur |
| noel | utilisateur |
| tomcat | utilisateur |
| virginie | utilisateur |
+-----------+----------------+
9 rows in set (0.00 sec)
</code>
web.xml
<code>
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<security-constraint>
<display-name>Securite sous Tomcat</display-name>
<web-resource-collection>
<web-resource-name>Ressources protegees</web-resource-name>
<url-pattern>/Documentation/*</url-pattern>
<url-pattern>/Download/*</url-pattern>
<url-pattern>/FichierTest/*</url-pattern>
<url-pattern>/META-INF/*</url-pattern>
<url-pattern>/Statistiques/*</url-pattern>
<url-pattern>/Upload/*</url-pattern>
<url-pattern>/WEB-INF/*</url-pattern>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrateur</role-name>
<role-name>utilisateur</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>administrateur</role-name>
<description>administrateur application</description>
</security-role>
<security-role>
<role-name>utilisateur</role-name>
<description>Utilisateur application</description>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Securite/login.jsp</form-login-page>
<form-error-page>/Securite/erreur.jsp</form-error-page>
</form-login-config>
<realm-name>Authentification pour Tomcat</realm-name>
</login-config>
</web-app>
</code>
catalina.log
<code>
11 juin 2009 08:16:12 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
11 juin 2009 08:16:12 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
11 juin 2009 08:16:12 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8080
11 juin 2009 08:16:12 org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
11 juin 2009 08:16:12 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 808 ms
11 juin 2009 08:16:12 org.apache.catalina.core.StandardService start
INFO: Démarrage du service Catalina
11 juin 2009 08:16:12 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
11 juin 2009 08:16:12 org.apache.catalina.startup.HostConfig deployDescriptor
ATTENTION: A docBase C:\Program Files\Apache Software
Foundation\Tomcat 6.0\webapps\${app.name} inside the host appBase has
been specified, and will be ignored
11 juin 2009 08:16:13 org.apache.catalina.startup.HostConfig deployWAR
INFO: Déploiement de l'archive JavaBridgeTemplate5442.war de l'application web
11 juin 2009 08:16:13 org.apache.coyote.http11.Http11AprProtocol start
INFO: Démarrage de Coyote HTTP/1.1 sur http-8080
11 juin 2009 08:16:13 org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
11 juin 2009 08:16:13 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1125 ms
</code>
localhost.log
<code>
11 juin 2009 08:16:13 org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
11 juin 2009 08:16:13 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
11 juin 2009 08:16:52 org.apache.catalina.realm.DataSourceRealm open
GRAVE: Exception performing authentication
javax.naming.NameNotFoundException: Le Nom jdbc n'est pas lié à ce Contexte
at org.apache.naming.NamingContext.lookup(NamingContext.java:770)
at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
at org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:403)
at org.apache.catalina.realm.DataSourceRealm.authenticate(DataSourceRealm.java:284)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:427)
at org.apache.coyote.ajp.AjpAprProtocol$AjpConnectionHandler.process(AjpAprProtocol.java:384)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1527)
at java.lang.Thread.run(Unknown Source)
</code>
Windows XP SP3
Tomcat 6.0.16
MySQL 5.0.45
I had used the same configuration files with a distant database
instead of a local one and of course different IP adress... There
isn't any error in the log files beside the 403 error.
Thanks in advance for any reply
Guillaume
geamauve@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm and Datasource configuration in Context
Posted by Guillaume M <ge...@gmail.com>.
I had come around the problem by reinstalling everything included Vista. I
hadn't found out where the problem came from but now I can use my webapp. My
only guess is there was some troubles with the network because I already had
to reset it for avoiding white pages...
Thanks everyone for your help!
Guillaume.
2009/6/11, Guillaume M <ge...@gmail.com>:
>
> Hi Chuck,
>
> Yes I had only put the mysql jar in the tomcat's lib directory. I had
> just tried to add mySQL character encoding (UTF-8) on the url value. I
>
> still have the same problem...
>
>
> Thank you.
>
>
> 2009/6/11, Caldarale, Charles R <Ch...@unisys.com>:
>
> >> From: Guillaume M [mailto:geamauve@gmail.com]
> >> Subject: Re: Realm and Datasource configuration in Context
> >>
> >> And I had put the mysql in the $CATALINA_BASE/lib directory.
> >
> > Is the MySQL jar in *only* Tomcat's lib directory? If it's also in your
> > webapp's WEB-INF/lib, that can cause classloader conflicts and possibly
> the
> > symptom you're seeing.
> >
> > - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> > MATERIAL and is thus for use only by the intended recipient. If you
> received
> > this in error, please contact the sender and delete the e-mail and its
> > attachments from all computers.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
Re: Realm and Datasource configuration in Context
Posted by Guillaume M <ge...@gmail.com>.
Hi Chuck,
Yes I had only put the mysql jar in the tomcat's lib directory. I had
just tried to add mySQL character encoding (UTF-8) on the url value. I
still have the same problem...
Thank you.
2009/6/11, Caldarale, Charles R <Ch...@unisys.com>:
>> From: Guillaume M [mailto:geamauve@gmail.com]
>> Subject: Re: Realm and Datasource configuration in Context
>>
>> And I had put the mysql in the $CATALINA_BASE/lib directory.
>
> Is the MySQL jar in *only* Tomcat's lib directory? If it's also in your
> webapp's WEB-INF/lib, that can cause classloader conflicts and possibly the
> symptom you're seeing.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Realm and Datasource configuration in Context
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Guillaume M [mailto:geamauve@gmail.com]
> Subject: Re: Realm and Datasource configuration in Context
>
> And I had put the mysql in the $CATALINA_BASE/lib directory.
Is the MySQL jar in *only* Tomcat's lib directory? If it's also in your webapp's WEB-INF/lib, that can cause classloader conflicts and possibly the symptom you're seeing.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm and Datasource configuration in Context
Posted by Guillaume M <ge...@gmail.com>.
Hi Chris,
Yes there is a lot of connections which can be very slow. I had been
asked to do a complex sorting program on a web server. I wouldn't have
use a web server especially knowing we can have above 100 sorts in a
row but it's easier to update...
I had used all I knew about Java to make it fast enough meaning
prepared statements and threads because it lasted several days, and
now I'm down to some hours for usual databases... I have to clean
MySQL about once every five months to avoid overloading...
There isn't any other line in the log files.
And I had put the mysql in the $CATALINA_BASE/lib directory.
Thank you for your time,
Guillaume.
2009/6/11, Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Guillaume,
>
> On 6/11/2009 5:48 AM, Guillaume M wrote:
>> On my Vista version, I have the error "the name jdbc isn't bound to
>> the context".
>
> Sounds like your JNDI name is not correct.
>
>> <Resource name="jdbc/authen"
>
> This is correct.
>
>> maxIdle="6000"
>> maxWait="1000"
>> maxActive="20000"
>
> This is a LOT of connections. Are you sure you need 20000 database
> connections? Are you sure MySQL will allow that many to connect?
>
>> validationQuery="Select 1"
>
> Try: "/* PING */ SELECT 1" -- you'll get better performance.
>
>> removeAbandonnedTimeout="1000000"
>
> 1000 minutes? That's an awfully long time to consider a connection
> abandoned. Do you have ridiculously-long-running queries? If not,
> consider dropping this value to something more reasonable like 5 minutes.
>
>> dataSourceName="jdbc/authen"
>
> This is also correct.
>
>> localDataSource="true"
>
> Excellent: you have read the documentation!
>
>> autoReconnect="true"
>
> I don't believe this has any effect.
>
>> GRAVE: Exception performing authentication
>> javax.naming.NameNotFoundException: Le Nom jdbc n'est pas lié à ce
>> Contexte
>> at org.apache.naming.NamingContext.lookup(NamingContext.java:770)
>> at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
>> at
>> org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:403)
>> at
>> org.apache.catalina.realm.DataSourceRealm.authenticate(DataSourceRealm.java:284)
>
> Okay, so the DataSourceRealm is failing to pick-up the DataSource.
>
>> INFO: Starting Coyote AJP/1.3 on ajp-8009
>> 11 juin 2009 08:16:13 org.apache.catalina.startup.Catalina start
>> INFO: Server startup in 1125 ms
>> </code>
>
> Is there anything in catalina.out after these lines? How about after the
> error (other than the exception itself)?
>
> Where do you have your mysql-connector.jar file located? In order for
> Tomcat to create this DataSource for you, you need to have it located in
> $CATALINA_BASE/lib. It won't work if you have it in your webapp's
> WEB-INF/lib directory.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkoxLjcACgkQ9CaO5/Lv0PBqWQCfUuYk0KL4sUMFUcx5vRN5h1pE
> B20AoMBmj1xJYzhMJoocAK87IdqMS0aL
> =Ze9m
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm and Datasource configuration in Context
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guillaume,
On 6/11/2009 5:48 AM, Guillaume M wrote:
> On my Vista version, I have the error "the name jdbc isn't bound to
> the context".
Sounds like your JNDI name is not correct.
> <Resource name="jdbc/authen"
This is correct.
> maxIdle="6000"
> maxWait="1000"
> maxActive="20000"
This is a LOT of connections. Are you sure you need 20000 database
connections? Are you sure MySQL will allow that many to connect?
> validationQuery="Select 1"
Try: "/* PING */ SELECT 1" -- you'll get better performance.
> removeAbandonnedTimeout="1000000"
1000 minutes? That's an awfully long time to consider a connection
abandoned. Do you have ridiculously-long-running queries? If not,
consider dropping this value to something more reasonable like 5 minutes.
> dataSourceName="jdbc/authen"
This is also correct.
> localDataSource="true"
Excellent: you have read the documentation!
> autoReconnect="true"
I don't believe this has any effect.
> GRAVE: Exception performing authentication
> javax.naming.NameNotFoundException: Le Nom jdbc n'est pas lié à ce Contexte
> at org.apache.naming.NamingContext.lookup(NamingContext.java:770)
> at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
> at org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:403)
> at org.apache.catalina.realm.DataSourceRealm.authenticate(DataSourceRealm.java:284)
Okay, so the DataSourceRealm is failing to pick-up the DataSource.
> INFO: Starting Coyote AJP/1.3 on ajp-8009
> 11 juin 2009 08:16:13 org.apache.catalina.startup.Catalina start
> INFO: Server startup in 1125 ms
> </code>
Is there anything in catalina.out after these lines? How about after the
error (other than the exception itself)?
Where do you have your mysql-connector.jar file located? In order for
Tomcat to create this DataSource for you, you need to have it located in
$CATALINA_BASE/lib. It won't work if you have it in your webapp's
WEB-INF/lib directory.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkoxLjcACgkQ9CaO5/Lv0PBqWQCfUuYk0KL4sUMFUcx5vRN5h1pE
B20AoMBmj1xJYzhMJoocAK87IdqMS0aL
=Ze9m
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm and Datasource configuration in Context
Posted by Guillaume M <ge...@gmail.com>.
I had tried again with the realm off and I can use the database
through the datasource in my vista version but on my XP version I have
the message jdbc not bound to this context.
2009/6/11, Guillaume M <ge...@gmail.com>:
> My context.xml file is in my webapp's META-INF directory and my
> web.xml is in my webapp's WEB-INF directory. There isn't any change in
> the results after those corrections.
>
> This webapp worked fine enough for some years on my laptop, saddly it
> had broken down recently and I don't remember the exact configuration
> it had. I had to reinstall everything from the webapp I saved on USB
> key.
>
> Thank you for your help.
>
> Guillaume.
>
> 2009/6/11, Caldarale, Charles R <Ch...@unisys.com>:
>>> From: Guillaume M [mailto:geamauve@gmail.com]
>>> Subject: Realm and Datasource configuration in Context
>>>
>>> context.xml
>>
>> Let's get this sorted first. Where is your context.xml file located? It
>> should be in your webapp's META-INF directory.
>>
>>> <Context docBase="${app.name}" path="/CQC" privileged="true"
>>
>> You must not use the docBase or path attributes in a <Context> element,
>> unless the element is declared in server.xml, which you should never do
>> on
>> any recent version of Tomcat.
>>
>> Answer the above question, fix your <Context> element, try again, and let
>> us
>> know what happens.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received
>> this in error, please contact the sender and delete the e-mail and its
>> attachments from all computers.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm and Datasource configuration in Context
Posted by Guillaume M <ge...@gmail.com>.
My context.xml file is in my webapp's META-INF directory and my
web.xml is in my webapp's WEB-INF directory. There isn't any change in
the results after those corrections.
This webapp worked fine enough for some years on my laptop, saddly it
had broken down recently and I don't remember the exact configuration
it had. I had to reinstall everything from the webapp I saved on USB
key.
Thank you for your help.
Guillaume.
2009/6/11, Caldarale, Charles R <Ch...@unisys.com>:
>> From: Guillaume M [mailto:geamauve@gmail.com]
>> Subject: Realm and Datasource configuration in Context
>>
>> context.xml
>
> Let's get this sorted first. Where is your context.xml file located? It
> should be in your webapp's META-INF directory.
>
>> <Context docBase="${app.name}" path="/CQC" privileged="true"
>
> You must not use the docBase or path attributes in a <Context> element,
> unless the element is declared in server.xml, which you should never do on
> any recent version of Tomcat.
>
> Answer the above question, fix your <Context> element, try again, and let us
> know what happens.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Realm and Datasource configuration in Context
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Guillaume M [mailto:geamauve@gmail.com]
> Subject: Realm and Datasource configuration in Context
>
> context.xml
Let's get this sorted first. Where is your context.xml file located? It should be in your webapp's META-INF directory.
> <Context docBase="${app.name}" path="/CQC" privileged="true"
You must not use the docBase or path attributes in a <Context> element, unless the element is declared in server.xml, which you should never do on any recent version of Tomcat.
Answer the above question, fix your <Context> element, try again, and let us know what happens.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org