You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Amrhein, Thomas" <Th...@t-systems.de> on 2001/08/08 17:56:06 UTC

How to get own Realm to work (seemes not to be used)

Hi,

I wrote my own Realm, which connects to an EJB via JNDI. The EJB is looking
at a database.
I modified JDBCRealm and put it in my own package.

I configured tomcat 3.2.3 (see above) and it started fine. The realm inited
the connection to JBoss.
The problem: the Realm is not used. I can access all the protected pages.

Has anybody an answer? 
And who does the console output (see above)? It comes once for each webapp.
It's not me in my realm.

regards,

Thomas




my server.xml looks like this:

        <RequestInterceptor 
            className="de.tsystems.JNDIJDBCRealm" 
            userNameCol="KENNUNG" 
            userCredCol="PASSWORT" 
            userTable="IBENUTZER" 
            userRoleTable="IBENUTZER" 
            roleNameCol="ROLLE"
          />

my web.xml like this:

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
	 <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>test/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>Testrolle</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses BASIC authentication -->
    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Example Basic Authentication Area</realm-name>
    </login-config>

The console output like this:

2001-08-08 17:36:58 - ContextManager: JNDIJDBCRealm: JDBCRealm has been
started succesfully

Re: How to get own Realm to work (seemes not to be used)

Posted by "Craig R. McClanahan" <cr...@apache.org>.

One problem is with your <url-pattern> -- it is missing a leading slash on
the front.  Try "/test/*" instead of "test/*".

Craig


On Wed, 8 Aug 2001, Amrhein, Thomas wrote:

> Hi,
> 
> I wrote my own Realm, which connects to an EJB via JNDI. The EJB is looking
> at a database.
> I modified JDBCRealm and put it in my own package.
> 
> I configured tomcat 3.2.3 (see above) and it started fine. The realm inited
> the connection to JBoss.
> The problem: the Realm is not used. I can access all the protected pages.
> 
> Has anybody an answer? 
> And who does the console output (see above)? It comes once for each webapp.
> It's not me in my realm.
> 
> regards,
> 
> Thomas
> 
> 
> 
> 
> my server.xml looks like this:
> 
>         <RequestInterceptor 
>             className="de.tsystems.JNDIJDBCRealm" 
>             userNameCol="KENNUNG" 
>             userCredCol="PASSWORT" 
>             userTable="IBENUTZER" 
>             userRoleTable="IBENUTZER" 
>             roleNameCol="ROLLE"
>           />
> 
> my web.xml like this:
> 
>     <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
> 	 <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>test/*</url-pattern>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access this area -->
>          <role-name>Testrolle</role-name>
>       </auth-constraint>
>     </security-constraint>
> 
>     <!-- Default login configuration uses BASIC authentication -->
>     <login-config>
>       <auth-method>BASIC</auth-method>
>       <realm-name>Example Basic Authentication Area</realm-name>
>     </login-config>
> 
> The console output like this:
> 
> 2001-08-08 17:36:58 - ContextManager: JNDIJDBCRealm: JDBCRealm has been
> started succesfully
> 
> 
>