You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by alee amin <ma...@gmail.com> on 2008/02/07 13:39:10 UTC
Tomcat Security Problem
I have 1 tomcat server (5.5) and i have deployed 2 independent applications
on it.
Application 1 has security, which is implemented using BASIC AUTHENTICATION
mode of tomcat. defining the username and password in
conf/tomcat-users.xmlfile.
Application 2 has form based security and for some enhanced security i have
added the "realm" for the database in conf/server.xml file.
Now, if add the realm thing in server.xml file my basic authentication stop
working in application 1 (application 2 security still works) on the other
hand if i remove this realm then my basic authentication work and ofcourse
my application 2 will not be able to imply security. What to do? I can't use
another tomcat for another application.
--
..alee
Re: Tomcat Security Problem
Posted by alee amin <ma...@gmail.com>.
I have placed the following configuration in server.xml file after reading
from tomcat site
<Host>
... ...
<context path="/application2-web">
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/application2"
connectionName="root"
connectionPassword="mypassword"
userTable="user"
userNameCol="user_name"
userCredCol="user_password"
userRoleTable="user_role"
roleNameCol="role_name"
digest="MD5"/>
</context>
</Host>
But it is not allowing me to log in.
On Feb 8, 2008 11:26 AM, alee amin <ma...@gmail.com> wrote:
> actually i am not able to get what you mean by context? should i insert it
> in conf/server.xml or somewhere else. It is confusing me.
>
>
> On Feb 7, 2008 8:59 PM, Caldarale, Charles R <Ch...@unisys.com>
> wrote:
>
> > > From: alee amin [mailto:mailing.list.mail.id@gmail.com]
> > > Subject: Re: Tomcat Security Problem
> > >
> > > How can i make it available for it and at the same
> > > time i want application 1 BASIC AUTHENTICATION based
> > > on tomcat-users.xml file.
> >
> > I already answered that question:
> >
> > > > Sounds like you need to put it inside the <Context> of your
> > > > application 2, not inside the <Host> or <Engine> where you
> > > > now have it.
> >
> > Leave the original tomcat-users.xml <Realm> where it is, and put your
> > more secure <Realm> inside the <Context> element of application 2.
> >
> > - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> > MATERIAL and is thus for use only by the intended recipient. If you
> > received this in error, please contact the sender and delete the e-mail
> > and its attachments from all computers.
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
>
> --
> Muhammad Ali
> http://techboard.wordpress.com
> Software Engineer - E2ESP
> muhammadaliamin(at)gmail(dot)com
>
--
Muhammad Ali
http://techboard.wordpress.com
Software Engineer - E2ESP
muhammadaliamin(at)gmail(dot)com
Re: Tomcat Security Problem
Posted by alee amin <ma...@gmail.com>.
actually i am not able to get what you mean by context? should i insert it
in conf/server.xml or somewhere else. It is confusing me.
On Feb 7, 2008 8:59 PM, Caldarale, Charles R <Ch...@unisys.com>
wrote:
> > From: alee amin [mailto:mailing.list.mail.id@gmail.com]
> > Subject: Re: Tomcat Security Problem
> >
> > How can i make it available for it and at the same
> > time i want application 1 BASIC AUTHENTICATION based
> > on tomcat-users.xml file.
>
> I already answered that question:
>
> > > Sounds like you need to put it inside the <Context> of your
> > > application 2, not inside the <Host> or <Engine> where you
> > > now have it.
>
> Leave the original tomcat-users.xml <Realm> where it is, and put your
> more secure <Realm> inside the <Context> element of application 2.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Muhammad Ali
http://techboard.wordpress.com
Software Engineer - E2ESP
muhammadaliamin(at)gmail(dot)com
RE: Tomcat Security Problem
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: alee amin [mailto:mailing.list.mail.id@gmail.com]
> Subject: Re: Tomcat Security Problem
>
> How can i make it available for it and at the same
> time i want application 1 BASIC AUTHENTICATION based
> on tomcat-users.xml file.
I already answered that question:
> > Sounds like you need to put it inside the <Context> of your
> > application 2, not inside the <Host> or <Engine> where you
> > now have it.
Leave the original tomcat-users.xml <Realm> where it is, and put your
more secure <Realm> inside the <Context> element of application 2.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat Security Problem
Posted by alee amin <ma...@gmail.com>.
Yeah i guess so. I want realm thing only for application 2. How can i make
it available for it and at the same time i want application 1 BASIC
AUTHENTICATION based on tomcat-users.xml file.
I am going throgh the page u sent but still not able to get some working
solution. Need it urgent.
On Feb 7, 2008 8:08 PM, Caldarale, Charles R <Ch...@unisys.com>
wrote:
> > From: alee amin [mailto:mailing.list.mail.id@gmail.com]
> > Subject: Tomcat Security Problem
> >
> > Application 2 has form based security and for some
> > enhanced security i have added the "realm" for the
> > database in conf/server.xml file.
>
> Where in server.xml? A <Realm> element may be nested inside of an
> <Engine>, <Host>, or <Context>, depending on the desired scope of the
> realm. Sounds like you need to put it inside the <Context> of your
> application 2, not inside the <Host> or <Engine> where you now have it.
>
> Doc reference:
> http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Muhammad Ali
http://techboard.wordpress.com
Software Engineer - E2ESP
muhammadaliamin(at)gmail(dot)com
RE: Tomcat Security Problem
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: alee amin [mailto:mailing.list.mail.id@gmail.com]
> Subject: Tomcat Security Problem
>
> Application 2 has form based security and for some
> enhanced security i have added the "realm" for the
> database in conf/server.xml file.
Where in server.xml? A <Realm> element may be nested inside of an
<Engine>, <Host>, or <Context>, depending on the desired scope of the
realm. Sounds like you need to put it inside the <Context> of your
application 2, not inside the <Host> or <Engine> where you now have it.
Doc reference:
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org