You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by LERBSCHER Jean-Pierre <je...@cofiroute.fr> on 2005/02/10 18:11:24 UTC
RE : RE : RE : Security Newbie - Need Help
Sorry, i understand what you mean.
Your role table seems ok.
-----Message d'origine-----
De : LERBSCHER Jean-Pierre [mailto:jean-pierre.lerbscher@cofiroute.fr]
Envoyé : jeudi 10 février 2005 17:40
À : 'Tomcat Users List'
Objet : RE : RE : Security Newbie - Need Help
-----Message d'origine-----
De : luke@lukeshannon.com [mailto:luke@lukeshannon.com]
Envoyé : jeudi 10 février 2005 16:57
À : Tomcat Users List
Objet : Re: RE : Security Newbie - Need Help
Where would the <security-role> be declared? WEB-INF/web.xml?
Yes
The tables I have are roles, user_roles and users. When you say wrong role
table which of the tables I have should be renamed?
select * from roles;
...
<realm ... userRoleTable="user_roles
Thanks for you help,
Luke
> It seems that you have a wrong role table (roles or user_roles).
> Have you declare <security-role> element ?
>
> -----Message d'origine-----
> De : Luke [mailto:luke@lukeshannon.com]
> Envoyé : jeudi 10 février 2005 16:02
> À : Tomcat Users List
> Objet : Re: Security Newbie - Need Help
>
> Hi;
>
> Here is the roles table:
>
> mysql> select * from roles;
> +-----------+
> | role_name |
> +-----------+
> | admin |
> +-----------+
> 1 row in set (0.02 sec)
>
> I noticed I did have a mistake in the realm declaration in my server.xml.
> I
> had the wrong user table name. That is fixed this but still have the
> problem:
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.gjt.mm.mysql.Driver"
>
>
connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas
> sword"
> userTable="users" userNameCol="user_name"
> userCredCol="user_pass" userRoleTable="user_roles"
> roleNameCol="role_name" />
>
> I also changed my security declaration to have a realm-name in the login
> config:
>
> <!-- security -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>fw</web-resource-name>
> <url-pattern>*.do</url-pattern>
> <http-method>POST</http-method>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>fw</realm-name>
> </login-config>
> </security-constraint>
>
> The error is (which appears without a login window first allowing me to
> authenticate):
>
>
> HTTP Status 403 - Configuration error: Cannot perform access control
> without
> an authenticated principal
> type Status report
> message Configuration error: Cannot perform access control without an
> authenticated principal
> description Access to the specified resource (Configuration error: Cannot
> perform access control without an authenticated principal) has been
> forbidden.
> Apache Tomcat/5.0.28
>
>
> Thanks,
>
> Luke
>
> ----- Original Message -----
> From: "LERBSCHER Jean-Pierre" <je...@cofiroute.fr>
> To: "'Tomcat Users List'" <to...@jakarta.apache.org>
> Sent: Thursday, February 10, 2005 12:27 AM
> Subject: RE : Security Newbie - Need Help
>
>
>> Hi,
>> Could you verify that you have declared your admin role in the web.xml
>> file.
>> <security-role>
>> <role-name>admin</role-name>
>> </security-role>
>>
>> -----Message d'origine-----
>> De : Luke [mailto:luke@lukeshannon.com]
>> Envoyé : jeudi 10 février 2005 07:33
>> À : Tomcat Users List
>> Objet : Security Newbie - Need Help
>>
>>
>> Hi;
>>
>> I am trying to install a security realm for my application. I am
>> expecting
> a
>> browser login window. But instead I get:
>>
>> HTTP Status 403 - Configuration error: Cannot perform access control
>> without an authenticated principal
>> type Status report
>> message Configuration error: Cannot perform access control without an
>> authenticated principal
>> description Access to the specified resource (Configuration error:
>> Cannot
>> perform access control without an authenticated principal) has been
>> forbidden.
>> Apache Tomcat/5.0.28
>>
>> Why I am not getting the login window?
>>
>> Here is the web.xml in project root/WEB-INF
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>fw</web-resource-name>
>> <url-pattern>*.do</url-pattern>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> </login-config>
>> </security-constraint>
>>
>>
>> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>> driverName="org.gjt.mm.mysql.Driver"
>>
>>
>
connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor
>> d=password"
>> userTable="applicationusers" userNameCol="user_name"
>> userCredCol="user_pass" userRoleTable="user_roles"
>> roleNameCol="role_name" />
>>
>> The table structure was created using the following sql:
>>
>> create table users (
>> user_name varchar(15) not null primary key,
>> user_pass varchar(15) not null
>>
>> );
>>
>> create table user_roles (
>> user_name varchar(15) not null,
>> role_name varchar(15) not null,
>> primary key (user_name, role_name)
>> );
>>
>> How can I trouble shoot this? The log doesn't show anything. Any tips
> would
>> be great.
>>
>> Thanks,
>>
>> Luke
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: RE : RE : RE : Security Newbie - Need Help
Posted by lu...@lukeshannon.com.
No I think you are right.
I have user_roles in the server.xml realm and the table in tomcatusers is
called roles.
Is there a correct naming (user_roles vs roles)?
Concerning the <security-role> is this required when using a JDBCRealm?
Thanks,
Luke
> Sorry, i understand what you mean.
> Your role table seems ok.
>
> -----Message d'origine-----
> De : LERBSCHER Jean-Pierre [mailto:jean-pierre.lerbscher@cofiroute.fr]
> Envoyé : jeudi 10 février 2005 17:40
> À : 'Tomcat Users List'
> Objet : RE : RE : Security Newbie - Need Help
>
>
>
> -----Message d'origine-----
> De : luke@lukeshannon.com [mailto:luke@lukeshannon.com]
> Envoyé : jeudi 10 février 2005 16:57
> À : Tomcat Users List
> Objet : Re: RE : Security Newbie - Need Help
>
> Where would the <security-role> be declared? WEB-INF/web.xml?
>
> Yes
>
> The tables I have are roles, user_roles and users. When you say wrong role
> table which of the tables I have should be renamed?
>
> select * from roles;
> ...
> <realm ... userRoleTable="user_roles
>
> Thanks for you help,
>
> Luke
>
>> It seems that you have a wrong role table (roles or user_roles).
>> Have you declare <security-role> element ?
>>
>> -----Message d'origine-----
>> De : Luke [mailto:luke@lukeshannon.com]
>> Envoyé : jeudi 10 février 2005 16:02
>> À : Tomcat Users List
>> Objet : Re: Security Newbie - Need Help
>>
>> Hi;
>>
>> Here is the roles table:
>>
>> mysql> select * from roles;
>> +-----------+
>> | role_name |
>> +-----------+
>> | admin |
>> +-----------+
>> 1 row in set (0.02 sec)
>>
>> I noticed I did have a mistake in the realm declaration in my
>> server.xml.
>> I
>> had the wrong user table name. That is fixed this but still have the
>> problem:
>>
>> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>> driverName="org.gjt.mm.mysql.Driver"
>>
>>
> connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas
>> sword"
>> userTable="users" userNameCol="user_name"
>> userCredCol="user_pass" userRoleTable="user_roles"
>> roleNameCol="role_name" />
>>
>> I also changed my security declaration to have a realm-name in the login
>> config:
>>
>> <!-- security -->
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>fw</web-resource-name>
>> <url-pattern>*.do</url-pattern>
>> <http-method>POST</http-method>
>> <http-method>GET</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>fw</realm-name>
>> </login-config>
>> </security-constraint>
>>
>> The error is (which appears without a login window first allowing me to
>> authenticate):
>>
>>
>> HTTP Status 403 - Configuration error: Cannot perform access control
>> without
>> an authenticated principal
>> type Status report
>> message Configuration error: Cannot perform access control without an
>> authenticated principal
>> description Access to the specified resource (Configuration error:
>> Cannot
>> perform access control without an authenticated principal) has been
>> forbidden.
>> Apache Tomcat/5.0.28
>>
>>
>> Thanks,
>>
>> Luke
>>
>> ----- Original Message -----
>> From: "LERBSCHER Jean-Pierre" <je...@cofiroute.fr>
>> To: "'Tomcat Users List'" <to...@jakarta.apache.org>
>> Sent: Thursday, February 10, 2005 12:27 AM
>> Subject: RE : Security Newbie - Need Help
>>
>>
>>> Hi,
>>> Could you verify that you have declared your admin role in the web.xml
>>> file.
>>> <security-role>
>>> <role-name>admin</role-name>
>>> </security-role>
>>>
>>> -----Message d'origine-----
>>> De : Luke [mailto:luke@lukeshannon.com]
>>> Envoyé : jeudi 10 février 2005 07:33
>>> À : Tomcat Users List
>>> Objet : Security Newbie - Need Help
>>>
>>>
>>> Hi;
>>>
>>> I am trying to install a security realm for my application. I am
>>> expecting
>> a
>>> browser login window. But instead I get:
>>>
>>> HTTP Status 403 - Configuration error: Cannot perform access control
>>> without an authenticated principal
>>> type Status report
>>> message Configuration error: Cannot perform access control without an
>>> authenticated principal
>>> description Access to the specified resource (Configuration error:
>>> Cannot
>>> perform access control without an authenticated principal) has been
>>> forbidden.
>>> Apache Tomcat/5.0.28
>>>
>>> Why I am not getting the login window?
>>>
>>> Here is the web.xml in project root/WEB-INF
>>>
>>> <security-constraint>
>>> <web-resource-collection>
>>> <web-resource-name>fw</web-resource-name>
>>> <url-pattern>*.do</url-pattern>
>>> <http-method>POST</http-method>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <role-name>admin</role-name>
>>> </auth-constraint>
>>> <login-config>
>>> <auth-method>BASIC</auth-method>
>>> </login-config>
>>> </security-constraint>
>>>
>>>
>>> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>>> driverName="org.gjt.mm.mysql.Driver"
>>>
>>>
>>
> connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor
>>> d=password"
>>> userTable="applicationusers" userNameCol="user_name"
>>> userCredCol="user_pass" userRoleTable="user_roles"
>>> roleNameCol="role_name" />
>>>
>>> The table structure was created using the following sql:
>>>
>>> create table users (
>>> user_name varchar(15) not null primary key,
>>> user_pass varchar(15) not null
>>>
>>> );
>>>
>>> create table user_roles (
>>> user_name varchar(15) not null,
>>> role_name varchar(15) not null,
>>> primary key (user_name, role_name)
>>> );
>>>
>>> How can I trouble shoot this? The log doesn't show anything. Any tips
>> would
>>> be great.
>>>
>>> Thanks,
>>>
>>> Luke
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org