You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov> on 2010/03/23 23:16:16 UTC
Connecting to a Database
Tomcat 6.0.24
Windows Server 2003 R2 SP2
SQL Server 2005 Express
Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007
I know I need to configure a Realm and that can be in an Engine, Host or Context element, but most likely in a context element inside the context.xml under META-INF of my specific webapp.
What do most people prefer? JDBCRealm or JNDI DataSourceRealm? One uses a jdbc driver the other uses a JNDI named JDBC DataSource. Does the latter require setting up a System DSN datasource in Windows? Or am I confusing that with something else?
Leo Donahue
Re: Connecting to a Database
Posted by Pid <pi...@pidster.com>.
On 24/03/2010 15:56, Caldarale, Charles R wrote:
>> From: Pid [mailto:pid@pidster.com]
>> Subject: Re: Connecting to a Database
>>
>> If you define the datasource as a global resource, you can define the
>> Realm in server.xml (before or inside the Host), but then you need a
>> resource link in the context.xml to make the global resource available
>> to the app.
>
> Are you sure about that? The<ResourceLink> is necessary when the app is accessing the data source, but in this case, it's not the app, it's Tomcat, doing the authentication lookups. I don't think the<ResourceLink> is necessary, but the rest is definitely needed.
Yes, I meant that if the OP needed the data source in the application
for some other purpose that a resource link would be required. Probably
could have been phrased better.
p
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Pid [mailto:pid@pidster.com]
> Subject: Re: Connecting to a Database
>
> If you define the datasource as a global resource, you can define the
> Realm in server.xml (before or inside the Host), but then you need a
> resource link in the context.xml to make the global resource available
> to the app.
Are you sure about that? The <ResourceLink> is necessary when the app is accessing the data source, but in this case, it's not the app, it's Tomcat, doing the authentication lookups. I don't think the <ResourceLink> is necessary, but the rest is definitely needed.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connecting to a Database
Posted by Pid <pi...@pidster.com>.
On 24/03/2010 15:43, Leo Donahue - PLANDEVX wrote:
> No, not sure. That is what I was confused about.
> JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource
>
> I think what was throwing me off was seeing examples of the tomcat-users in both the realm-howto and in the jndi-resources-howto
>
> I'm attempting container managed security using SQL Server. It looks like I need both a DataSourceRealm and a JDBC DataSource?
>
> Assuming I have the correct tables in the database named "authstore", does this look right?
Nope.
If you define the DataSource in the app's context.xml, you need to
define the realm there too, or it won't have access to the datasource.
If you define the datasource as a global resource, you can define the
Realm in server.xml (before or inside the Host), but then you need a
resource link in the context.xml to make the global resource available
to the app.
<ResourceLink
global="jdbc/GlobalName"
name="jdbc/LocalName"
type="javax.sql.DataSource"/>
p
> ** in server.xml **
> <Realm className="com.microsoft.sqlserver.jdbc.SQLServerDriver"
> dataSourceName="jdbc/authority"
> userTable="users" userNameCol="user_name" userCredCol="user_pass"
> userRoleTable="user_roles" roleNameCol="role_name"/>
>
> ** in META-INF/context.xml of specific webapp **
> <resource-ref>
> <description>DB Connection</description>
> <res-ref-name>jdbc/authority</res-ref-name>
> <res-type>javax.sql.DataSource</res-type>
> <res-auth>Container</res-auth>
> </resource-ref>
>
> ** also in META-INF/context.xml file? **
> <Resource name="jdbc/authority" auth="Container" type="javax.sql.DataSource"
> username="javauser" password="javadude" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
> url="jdbc:sqlserver://localhost;database=authstore"/>
>
>
> -----Original Message-----
> From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Sent: Tuesday, March 23, 2010 3:22 PM
> To: Tomcat Users List
> Subject: RE: Connecting to a Database
>
>> From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
>> Subject: Connecting to a Database
>>
>> Tomcat 6.0.24
>> Windows Server 2003 R2 SP2
>> SQL Server 2005 Express
>> Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007
>>
>> I know I need to configure a Realm
>
> Are you sure? A<Realm> is used for authentication only, not for a webapp that accesses a database. Do you perhaps mean<Resource>?
>
>> JDBCRealm or JNDI DataSourceRealm?
>
> If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connecting to a Database
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/25/2010 10:50 AM, Leo Donahue - PLANDEVX wrote:
> I can digest a password and use that digested password in the
> tomcat-users.xml
Sorry, I was thinking server.xml for the DataSource setup: you cannot
use the database's password in a hashed format. The users' passwords can
(and should) be hashed for authentication.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkurnrQACgkQ9CaO5/Lv0PCbbQCgpodTTsD/b1jx24kzGAwUolhD
zqAAmwQirCQ0Ixu0DxZIXV3JyFKeeOyj
=ny0f
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
Chris,
I meant to reply to this yesterday.
I can digest a password and use that digested password in the tomcat-users.xml I added an md5 attribute to the user database realm in server.xml and storing the digested password in tomcat-users.xml is working. Is it not supposed to? Based on that I assumed I could digest other passwords as well.
Leo
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, March 24, 2010 12:47 PM
To: Tomcat Users List
Subject: Re: Connecting to a Database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote:
> I know you can specify digest for a Realm, but I don't see where I can
> do that for a Resource.
Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database.
> Do I need to leave the password of
> "javadude" in the Resource in clear text, or can it be a digested
> version of "javadude" in clear text in the Resource element?
You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection?
> The SQL table of user passwords will be in digest, but I wasn't sure
> if I could use a digested password as part of the configuration for
> the account that connects to the "authstore" database.
Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR
CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9
=uX5k
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Propes, Barry L " <ba...@citi.com>.
Thanks, Chuck. I'll take a look again at this to see what else I might have overlooked!
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 4:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> And after doing this
Doing which?
> now I can't get the Tomcat manager app to work properly now...it
> references my JNDI realm reference (DataSourceRealm actually) and
> throws an exception.
Where is the <Realm> for the manager app defined?
Where is the <Realm> for your webapp defined?
> Reference to the tomcat-users.xml file?
This sentence no verb.
> I'll dump out the work folder, too, but it'd be nice to
> have both working concurrently. I would have thought they
> would, but am likely mistaken.
Did you remove the <Realm> in server.xml? (You shouldn't, if you want the manager app to use it.) Have you made any changes to the global conf/context.xml?
Post your server.xml so we can see it.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Propes, Barry L " <ba...@citi.com>.
Right -- ok, that's good.
And I will do so (post the data Chuck asked for).
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Tuesday, March 30, 2010 11:34 AM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
I only added that valve because I did not want just anyone to be able to type http://mydomain.com/manager/html and get the Tomcat manager login challenge.
That valve should not have any effect on your DataSourceRealm. You should probably post the data Chuck asked for.
>> Where is the <Realm> for the manager app defined?
>> Where is the <Realm> for your webapp defined?
>> Post your server.xml so we can see it.
>> Did you remove the <Realm> in server.xml?
>> Have you made any changes to the global conf/context.xml?
-----Original Message-----
From: Propes, Barry L [mailto:barry.l.propes@citi.com]
Sent: Tuesday, March 30, 2010 9:20 AM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not.
Thanks.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Monday, March 29, 2010 5:38 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
>>If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app?
Barry,
I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
I have the manager webapp running.
In various places in server.xml, other than adding digest, this is the standard tomcat config:
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="md5"
resourceName="UserDatabase"/>
In webapps/manager/META-INF/context.xml:
<!-- Valve added to prevent access to this webapp from public computers -->
<Context antiResourceLocking="false" debug="0" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="specific ip" />
</Context>
-----Original Message-----
From: Propes, Barry L [mailto:barry.l.propes@citi.com]
Sent: Monday, March 29, 2010 2:41 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception.
Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error.
If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file?
I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Friday, March 26, 2010 6:09 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
You are correct. I stumbled across that info while reading the <Realm> config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable.
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 2:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
I only added that valve because I did not want just anyone to be able to type http://mydomain.com/manager/html and get the Tomcat manager login challenge.
That valve should not have any effect on your DataSourceRealm. You should probably post the data Chuck asked for.
>> Where is the <Realm> for the manager app defined?
>> Where is the <Realm> for your webapp defined?
>> Post your server.xml so we can see it.
>> Did you remove the <Realm> in server.xml?
>> Have you made any changes to the global conf/context.xml?
-----Original Message-----
From: Propes, Barry L [mailto:barry.l.propes@citi.com]
Sent: Tuesday, March 30, 2010 9:20 AM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not.
Thanks.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Monday, March 29, 2010 5:38 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
>>If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app?
Barry,
I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
I have the manager webapp running.
In various places in server.xml, other than adding digest, this is the standard tomcat config:
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="md5"
resourceName="UserDatabase"/>
In webapps/manager/META-INF/context.xml:
<!-- Valve added to prevent access to this webapp from public computers -->
<Context antiResourceLocking="false" debug="0" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="specific ip" />
</Context>
-----Original Message-----
From: Propes, Barry L [mailto:barry.l.propes@citi.com]
Sent: Monday, March 29, 2010 2:41 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception.
Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error.
If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file?
I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Friday, March 26, 2010 6:09 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
You are correct. I stumbled across that info while reading the <Realm> config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable.
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 2:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Propes, Barry L " <ba...@citi.com>.
Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not.
Thanks.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Monday, March 29, 2010 5:38 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
>>If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app?
Barry,
I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
I have the manager webapp running.
In various places in server.xml, other than adding digest, this is the standard tomcat config:
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="md5"
resourceName="UserDatabase"/>
In webapps/manager/META-INF/context.xml:
<!-- Valve added to prevent access to this webapp from public computers -->
<Context antiResourceLocking="false" debug="0" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="specific ip" />
</Context>
-----Original Message-----
From: Propes, Barry L [mailto:barry.l.propes@citi.com]
Sent: Monday, March 29, 2010 2:41 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception.
Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error.
If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file?
I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Friday, March 26, 2010 6:09 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
You are correct. I stumbled across that info while reading the <Realm> config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable.
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 2:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
>>If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app?
Barry,
I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations.
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
I have the manager webapp running.
In various places in server.xml, other than adding digest, this is the standard tomcat config:
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
digest="md5"
resourceName="UserDatabase"/>
In webapps/manager/META-INF/context.xml:
<!-- Valve added to prevent access to this webapp from public computers -->
<Context antiResourceLocking="false" debug="0" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="specific ip" />
</Context>
-----Original Message-----
From: Propes, Barry L [mailto:barry.l.propes@citi.com]
Sent: Monday, March 29, 2010 2:41 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception.
Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error.
If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file?
I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Friday, March 26, 2010 6:09 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
You are correct. I stumbled across that info while reading the <Realm> config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable.
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 2:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Propes, Barry L " <ba...@citi.com>.
And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception.
Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error.
If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file?
I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken.
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Friday, March 26, 2010 6:09 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
You are correct. I stumbled across that info while reading the <Realm> config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable.
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 2:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
You are correct. I stumbled across that info while reading the <Realm> config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable.
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Friday, March 26, 2010 2:56 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Propes, Barry L [mailto:barry.l.propes@citi.com]
> Subject: RE: Connecting to a Database
>
> Thanks, Leo! I've not seen instructions in the How-To (maybe I
> overlooked it) on the localDataSource="true" attrib to the Realm in
> the context.xml file
Unfortunately, it's not in the How-To, just in the configuration doc for <Realm> (which is linked to from the How-To):
http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
The How-To is oriented towards server-wide authentication, so the examples all show use of a <Realm> in server.xml and a corresponding global resource declaration.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Propes, Barry L " <ba...@citi.com>.
Wow!
Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource="true" attrib to the Realm in the context.xml file, but my DataSource realm wouldn't hit the DB for authentication at ALL until I just did this.
As you said, PROBLEM SOLVED!! Going home for the day to watch the NCAAs tonight!
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Wednesday, March 24, 2010 10:56 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
** SOLVED **
1. It would have helped had I added the localDataSource="true" to the Realm, since I was using the realm in META-INF/context.xml 2. It would have helped if I had paid attention to the actual table name I was using for the userRoleTable.
The table should have been SECURITYSTORE_USERS_ROLES
I don't know how many times I looked at that and ignored it. I feel about as stupid as possible.
Leo
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Wednesday, March 24, 2010 2:56 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
Chris,
In my realm, you're saying that the digest attribute is how the password is stored in the database? Not how it is entered/translated when the user logs in.
I'm using this to generate a MD5 hash of the password = password:
java -classpath C:\apache-tomcat-6.0.24\lib\catalina.jar;C:\apache-tomcat-6.0.24\bin\tomcat-juli.jar org.apache.catalina.realm.RealmBase -a md5 password
I don't understand why I can't authenticate with what I have.
When I login and supply a username and password, I get the 401 error page. This user does have the "webservicereader" role. And the user's password is the same value in the database as in the dos window when I create a password of password.
Page 144 of the servlet 2.5 spec speaks to the login-config Element. It doesn't list the values for "realm-name", is DataSourceRealm valid? I've tried using DIGEST instead of BASIC for the auth-method, but that change doesn't make a difference, so I must have something else wrong?
The only thing I haven't tried is changing the names of the tables to the names listed in the Tomcat docs. Maybe I can't use different table names for users and roles?
I do have SSL enabled and I have another webapp working with Active Directory authentication - BASIC over HTTPS. This "experiment" is an extension of the SSL question I posted a few weeks ago. That is probably why the web.xml looks very similar.
** META-INF/context.xml:
<Context antiJARLocking="true" path="/sample2" privileged="true">
<!-- This Realm uses a DataSourceRealm -->
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/SecurityStore"
userTable="SECURITYSTORE_USERS"
userNameCol="USERNAME"
userCredCol="MD5PASSWORD"
userRoleTable="SECURITYSTORE_ROLES"
roleNameCol="ROLENAME"
digest="MD5"/>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/SecurityStore</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<Resource name="jdbc/SecurityStore"
auth="Container"
type="javax.sql.DataSource"
username="username"
password="password"
driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://servername;database=databasename"/>
</Context>
** web.xml:
<!-- SECURITY CONSTRAINT -->
<security-constraint>
<web-resource-collection>
<web-resource-name>samplewebapp2</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>webservicereader</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- LOGIN CONFIGURATION-->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DataSourceRealm</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>webservicereader</role-name>
</security-role>
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, March 24, 2010 12:47 PM
To: Tomcat Users List
Subject: Re: Connecting to a Database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote:
> I know you can specify digest for a Realm, but I don't see where I can
> do that for a Resource.
Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database.
> Do I need to leave the password of
> "javadude" in the Resource in clear text, or can it be a digested
> version of "javadude" in clear text in the Resource element?
You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection?
> The SQL table of user passwords will be in digest, but I wasn't sure
> if I could use a digested password as part of the configuration for
> the account that connects to the "authstore" database.
Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR
CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9
=uX5k
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
** SOLVED **
1. It would have helped had I added the localDataSource="true" to the Realm, since I was using the realm in META-INF/context.xml
2. It would have helped if I had paid attention to the actual table name I was using for the userRoleTable.
The table should have been SECURITYSTORE_USERS_ROLES
I don't know how many times I looked at that and ignored it. I feel about as stupid as possible.
Leo
-----Original Message-----
From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
Sent: Wednesday, March 24, 2010 2:56 PM
To: 'Tomcat Users List'
Subject: RE: Connecting to a Database
Chris,
In my realm, you're saying that the digest attribute is how the password is stored in the database? Not how it is entered/translated when the user logs in.
I'm using this to generate a MD5 hash of the password = password:
java -classpath C:\apache-tomcat-6.0.24\lib\catalina.jar;C:\apache-tomcat-6.0.24\bin\tomcat-juli.jar org.apache.catalina.realm.RealmBase -a md5 password
I don't understand why I can't authenticate with what I have.
When I login and supply a username and password, I get the 401 error page. This user does have the "webservicereader" role. And the user's password is the same value in the database as in the dos window when I create a password of password.
Page 144 of the servlet 2.5 spec speaks to the login-config Element. It doesn't list the values for "realm-name", is DataSourceRealm valid? I've tried using DIGEST instead of BASIC for the auth-method, but that change doesn't make a difference, so I must have something else wrong?
The only thing I haven't tried is changing the names of the tables to the names listed in the Tomcat docs. Maybe I can't use different table names for users and roles?
I do have SSL enabled and I have another webapp working with Active Directory authentication - BASIC over HTTPS. This "experiment" is an extension of the SSL question I posted a few weeks ago. That is probably why the web.xml looks very similar.
** META-INF/context.xml:
<Context antiJARLocking="true" path="/sample2" privileged="true">
<!-- This Realm uses a DataSourceRealm -->
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/SecurityStore"
userTable="SECURITYSTORE_USERS"
userNameCol="USERNAME"
userCredCol="MD5PASSWORD"
userRoleTable="SECURITYSTORE_ROLES"
roleNameCol="ROLENAME"
digest="MD5"/>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/SecurityStore</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<Resource name="jdbc/SecurityStore"
auth="Container"
type="javax.sql.DataSource"
username="username"
password="password"
driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://servername;database=databasename"/>
</Context>
** web.xml:
<!-- SECURITY CONSTRAINT -->
<security-constraint>
<web-resource-collection>
<web-resource-name>samplewebapp2</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>webservicereader</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- LOGIN CONFIGURATION-->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DataSourceRealm</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>webservicereader</role-name>
</security-role>
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, March 24, 2010 12:47 PM
To: Tomcat Users List
Subject: Re: Connecting to a Database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote:
> I know you can specify digest for a Realm, but I don't see where I can
> do that for a Resource.
Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database.
> Do I need to leave the password of
> "javadude" in the Resource in clear text, or can it be a digested
> version of "javadude" in clear text in the Resource element?
You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection?
> The SQL table of user passwords will be in digest, but I wasn't sure
> if I could use a digested password as part of the configuration for
> the account that connects to the "authstore" database.
Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR
CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9
=uX5k
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
Chris,
In my realm, you're saying that the digest attribute is how the password is stored in the database? Not how it is entered/translated when the user logs
in.
I'm using this to generate a MD5 hash of the password = password:
java -classpath C:\apache-tomcat-6.0.24\lib\catalina.jar;C:\apache-tomcat-6.0.24\bin\tomcat-juli.jar org.apache.catalina.realm.RealmBase -a md5 password
I don't understand why I can't authenticate with what I have.
When I login and supply a username and password, I get the 401 error page. This user does have the "webservicereader" role. And the user's password is the same value in the database as in the dos window when I create a password of password.
Page 144 of the servlet 2.5 spec speaks to the login-config Element. It doesn't list the values for "realm-name", is DataSourceRealm valid? I've tried using DIGEST instead of BASIC for the auth-method, but that change doesn't make a difference, so I must have something else wrong?
The only thing I haven't tried is changing the names of the tables to the names listed in the Tomcat docs. Maybe I can't use different table names for users and roles?
I do have SSL enabled and I have another webapp working with Active Directory authentication - BASIC over HTTPS. This "experiment" is an extension of the SSL question I posted a few weeks ago. That is probably why the web.xml looks very similar.
** META-INF/context.xml:
<Context antiJARLocking="true" path="/sample2" privileged="true">
<!-- This Realm uses a DataSourceRealm -->
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/SecurityStore"
userTable="SECURITYSTORE_USERS"
userNameCol="USERNAME"
userCredCol="MD5PASSWORD"
userRoleTable="SECURITYSTORE_ROLES"
roleNameCol="ROLENAME"
digest="MD5"/>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/SecurityStore</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<Resource name="jdbc/SecurityStore"
auth="Container"
type="javax.sql.DataSource"
username="username"
password="password"
driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://servername;database=databasename"/>
</Context>
** web.xml:
<!-- SECURITY CONSTRAINT -->
<security-constraint>
<web-resource-collection>
<web-resource-name>samplewebapp2</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>webservicereader</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- LOGIN CONFIGURATION-->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DataSourceRealm</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>webservicereader</role-name>
</security-role>
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, March 24, 2010 12:47 PM
To: Tomcat Users List
Subject: Re: Connecting to a Database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote:
> I know you can specify digest for a Realm, but I don't see where I can
> do that for a Resource.
Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database.
> Do I need to leave the password of
> "javadude" in the Resource in clear text, or can it be a digested
> version of "javadude" in clear text in the Resource element?
You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection?
> The SQL table of user passwords will be in digest, but I wasn't sure
> if I could use a digested password as part of the configuration for
> the account that connects to the "authstore" database.
Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR
CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9
=uX5k
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connecting to a Database
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote:
> I know you can specify digest for a Realm, but I don't see where I
> can do that for a Resource.
Note that the digest is for hashing passwords during /user/
authentication, not connecting to the database.
> Do I need to leave the password of
> "javadude" in the Resource in clear text, or can it be a digested
> version of "javadude" in clear text in the Resource element?
You cannot hash the db password. If you could, how would Tomcat decrypt
it to make the connection?
> The SQL table of user passwords will be in digest, but I wasn't sure
> if I could use a digested password as part of the configuration for
> the account that connects to the "authstore" database.
Nope. Search the archives for that question being asked repeatedly, or
just think about the implications of hashing a password that you want to
use later. Then, think about the implications of /two-way/ encryption
for a password and I think you'll see that you're just moving the
problem somewhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR
CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9
=uX5k
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Martin Gainty <mg...@hotmail.com>.
Good Evening Leo-
i would suggest using the Digest class (over command line calculation of Password)
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords
HTH
Martin Gainty
______________________________________________
Relayers are requested to not disrupt or alter this transmission.
> From: LeoDonahue@mail.maricopa.gov
> To: users@tomcat.apache.org
> Date: Wed, 24 Mar 2010 10:28:52 -0700
> Subject: RE: Connecting to a Database
>
> Thanks everyone. I understand this better.
>
> I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Do I need to leave the password of "javadude" in the Resource in clear text, or can it be a digested version of "javadude" in clear text in the Resource element?
>
> The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the "authstore" database.
>
> Leo
>
> -----Original Message-----
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Sent: Wednesday, March 24, 2010 8:56 AM
> To: Tomcat Users List
> Subject: Re: Connecting to a Database
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Leo,
>
> On 3/24/2010 11:43 AM, Leo Donahue - PLANDEVX wrote:
> > No, not sure. That is what I was confused about.
> > JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource
>
> A Realm is something Tomcat uses for authentication. A DataSource is an object which hands out database connections. The use of JDBC vs. JNDI is really just about how the connections are obtained: JDBCRealm manages its own JDBC connection (and is heavily synchronized, as Mark mentions:
> don't use it). DataSourceRealm uses a DataSource obtained via JNDI and configured via a <Resource> element. There is no JDBCDataSource that I know of.
>
> Recommended setup (IMHO): configure everything in META-INF/context.xml and use DataSourceRealm. No need to configure anything in server.xml and no need to configure anything at the OS level (as Mark mentioned, that's ODBC).
>
> > Assuming I have the correct tables in the database named "authstore", does this look right?
> >
> > ** in server.xml **
> > <Realm className="com.microsoft.sqlserver.jdbc.SQLServerDriver"
>
> className should be org.apache.catalina.realm.DataSourceRealm
>
> > dataSourceName="jdbc/authority"
> > userTable="users" userNameCol="user_name" userCredCol="user_pass"
> > userRoleTable="user_roles" roleNameCol="role_name"/>
>
> Ok.
>
> > ** in META-INF/context.xml of specific webapp **
> > <resource-ref>
> > <description>DB Connection</description>
> > <res-ref-name>jdbc/authority</res-ref-name>
> > <res-type>javax.sql.DataSource</res-type>
> > <res-auth>Container</res-auth>
> > </resource-ref>
>
> This is actually stuff for web.xml, though it is not required if you have your <Resource> defined in META-INF/context.xml.
>
> > ** also in META-INF/context.xml file? **
> > <Resource name="jdbc/authority" auth="Container" type="javax.sql.DataSource"
> > username="javauser" password="javadude"
> > driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
> > url="jdbc:sqlserver://localhost;database=authstore"/>
>
> Looks good to me. Make sure your JDBC driver JAR file is in CATALINA_BASE/lib and nowhere else.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkuqNfkACgkQ9CaO5/Lv0PAgQwCgt7UySAU4hOcZzw4oGFlEqeqM
> l3EAoJt8ySaQRmKKwVZbS8NytPs8HfqZ
> =ou3q
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_1
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
Thanks everyone. I understand this better.
I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Do I need to leave the password of "javadude" in the Resource in clear text, or can it be a digested version of "javadude" in clear text in the Resource element?
The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the "authstore" database.
Leo
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, March 24, 2010 8:56 AM
To: Tomcat Users List
Subject: Re: Connecting to a Database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 11:43 AM, Leo Donahue - PLANDEVX wrote:
> No, not sure. That is what I was confused about.
> JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource
A Realm is something Tomcat uses for authentication. A DataSource is an object which hands out database connections. The use of JDBC vs. JNDI is really just about how the connections are obtained: JDBCRealm manages its own JDBC connection (and is heavily synchronized, as Mark mentions:
don't use it). DataSourceRealm uses a DataSource obtained via JNDI and configured via a <Resource> element. There is no JDBCDataSource that I know of.
Recommended setup (IMHO): configure everything in META-INF/context.xml and use DataSourceRealm. No need to configure anything in server.xml and no need to configure anything at the OS level (as Mark mentioned, that's ODBC).
> Assuming I have the correct tables in the database named "authstore", does this look right?
>
> ** in server.xml **
> <Realm className="com.microsoft.sqlserver.jdbc.SQLServerDriver"
className should be org.apache.catalina.realm.DataSourceRealm
> dataSourceName="jdbc/authority"
> userTable="users" userNameCol="user_name" userCredCol="user_pass"
> userRoleTable="user_roles" roleNameCol="role_name"/>
Ok.
> ** in META-INF/context.xml of specific webapp **
> <resource-ref>
> <description>DB Connection</description>
> <res-ref-name>jdbc/authority</res-ref-name>
> <res-type>javax.sql.DataSource</res-type>
> <res-auth>Container</res-auth>
> </resource-ref>
This is actually stuff for web.xml, though it is not required if you have your <Resource> defined in META-INF/context.xml.
> ** also in META-INF/context.xml file? **
> <Resource name="jdbc/authority" auth="Container" type="javax.sql.DataSource"
> username="javauser" password="javadude"
> driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
> url="jdbc:sqlserver://localhost;database=authstore"/>
Looks good to me. Make sure your JDBC driver JAR file is in CATALINA_BASE/lib and nowhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqNfkACgkQ9CaO5/Lv0PAgQwCgt7UySAU4hOcZzw4oGFlEqeqM
l3EAoJt8ySaQRmKKwVZbS8NytPs8HfqZ
=ou3q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connecting to a Database
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leo,
On 3/24/2010 11:43 AM, Leo Donahue - PLANDEVX wrote:
> No, not sure. That is what I was confused about.
> JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource
A Realm is something Tomcat uses for authentication. A DataSource is an
object which hands out database connections. The use of JDBC vs. JNDI is
really just about how the connections are obtained: JDBCRealm manages
its own JDBC connection (and is heavily synchronized, as Mark mentions:
don't use it). DataSourceRealm uses a DataSource obtained via JNDI and
configured via a <Resource> element. There is no JDBCDataSource that I
know of.
Recommended setup (IMHO): configure everything in META-INF/context.xml
and use DataSourceRealm. No need to configure anything in server.xml and
no need to configure anything at the OS level (as Mark mentioned, that's
ODBC).
> Assuming I have the correct tables in the database named "authstore", does this look right?
>
> ** in server.xml **
> <Realm className="com.microsoft.sqlserver.jdbc.SQLServerDriver"
className should be org.apache.catalina.realm.DataSourceRealm
> dataSourceName="jdbc/authority"
> userTable="users" userNameCol="user_name" userCredCol="user_pass"
> userRoleTable="user_roles" roleNameCol="role_name"/>
Ok.
> ** in META-INF/context.xml of specific webapp **
> <resource-ref>
> <description>DB Connection</description>
> <res-ref-name>jdbc/authority</res-ref-name>
> <res-type>javax.sql.DataSource</res-type>
> <res-auth>Container</res-auth>
> </resource-ref>
This is actually stuff for web.xml, though it is not required if you
have your <Resource> defined in META-INF/context.xml.
> ** also in META-INF/context.xml file? **
> <Resource name="jdbc/authority" auth="Container" type="javax.sql.DataSource"
> username="javauser" password="javadude"
> driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
> url="jdbc:sqlserver://localhost;database=authstore"/>
Looks good to me. Make sure your JDBC driver JAR file is in
CATALINA_BASE/lib and nowhere else.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuqNfkACgkQ9CaO5/Lv0PAgQwCgt7UySAU4hOcZzw4oGFlEqeqM
l3EAoJt8ySaQRmKKwVZbS8NytPs8HfqZ
=ou3q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
No, not sure. That is what I was confused about.
JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource
I think what was throwing me off was seeing examples of the tomcat-users in both the realm-howto and in the jndi-resources-howto
I'm attempting container managed security using SQL Server. It looks like I need both a DataSourceRealm and a JDBC DataSource?
Assuming I have the correct tables in the database named "authstore", does this look right?
** in server.xml **
<Realm className="com.microsoft.sqlserver.jdbc.SQLServerDriver"
dataSourceName="jdbc/authority"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>
** in META-INF/context.xml of specific webapp **
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/authority</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
** also in META-INF/context.xml file? **
<Resource name="jdbc/authority" auth="Container" type="javax.sql.DataSource"
username="javauser" password="javadude" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://localhost;database=authstore"/>
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Tuesday, March 23, 2010 3:22 PM
To: Tomcat Users List
Subject: RE: Connecting to a Database
> From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
> Subject: Connecting to a Database
>
> Tomcat 6.0.24
> Windows Server 2003 R2 SP2
> SQL Server 2005 Express
> Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007
>
> I know I need to configure a Realm
Are you sure? A <Realm> is used for authentication only, not for a webapp that accesses a database. Do you perhaps mean <Resource>?
> JDBCRealm or JNDI DataSourceRealm?
If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connecting to a Database
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Leo Donahue - PLANDEVX [mailto:LeoDonahue@mail.maricopa.gov]
> Subject: Connecting to a Database
>
> Tomcat 6.0.24
> Windows Server 2003 R2 SP2
> SQL Server 2005 Express
> Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007
>
> I know I need to configure a Realm
Are you sure? A <Realm> is used for authentication only, not for a webapp that accesses a database. Do you perhaps mean <Resource>?
> JDBCRealm or JNDI DataSourceRealm?
If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connecting to a Database
Posted by Mark Thomas <ma...@apache.org>.
On 23/03/2010 22:16, Leo Donahue - PLANDEVX wrote:
> Tomcat 6.0.24
> Windows Server 2003 R2 SP2
> SQL Server 2005 Express
> Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007
>
> I know I need to configure a Realm and that can be in an Engine, Host or Context element, but most likely in a context element inside the context.xml under META-INF of my specific webapp.
>
> What do most people prefer? JDBCRealm or JNDI DataSourceRealm?
DataSourceRealm everytime. JDBCRealm uses a single connection and is
heavily synchronized as a result.
> Does the latter require setting up a System DSN datasource in Windows?
No.
> Or am I confusing that with something else?
Yes, ODBC.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org