You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mukul Sood <ms...@iframe.com> on 2000/12/05 01:36:50 UTC
connection pooling
Hello All,
I would like to know whether Tomcat supports database connection pooling.
If not then do developers have to implement their own connection pool.
Also can one use jdbc 2.0 data source with Tomcat.
Would appreciate any info on these questions.
Thanks in advance
Mukul
Re: container managed authentication - how?
Posted by Christian Sell <ch...@netcologne.de>.
thanks for the info, will try. However, seems weird to me that I have to go
through involved, non-documented (?) procedures to enable J2EE standard
behavior - on the J2EE reference implementation?? Is there anything else to
read on this besides server.xml?
thanks,
Christian
----- Original Message -----
From: "Joakim Verona" <jo...@verona.se>
To: <to...@jakarta.apache.org>
Sent: Tuesday, December 05, 2000 11:08 AM
Subject: Re: container managed authentication - how?
> hello,
>
> try reading the server.xml file. you must activate an interceptor.
> you can choose from several.
>
> Christian Sell wrote:
> >
> > hello,
> >
> > I just installed Tomcat 3.2 and deployed my web application, which is
> > running sucessfully nuder Orion and JRun, using form-based
authentication.
> > However, Tomcat completely ignores the security-constraint settings. How
can
> > I get Tomcat to enforce this? Does Tomcat support container-managed
> > security?
> >
> > thanks in advance..
> > Christian
> >
>
> --
> Joakim Verona
> joakim@verona.se
> http://www.verona.se/
Re: container managed authentication - how?
Posted by Christian Sell <ch...@netcologne.de>.
> try the example security contexts, so you can see how it works.
> the interceptor in the server.xml you need to activate is clearly
commented
> in the file.
the web.xml looks just as mine. Strange thing is also, that I have this same
webapp (in fact from the very same directory) running under Orion and JRun,
and authentication works as expected. Only Tomcat lets me access all
protected pages without saying anything.
>tomcat needs to be responisble for security, so the easiest
> way to test it is to go through port 8080.
thats what I am doing
> the tomcat-users file is also clearly commented.
huh?? I dont see a single comment
> look for these lines in server.xml:
> (i have increased the debug level to see what happens)
here are the respective lines from my server.xml, which have been there all
the time:
<!-- Check if the request requires an authenticated role.
-->
<RequestInterceptor
className="org.apache.tomcat.request.AccessInterceptor"
debug="0" />
<!-- Check permissions using the simple xml file. You can
plug more advanced authentication modules.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleRealm"
debug="0" />
thanks for your help, anyway
Christian
Re: container managed authentication - how?
Posted by Joakim Verona <jo...@verona.se>.
hello,
I use exactly this quite a lot, and it works well.
try the example security contexts, so you can see how it works.
the interceptor in the server.xml you need to activate is clearly commented
in the file. tomcat needs to be responisble for security, so the easiest
way to test it is to go through port 8080.
the tomcat-users file is also clearly commented.
when you design your login forms, they should be placed somewhere unprotected,
this was a quirk that stymied me for a while.
look for these lines in server.xml:
(i have increased the debug level to see what happens)
<!-- Check if the request requires an authenticated role.
-->
<RequestInterceptor
className="officeweb.messages.AccessInterceptor"
debug="9" />
<!-- Check permissions using the simple xml file. You can
plug more advanced authentication modules.
-->
<RequestInterceptor
className="org.apache.tomcat.request.SimpleRealm"
debug="1" />
Christian Sell wrote:
>
> can you (or anyone) tell me WHAT I need to activate to enable J2EE standard
> (form-based) authentication, simply using the tomcat-users.xml file? Is
> there any place I can read up on this? Does this even work?
>
> thanks,
> Christian
>
> ----- Original Message -----
> From: "Joakim Verona" <jo...@verona.se>
> To: <to...@jakarta.apache.org>
> Sent: Tuesday, December 05, 2000 11:08 AM
> Subject: Re: container managed authentication - how?
>
> > hello,
> >
> > try reading the server.xml file. you must activate an interceptor.
> > you can choose from several.
> >
> > Christian Sell wrote:
> > >
> > > hello,
> > >
> > > I just installed Tomcat 3.2 and deployed my web application, which is
> > > running sucessfully nuder Orion and JRun, using form-based
> authentication.
> > > However, Tomcat completely ignores the security-constraint settings. How
> can
> > > I get Tomcat to enforce this? Does Tomcat support container-managed
> > > security?
> > >
> > > thanks in advance..
> > > Christian
> > >
> > > BTW, Heres my web.xml, in case somebody wants to take a look:
> > >
> > > <?xml version="1.0" encoding="ISO-8859-1"?>
> > >
> > > <!DOCTYPE web-app
> > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > > "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> > >
> > > <web-app>
> > > <servlet>
> > > <servlet-name>wcfsystem</servlet-name>
> > > <display-name>wcfsystem</display-name>
> > > <servlet-class>com.itsit.wcf.adaptor.WCFSystem</servlet-class>
> > > <init-param>
> > > <param-name>wcf.properties</param-name>
> > > <param-value>/wcf.properties</param-value>
> > > </init-param>
> > > <load-on-startup>1</load-on-startup>
> > > </servlet>
> > > <session-config>
> > > <session-timeout>10</session-timeout>
> > > </session-config>
> > > <welcome-file-list>
> > > <welcome-file>index.html</welcome-file>
> > > <welcome-file>index.jsp</welcome-file>
> > > </welcome-file-list>
> > > <security-constraint>
> > > <web-resource-collection>
> > > <web-resource-name>WCF Administration</web-resource-name>
> > > <description>WebComponents Administration</description>
> > > <url-pattern>*/WCFAdmin.jsp</url-pattern>
> > > <url-pattern>*/wcfsystem</url-pattern>
> > > </web-resource-collection>
> > > <auth-constraint>
> > > <description>Administrators only</description>
> > > <role-name>admins</role-name>
> > > </auth-constraint>
> > > </security-constraint>
> > > <login-config>
> > > <auth-method>FORM</auth-method>
> > > <form-login-config>
> > > <form-login-page>/content/login.html</form-login-page>
> > > <form-error-page>/content/loginerr.html</form-error-page>
> > > </form-login-config>
> > > </login-config>
> > > <security-role>
> > > <description>WCF Users</description>
> > > <role-name>users</role-name>
> > > </security-role>
> > > <security-role>
> > > <description>WCF Administrators</description>
> > > <role-name>admins</role-name>
> > > </security-role>
> > > </web-app>
> >
> > --
> > Joakim Verona
> > joakim@verona.se
> > http://www.verona.se/
--
Joakim Verona
joakim@verona.se
http://www.verona.se/
Re: container managed authentication - how?
Posted by Christian Sell <ch...@netcologne.de>.
can you (or anyone) tell me WHAT I need to activate to enable J2EE standard
(form-based) authentication, simply using the tomcat-users.xml file? Is
there any place I can read up on this? Does this even work?
thanks,
Christian
----- Original Message -----
From: "Joakim Verona" <jo...@verona.se>
To: <to...@jakarta.apache.org>
Sent: Tuesday, December 05, 2000 11:08 AM
Subject: Re: container managed authentication - how?
> hello,
>
> try reading the server.xml file. you must activate an interceptor.
> you can choose from several.
>
> Christian Sell wrote:
> >
> > hello,
> >
> > I just installed Tomcat 3.2 and deployed my web application, which is
> > running sucessfully nuder Orion and JRun, using form-based
authentication.
> > However, Tomcat completely ignores the security-constraint settings. How
can
> > I get Tomcat to enforce this? Does Tomcat support container-managed
> > security?
> >
> > thanks in advance..
> > Christian
> >
> > BTW, Heres my web.xml, in case somebody wants to take a look:
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> >
> > <!DOCTYPE web-app
> > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> >
> > <web-app>
> > <servlet>
> > <servlet-name>wcfsystem</servlet-name>
> > <display-name>wcfsystem</display-name>
> > <servlet-class>com.itsit.wcf.adaptor.WCFSystem</servlet-class>
> > <init-param>
> > <param-name>wcf.properties</param-name>
> > <param-value>/wcf.properties</param-value>
> > </init-param>
> > <load-on-startup>1</load-on-startup>
> > </servlet>
> > <session-config>
> > <session-timeout>10</session-timeout>
> > </session-config>
> > <welcome-file-list>
> > <welcome-file>index.html</welcome-file>
> > <welcome-file>index.jsp</welcome-file>
> > </welcome-file-list>
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>WCF Administration</web-resource-name>
> > <description>WebComponents Administration</description>
> > <url-pattern>*/WCFAdmin.jsp</url-pattern>
> > <url-pattern>*/wcfsystem</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <description>Administrators only</description>
> > <role-name>admins</role-name>
> > </auth-constraint>
> > </security-constraint>
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <form-login-config>
> > <form-login-page>/content/login.html</form-login-page>
> > <form-error-page>/content/loginerr.html</form-error-page>
> > </form-login-config>
> > </login-config>
> > <security-role>
> > <description>WCF Users</description>
> > <role-name>users</role-name>
> > </security-role>
> > <security-role>
> > <description>WCF Administrators</description>
> > <role-name>admins</role-name>
> > </security-role>
> > </web-app>
>
> --
> Joakim Verona
> joakim@verona.se
> http://www.verona.se/
Re: container managed authentication - how?
Posted by Joakim Verona <jo...@verona.se>.
hello,
try reading the server.xml file. you must activate an interceptor.
you can choose from several.
Christian Sell wrote:
>
> hello,
>
> I just installed Tomcat 3.2 and deployed my web application, which is
> running sucessfully nuder Orion and JRun, using form-based authentication.
> However, Tomcat completely ignores the security-constraint settings. How can
> I get Tomcat to enforce this? Does Tomcat support container-managed
> security?
>
> thanks in advance..
> Christian
>
> BTW, Heres my web.xml, in case somebody wants to take a look:
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
>
> <web-app>
> <servlet>
> <servlet-name>wcfsystem</servlet-name>
> <display-name>wcfsystem</display-name>
> <servlet-class>com.itsit.wcf.adaptor.WCFSystem</servlet-class>
> <init-param>
> <param-name>wcf.properties</param-name>
> <param-value>/wcf.properties</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
> <session-config>
> <session-timeout>10</session-timeout>
> </session-config>
> <welcome-file-list>
> <welcome-file>index.html</welcome-file>
> <welcome-file>index.jsp</welcome-file>
> </welcome-file-list>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>WCF Administration</web-resource-name>
> <description>WebComponents Administration</description>
> <url-pattern>*/WCFAdmin.jsp</url-pattern>
> <url-pattern>*/wcfsystem</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <description>Administrators only</description>
> <role-name>admins</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/content/login.html</form-login-page>
> <form-error-page>/content/loginerr.html</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <description>WCF Users</description>
> <role-name>users</role-name>
> </security-role>
> <security-role>
> <description>WCF Administrators</description>
> <role-name>admins</role-name>
> </security-role>
> </web-app>
--
Joakim Verona
joakim@verona.se
http://www.verona.se/
Re: container managed authentication - how?
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Christian Sell wrote:
> hello,
>
> I just installed Tomcat 3.2 and deployed my web application, which is
> running sucessfully nuder Orion and JRun, using form-based authentication.
> However, Tomcat completely ignores the security-constraint settings. How can
> I get Tomcat to enforce this? Does Tomcat support container-managed
> security?
>
> thanks in advance..
> Christian
>
> BTW, Heres my web.xml, in case somebody wants to take a look:
>
Thanks for including this -- it is the key to understanding your problem.
In your <security-constraint>, you are specifying <url-pattern> entries that are
not legal according to the servlet specification (such as "*/WCFAdmin.jsp" and
"*/wcfsystem"). The legal syntax only allows "*" wildcards at the *end* of the
URL, not the beginning. If JRun supports these values, it is doing so outside
of the servlet spec, and is therefore not portable.
For more information on the legal syntax for URL patterns, and pretty much
everything else that is mandated about servlets, see the Servlet API
Specification, version 2.2, which you can download from
<http://java.sun.com/products/servlet/download.html>.
Craig McClanahan
container managed authentication - how?
Posted by Christian Sell <ch...@netcologne.de>.
hello,
I just installed Tomcat 3.2 and deployed my web application, which is
running sucessfully nuder Orion and JRun, using form-based authentication.
However, Tomcat completely ignores the security-constraint settings. How can
I get Tomcat to enforce this? Does Tomcat support container-managed
security?
thanks in advance..
Christian
BTW, Heres my web.xml, in case somebody wants to take a look:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<servlet>
<servlet-name>wcfsystem</servlet-name>
<display-name>wcfsystem</display-name>
<servlet-class>com.itsit.wcf.adaptor.WCFSystem</servlet-class>
<init-param>
<param-name>wcf.properties</param-name>
<param-value>/wcf.properties</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>WCF Administration</web-resource-name>
<description>WebComponents Administration</description>
<url-pattern>*/WCFAdmin.jsp</url-pattern>
<url-pattern>*/wcfsystem</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Administrators only</description>
<role-name>admins</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/content/login.html</form-login-page>
<form-error-page>/content/loginerr.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>WCF Users</description>
<role-name>users</role-name>
</security-role>
<security-role>
<description>WCF Administrators</description>
<role-name>admins</role-name>
</security-role>
</web-app>
Re: connection pooling
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Mukul Sood wrote:
> Hello All,
>
> I would like to know whether Tomcat supports database connection pooling.
> If not then do developers have to implement their own connection pool.
> Also can one use jdbc 2.0 data source with Tomcat.
> Would appreciate any info on these questions.
>
> Thanks in advance
>
> Mukul
Tomcat has no built-in support for database connection pooling. However, since
a connection pool is just Java code, any connection pool you find will run under
it. A place to start looking for more info would be the "JDBC Drivers" page at
<http://java.sun.com/products/jdbc>.
Craig McClanahan