You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Elliott Murray <el...@greencathedral.com> on 2006/11/21 17:27:30 UTC

tomcat 5.5 multiple contexts using same realm bug?

Hi,
 
I am trying to set up multiple contexts in Tomcat 5.5 but have a problem in logging in. I have them both up and running. They both use realms for login functionality. I wanted to originally use my own custom data source realm (limitations in the use of the Catalina one) This was working fine for App A but as soon as I put up App B using the same code but a different configuration (different tables, jdbc connections etc) I had some strange results. I would get the login page for App A turning up in App B and vice versa on what seemed random conditions. Login would only work on one App at a time in best case scenario. I then regressed back to using the DataSourceRealm but have the same results. If I use one of each it seems to work in that the correct login pages appear and I can log into one of the sites (though due to my sql requirements can only actually log into one app as the DataSourceRealm isn't quite flexible enough for either of my apps) 
 
Help! Is this a bug? I think my config is all correct - all in the correct context files/tags and as I say stand alone they work. If I hazarded a guess I reckon because the realm code is in server lib under tomcat only one instance of the realm is loaded in a parent classloader and sharing its state across multiple apps which is really bad and I'd even go so far to say this has serious potential security issues depending on your environment. It also negates a great potential feature of having realm embedded into context. I could go to using JAAS but would rather not as its a rewrite of something that's been working just fine for a while now.
 
Some (edited) sample config below in case someone believes this is wrong. As I say I am pretty sure this is a bug but cannot believe I am the first person to want to do this?
 
 
<Context
    docBase="C:/webapps/app1"
    reloadable="true"
    workDir="C:\Java\Tomcat5.5\work">    
  
  <Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
        dataSourceName="jdbc/App1MySQLDB"
           userTable="member" userNameCol="email" userCredCol="password"
      userRoleTable="schemes" roleNameCol="name"/>
  
  <Resource
    auth="Container"
    name="jdbc/App1MySQLDB"
    type="javax.sql.DataSource"
    password="xxx"
    driverClassName="com.mysql.jdbc.Driver"
    maxIdle="5"
    maxWait="10000"
    removeAbandoned="true"
    logAbandoned="true"
    username="user"
    url="jdbc:mysql://a-url"
    removeAbandonedTimeout="60"
    factory="org.apache.commons.dbcp.BasicDataSourceFactory"
    maxActive="20"/>
</Context>
 
Repeat for App2 with its own data source (and db/config etc)
 
Should this go to dev mailing list? Or logged as a bug?
 
Thanks
Elliott Murray


Elliott Murray
Technical Architect


 Green Cathedral <http://www.greencathedral.com/images/gc-logo.gif> Green Cathedral



The Old Granary
Westwick
Cambridge
CB4 5AR

elliott.murray@greencathedral.com <mailto: elliott.murray@greencathedral.com> 
m. +44 (C)B243 AR

t. +44 (0)1223 266700
f. +44 (0)1223 266701
www.greencathedral.com <http://www.greencathedral.com/>

Re: tomcat 5.5 multiple contexts using same realm bug?

Posted by olivier nouguier <ol...@gmail.com>.

In the web.xml, is the "realm-name" is different ?
BASIC | FORM Auth

On 11/21/06, Elliott Murray <el...@greencathedral.com> wrote:
>
> Hi,
>
> I am trying to set up multiple contexts in Tomcat 5.5 but have a problem
> in logging in. I have them both up and running. They both use realms for
> login functionality. I wanted to originally use my own custom data source
> realm (limitations in the use of the Catalina one) This was working fine for
> App A but as soon as I put up App B using the same code but a different
> configuration (different tables, jdbc connections etc) I had some strange
> results. I would get the login page for App A turning up in App B and vice
> versa on what seemed random conditions. Login would only work on one App at
> a time in best case scenario. I then regressed back to using the
> DataSourceRealm but have the same results. If I use one of each it seems to
> work in that the correct login pages appear and I can log into one of the
> sites (though due to my sql requirements can only actually log into one app
> as the DataSourceRealm isn't quite flexible enough for either of my apps)
>
> Help! Is this a bug? I think my config is all correct - all in the correct
> context files/tags and as I say stand alone they work. If I hazarded a guess
> I reckon because the realm code is in server lib under tomcat only one
> instance of the realm is loaded in a parent classloader and sharing its
> state across multiple apps which is really bad and I'd even go so far to say
> this has serious potential security issues depending on your environment. It
> also negates a great potential feature of having realm embedded into
> context. I could go to using JAAS but would rather not as its a rewrite of
> something that's been working just fine for a while now.
>
> Some (edited) sample config below in case someone believes this is wrong.
> As I say I am pretty sure this is a bug but cannot believe I am the first
> person to want to do this?
>
>
> <Context
>     docBase="C:/webapps/app1"
>     reloadable="true"
>     workDir="C:\Java\Tomcat5.5\work">
>
>   <Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
>         dataSourceName="jdbc/App1MySQLDB"
>            userTable="member" userNameCol="email" userCredCol="password"
>       userRoleTable="schemes" roleNameCol="name"/>
>
>   <Resource
>     auth="Container"
>     name="jdbc/App1MySQLDB"
>     type="javax.sql.DataSource"
>     password="xxx"
>     driverClassName="com.mysql.jdbc.Driver"
>     maxIdle="5"
>     maxWait="10000"
>     removeAbandoned="true"
>     logAbandoned="true"
>     username="user"
>     url="jdbc:mysql://a-url"
>     removeAbandonedTimeout="60"
>     factory="org.apache.commons.dbcp.BasicDataSourceFactory"
>     maxActive="20"/>
> </Context>
>
> Repeat for App2 with its own data source (and db/config etc)
>
> Should this go to dev mailing list? Or logged as a bug?
>
> Thanks
> Elliott Murray
>
>
> Elliott Murray
> Technical Architect
>
>
> Green Cathedral <http://www.greencathedral.com/images/gc-logo.gif> Green
> Cathedral
>
>
>
> The Old Granary
> Westwick
> Cambridge
> CB4 5AR
>
> elliott.murray@greencathedral.com <mailto:
> elliott.murray@greencathedral.com>
> m. +44 (C)B243 AR
>
> t. +44 (0)1223 266700
> f. +44 (0)1223 266701
> www.greencathedral.com <http://www.greencathedral.com/>
>
>
>
>
>


-- 
"Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie
et toi dans les pleurs.
Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs
et toi dans la joie."