You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christian Hargraves <ch...@webmiles.com> on 2001/04/25 17:17:33 UTC
JDBCRealm Question
I have read the JDBCRealm.howto file, but I still have a few questions.
in the application's web.xml file there is a login-config tag.
1) What do I set the login-config tag in the web.xml file to so that it will
use JDBCRealm?
2) We have encrypted passwords. How would we configure JDBCRealm to
handle them?
3) What session object does JDBCRealm create and what is the name of session
object it creates once authenticated.
4) Is there an example app out there that uses an HTML form to handle the
authentication?
Thanks so much for all of your time
Christian
Re: JDBCRealm Question
Posted by "Peter B. West" <pb...@powerup.com.au>.
Christian Hargraves wrote:
>
> I have read the JDBCRealm.howto file, but I still have a few questions.
......
> 2) We have encrypted passwords. How would we configure JDBCRealm to
> handle them?
I tinkered with this on my redhat 7.0 box with tomcat 3.3M2 and
postgresql 7.1. The static method mentioned in the HOWTO is not
`Digest' but `digest' (thank you jikes). I have not verified that the
digested passwords work, because a) tomcat 3.3M3 fails for me
immediately aftetr authentication anyway, and b) there is no mention of
`Digest' as an attribute of ContextInterceptor in server.dtd, and I
suspect that the correct name for the attribute is `digest', as with the
metehod. I have not bothered to get the code to check this.
Peter
--
Peter B. West pbwest@powerup.com.au http://powerup.com.au/~pbwest
"Lord, to whom shall we go?"
Re: JDBCRealm Question
Posted by Jeff Kilbride <je...@kilbride.com>.
Hi Christian,
Here's an example of my login-config setup to use HTML forms:
------------------------
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Private Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
------------------------
With this setup, all attempts to access docs in my protected area get
redirected to /login/login.jsp. All login errors go to /login/error.jsp.
I'm not sure about encrypted passwords. You may have to take a look at the
class that implements the JDBCRealm and do some customization -- encrypt the
password before the call is made to the DB. I'm also not sure what session
object it creates.
There's a simple example in the examples.war package that comes with the
distribution. If you have the examples package in your TOMCAT_HOME/webapps
directory, the path to the example is /webapps/examples/jsp/security. The
web.xml entries are in /webapps/examples/WEB-INF/web.xml.
Thanks,
--jeff
----- Original Message -----
From: "Christian Hargraves" <ch...@webmiles.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, April 25, 2001 8:17 AM
Subject: JDBCRealm Question
> I have read the JDBCRealm.howto file, but I still have a few questions.
>
> in the application's web.xml file there is a login-config tag.
>
> 1) What do I set the login-config tag in the web.xml file to so that it
will
> use JDBCRealm?
> 2) We have encrypted passwords. How would we configure JDBCRealm to
> handle them?
> 3) What session object does JDBCRealm create and what is the name of
session
> object it creates once authenticated.
> 4) Is there an example app out there that uses an HTML form to handle the
> authentication?
>
> Thanks so much for all of your time
>
> Christian
>