You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by vramanaj <vr...@gmail.com> on 2009/12/31 12:24:40 UTC
Multiple UserDatabases
We have an application running on Tomcat6 uses the below resource defined in
server.xml.
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase" description="User database that can
be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
We have added a new resource as below in server.xml and commented the
existing resource tag.
<Resource name="jdbc/SsoDs" auth="Container" type="javax.sql.DataSource"
description="SSO DataSource" username="josso182"
password="josso182" driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@md1npddev10:1521:jdaj"
factory="org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory" maxActive="8"
maxIdle="4"/>
The Josso application using the above data source is working fine. But we
have a security constraint defined in web.xml for some pages with in our
application as below.
<security-constraint>
<web-resource-collection>
<web-resource-name>Technical Website</web-resource-name>
<url-pattern>/technical/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>@APPNAME@ WebUI</realm-name>
</login-config>
To make this work, i added the existing resource tag in the applications
context file in
conf/Catalina/localhost as below:
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="/usr2/tomcat/hmtosys760u/webapps/mto">
<Resource auth="Container" description="User database that can be updated
and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase" pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase"/>
</Context>
It is not working. When try to access the application with the pages having
url-pattern '/technical/*', getting the error "HTTP Status 403 - Access to
the requested resource has been denied".
Please let me know if there is any way to resolve this issue.
--
View this message in context: http://old.nabble.com/Multiple-UserDatabases-tp26977405p26977405.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by vramanaj <vr...@gmail.com>.
Issue still not resolved. Is there any way to club both the Data Sources(one
is tomcat.xml & another josso data source) ?
markt-2 wrote:
>
> On 04/01/2010 11:39, vramanaj wrote:
>>
>> Can you elobrate the second option ?
>
> http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
>
>>
>>
>> markt-2 wrote:
>>>
>>> On 04/01/2010 11:14, vramanaj wrote:
>>>>> http://old.nabble.com/file/p27011540/server.xml server.xml
>>>>> http://old.nabble.com/file/p27011540/app-context.xml.txt
>>>>> app-context.xml.txt
>>>>>
>>>>
>>>> And the content in context file using josso as below
>>>> <Context>
>>>> <ResourceLink global="jdbc/SsoDs" name="jdbc/SsoDS"
>>>> type="javax.sql.DataSource"/>
>>>> </Context>
>>>
>>> From a Tomcat perspective everything looks OK.
>>>
>>> I think the issue is that the JOSSO valve is going to apply to the
>>> context you want to use the UserDatabaseRealm for as well.
>>>
>>> I don't know JOSSO but I think you have two options:
>>> - Move the users & roles defined in tomcat-users.xml to JOSSO and use
>>> JOSSO for everything.
>>> - Use a separate virtual host for apps that shouldn't use JSSO
>>>
>>> Mark
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Multiple-UserDatabases-tp26977405p27623330.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by Mark Thomas <ma...@apache.org>.
On 04/01/2010 11:39, vramanaj wrote:
>
> Can you elobrate the second option ?
http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
>
>
> markt-2 wrote:
>>
>> On 04/01/2010 11:14, vramanaj wrote:
>>>> http://old.nabble.com/file/p27011540/server.xml server.xml
>>>> http://old.nabble.com/file/p27011540/app-context.xml.txt
>>>> app-context.xml.txt
>>>>
>>>
>>> And the content in context file using josso as below
>>> <Context>
>>> <ResourceLink global="jdbc/SsoDs" name="jdbc/SsoDS"
>>> type="javax.sql.DataSource"/>
>>> </Context>
>>
>> From a Tomcat perspective everything looks OK.
>>
>> I think the issue is that the JOSSO valve is going to apply to the
>> context you want to use the UserDatabaseRealm for as well.
>>
>> I don't know JOSSO but I think you have two options:
>> - Move the users & roles defined in tomcat-users.xml to JOSSO and use
>> JOSSO for everything.
>> - Use a separate virtual host for apps that shouldn't use JSSO
>>
>> Mark
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by vramanaj <vr...@gmail.com>.
Can you elobrate the second option ?
markt-2 wrote:
>
> On 04/01/2010 11:14, vramanaj wrote:
>>> http://old.nabble.com/file/p27011540/server.xml server.xml
>>> http://old.nabble.com/file/p27011540/app-context.xml.txt
>>> app-context.xml.txt
>>>
>>
>> And the content in context file using josso as below
>> <Context>
>> <ResourceLink global="jdbc/SsoDs" name="jdbc/SsoDS"
>> type="javax.sql.DataSource"/>
>> </Context>
>
> From a Tomcat perspective everything looks OK.
>
> I think the issue is that the JOSSO valve is going to apply to the
> context you want to use the UserDatabaseRealm for as well.
>
> I don't know JOSSO but I think you have two options:
> - Move the users & roles defined in tomcat-users.xml to JOSSO and use
> JOSSO for everything.
> - Use a separate virtual host for apps that shouldn't use JSSO
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Multiple-UserDatabases-tp26977405p27011807.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by Mark Thomas <ma...@apache.org>.
On 04/01/2010 11:14, vramanaj wrote:
>> http://old.nabble.com/file/p27011540/server.xml server.xml
>> http://old.nabble.com/file/p27011540/app-context.xml.txt
>> app-context.xml.txt
>>
>
> And the content in context file using josso as below
> <Context>
> <ResourceLink global="jdbc/SsoDs" name="jdbc/SsoDS"
> type="javax.sql.DataSource"/>
> </Context>
>From a Tomcat perspective everything looks OK.
I think the issue is that the JOSSO valve is going to apply to the
context you want to use the UserDatabaseRealm for as well.
I don't know JOSSO but I think you have two options:
- Move the users & roles defined in tomcat-users.xml to JOSSO and use
JOSSO for everything.
- Use a separate virtual host for apps that shouldn't use JSSO
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by vramanaj <vr...@gmail.com>.
vramanaj wrote:
>
> http://old.nabble.com/file/p27011540/server.xml server.xml
> http://old.nabble.com/file/p27011540/app-context.xml.txt
> app-context.xml.txt
>
And the content in context file using josso as below
<Context>
<ResourceLink global="jdbc/SsoDs" name="jdbc/SsoDS"
type="javax.sql.DataSource"/>
</Context>
--
View this message in context: http://old.nabble.com/Multiple-UserDatabases-tp26977405p27011561.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by vramanaj <vr...@gmail.com>.
http://old.nabble.com/file/p27011540/server.xml server.xml
http://old.nabble.com/file/p27011540/app-context.xml.txt app-context.xml.txt
--
View this message in context: http://old.nabble.com/Multiple-UserDatabases-tp26977405p27011540.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by Mark Thomas <ma...@apache.org>.
On 31/12/2009 12:10, vramanaj wrote:
>
> By doing so, Josso configured application is not working now. It could n't
> able to recognize the cookie it has set earlier.
> http://old.nabble.com/file/p26977591/tomcat.log tomcat.log
>
> Throwing Error error:
> java.lang.RuntimeException: Outbound relaying failed. No Principal found.
> Verify your SSO Agent Configuration!
> org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:532)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
> java.lang.Thread.run(Thread.java:619)
>
>
> Context:
> <?xml version="1.0" encoding="UTF-8"?>
> <Context docBase="/usr2/tomcat/hmtosys760u/webapps/mto">
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> </Context>
Please provide the server.xml (comments removed) and the context.xml
file, if any, for the app using josso and the app using the
UserDatabaseRealm.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by vramanaj <vr...@gmail.com>.
By doing so, Josso configured application is not working now. It could n't
able to recognize the cookie it has set earlier.
http://old.nabble.com/file/p26977591/tomcat.log tomcat.log
Throwing Error error:
java.lang.RuntimeException: Outbound relaying failed. No Principal found.
Verify your SSO Agent Configuration!
org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:532)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
java.lang.Thread.run(Thread.java:619)
Context:
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="/usr2/tomcat/hmtosys760u/webapps/mto">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Context>
Please find the attached tomcat log file.
--
View this message in context: http://old.nabble.com/Multiple-UserDatabases-tp26977405p26977591.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple UserDatabases
Posted by Mark Thomas <ma...@apache.org>.
On 31/12/2009 11:24, vramanaj wrote:
> Please let me know if there is any way to resolve this issue.
Leave both resource definitions in server.xml.
It is the Realm you need to move to context.xml
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org