You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mark Hoebeke <ma...@sb-roscoff.fr> on 2011/05/02 18:11:41 UTC

Configuring a context specific JNDI/JDBC Realm

Hello,

after Googling a lot across Tomcat docs and mailing lists, and finding
no answer to my problem I decided to give it a try on the mailing list.

So, I'm using Tomcat 6.0.26 and I'm developing an application relying on
a Realm to authenticate users. The Realm is a DataSourceRealm pointing
to a JNDI Resource declared in the ${catalina.home}/conf/context.xml as
follows :

<Resource name="jdbc/mydb"
	auth="Container"
	type="javax.sql.DataSource"
	driverClassName="org.postgresql.Driver"
	url="jdbc:postgresql://dbhost:5437/dbname"
	username="dbuser" password="dbpasswd"/>

This declaration is fully functional as the same application relies on
it for non-authentication related uses that actually work.

I've tried putting the Realm declaration in the META-INF/context.xml
file of my application, as follows :


<Context path="/myapp">

	<Realm className="org.apache.catalina.realm.DataSourceRealm"
auth="Container" debug="99" dataSourceName="jdbc/mydb" userTable="users"
userRoleTable="roles" userNameCol="name" userCredCol="password"
roleNameCol="role" digest="SHA-1" />


</Context>

(As I'm (re)deploying the app quite frequently I cannot put this
declaration in the ${catalina.home}/conf/server.xml file, if I'm right).

Whenever I try to access the part of the app needing authentication, and
submit the login form, the request gets denied, and a log entry gets
generated. The latter states that de name jdbc is not bound :

SEVERE: Exception performing authentication
javax.naming.NameNotFoundException: Name jdbc is not bound in this Context

So it's not an issue of wrong login/password credentials.

I tried to add a ResourceLink entry to the context.xml file, to no
avail. Needless to say, I don't want to declare the Resource itself in
the context.xml, as its connection parameters are the responsibility of
the Tomcat admin and not of the developers.

So if anyone could give me some pointers as to how to declare a
JNDI-based context specific Realm, outside of the server.xml file, it
would be of great help.

Many thanks.

Mark

Re: Configuring a context specific JNDI/JDBC Realm

Posted by Mark Hoebeke <ma...@sb-roscoff.fr>.

Thank you for your quick reply. I made the changes you suggested (and
had to re-read some configuration HOWTOs) and the application behaves as
expected.

Thanks again.

Mark


Le 02/05/2011 18:22, Mark Thomas a écrit :
> On 02/05/2011 17:11, Mark Hoebeke wrote:
>> So, I'm using Tomcat 6.0.26 and I'm developing an application relying on
>> a Realm to authenticate users. The Realm is a DataSourceRealm pointing
>> to a JNDI Resource declared in the ${catalina.home}/conf/context.xml as
>> follows :
> 
> You almost certainly don't want to do that. Entries in that file provide
> defaults for *every* web application. You have just exposed this
> datasource to every context on the Tomcat instance.
> 
>> <Resource name="jdbc/mydb"
>> 	auth="Container"
>> 	type="javax.sql.DataSource"
>> 	driverClassName="org.postgresql.Driver"
>> 	url="jdbc:postgresql://dbhost:5437/dbname"
>> 	username="dbuser" password="dbpasswd"/>
>>
>> This declaration is fully functional as the same application relies on
>> it for non-authentication related uses that actually work.
>>
>> I've tried putting the Realm declaration in the META-INF/context.xml
>> file of my application, as follows :
>>
>>
>> <Context path="/myapp">
>>
>> 	<Realm className="org.apache.catalina.realm.DataSourceRealm"
>> auth="Container" debug="99" dataSourceName="jdbc/mydb" userTable="users"
>> userRoleTable="roles" userNameCol="name" userCredCol="password"
>> roleNameCol="role" digest="SHA-1" />
>>
>>
>> </Context>
>>
>> (As I'm (re)deploying the app quite frequently I cannot put this
>> declaration in the ${catalina.home}/conf/server.xml file, if I'm right).
> 
> Wrong. There is nothing stopping you defining the resource in
> server.xml. The following changes should fix this:
> - move the resource definition to server.xml (under GlobalResources)
> - add a resource link to META-INF/context.xml that is included with the WAR
> - leave the Realm in META-INF/context.xml
> 
> If you do decide to more the Resource definition to META-INF/context.xml
> rather than server.xml then you'll need to add the
> localDataSource="true" the the Realm definition.
> 
> Mark
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

Re: Configuring a context specific JNDI/JDBC Realm

Posted by Mark Thomas <ma...@apache.org>.

On 02/05/2011 17:11, Mark Hoebeke wrote:
> So, I'm using Tomcat 6.0.26 and I'm developing an application relying on
> a Realm to authenticate users. The Realm is a DataSourceRealm pointing
> to a JNDI Resource declared in the ${catalina.home}/conf/context.xml as
> follows :

You almost certainly don't want to do that. Entries in that file provide
defaults for *every* web application. You have just exposed this
datasource to every context on the Tomcat instance.

> <Resource name="jdbc/mydb"
> 	auth="Container"
> 	type="javax.sql.DataSource"
> 	driverClassName="org.postgresql.Driver"
> 	url="jdbc:postgresql://dbhost:5437/dbname"
> 	username="dbuser" password="dbpasswd"/>
> 
> This declaration is fully functional as the same application relies on
> it for non-authentication related uses that actually work.
> 
> I've tried putting the Realm declaration in the META-INF/context.xml
> file of my application, as follows :
> 
> 
> <Context path="/myapp">
> 
> 	<Realm className="org.apache.catalina.realm.DataSourceRealm"
> auth="Container" debug="99" dataSourceName="jdbc/mydb" userTable="users"
> userRoleTable="roles" userNameCol="name" userCredCol="password"
> roleNameCol="role" digest="SHA-1" />
> 
> 
> </Context>
> 
> (As I'm (re)deploying the app quite frequently I cannot put this
> declaration in the ${catalina.home}/conf/server.xml file, if I'm right).

Wrong. There is nothing stopping you defining the resource in
server.xml. The following changes should fix this:
- move the resource definition to server.xml (under GlobalResources)
- add a resource link to META-INF/context.xml that is included with the WAR
- leave the Realm in META-INF/context.xml

If you do decide to more the Resource definition to META-INF/context.xml
rather than server.xml then you'll need to add the
localDataSource="true" the the Realm definition.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org