You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dirk Griesbach <dg...@eurocom-depora.de> on 2003/12/11 16:09:22 UTC
Tomcat 5.0.16 : manager-app access - solved
I traced the problem down to the 'user_role' entry in the database:
The role of the user used by the manager-app had role "admin,manager"
(like in 'tomcat-users.xml' in a memory Realm) which does not work.
Changing the user_role to 'manager' puts it......but now the admin-app using
the same user complains.
Maybe class
"org.apache.catalina.realm.DataSourceRealm" works different than
"org.apache.catalina.realm.UserDatabaseRealm"
regarding comma seperated roles ?
grisi
----- Original Message -----
From: Dirk Griesbach <dg...@eurocom-depora.de>
To: Tomcat Users List <to...@jakarta.apache.org>
Sent: Thursday, December 11, 2003 9:57 AM
Subject: Re: Tomcat 5.0.16 : manager-app access
> Hi Adam,
>
> thanx for your hint, is there a FAQ or Readme on TC5 I missed ?
>
> I moved the manager.xml to ...\conf\catalina\localhost.
> It has the following content:
> "
> <Context path="/manager" docBase="../server/webapps/manager"
> debug="0" privileged="true">
>
> <ResourceLink name="users" global="UserDatabase"
> type="javax.sql.DataSource"/>
> </Context>
> "
> You're right, the Realm is defined in the server.xml:
>
> "
> ...
> <GlobalNamingResources>
> ...
> <Resource name="UserDatabase"
> auth="Container"
> type="javax.sql.DataSource" />
>
> <ResourceParams name="UserDatabase" >
> ....
> </ResourceParams>
> </GlobalNamingResources>
> "
> Unfortunately: no effect, "403 - Access to the requested resource has been
> denied"
> The admin-app still shows no entry in 'User database"
>
> Is there something else that's worth having a look at ?
>
> Dirk
>
> ----- Original Message -----
> From: Adam Hardy <ah...@cyberspaceroad.com>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Sent: Wednesday, December 10, 2003 10:17 PM
> Subject: Re: Tomcat 5.0.16 : manager-app access
>
>
> > On 12/10/2003 05:49 PM Dirk Griesbach wrote:
> > > hello folks,
> > >
> > > a question on datasource realms and the manager app:
> > >
> > > When I installed TC 5.0.16 'out-of-the-box' I could start the
> manager-app.
> > >
> > > Then I deployed our webapp (manually), configured a DataSourceRealm
> using mysql
> > > for authentification, configured SSL, form based LogIn and ... the
> webapp works fine.
> > > (The resource name is still "UserDatabase")
> > >
> > > But if I now try to use the manager-app I get the error: "403 - access
> denied" without even being prompted.
> > >
> > > I've modified "..server\webapps\manager\WEB-INF\web.xml" so that it
> reads:
> > >
> > > "...
> > > <resource-env-ref-name>UserDatabase</resource-env-ref-name>
> > > <resource-env-ref-type>javax.sql.DataSource</resource-env-ref-type>
> > > ....
> > > "
> > >
> > > and "..server\webapps\manager\manager.xml" that it reads
> > >
> > > "...
> > > <ResourceLink name="users" global="UserDatabase"
> > > type="javax.sql.DataSource"/>
> > > ....
> > > "
> > > ....no effect.
> > >
> > > Even more strange the behaviour of the "admin-app":
> > >
> > > The Login-screen appears as usual and login data that complies with
the
> the DataSource Realm is being accepted.
> > > Clicking on "dataSource" shows up the 'mysql-jdbc' Installation.
> > > Clicking on 'user database' shows....nothing.
> > > Clicking on 'user roles, groups' etc. results in an error
> > > "The server encountered an internal error (Error retrieving attribute
> groups) that prevented it from fulfilling this request."
> > > Admin-app uses struts with TagLibs, is there something hardcoded in
> there ?
> > >
> > > Why do the these two applications not recognize the new Realm ?
> >
> >
> > Hi Dirk,
> > presumably you configured the realm in the server.xml.
> >
> > You need to put the manager.xml file in conf/Catalina/localhost/ which
> > is the new place for it in 5.x
> >
> > Adam
> > --
> > struts 1.1 + tomcat 5.0.16 + java 1.4.2
> > Linux 2.4.20 Debian
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat 5.0.16 : manager-app access - solved
Posted by Dirk Griesbach <dg...@eurocom-depora.de>.
Hi Andy,
yes, you were completely right with your assumption about the user roles.
Thanks a lot
greets
Dirk
----- Original Message -----
From: Adam Hardy <ah...@cyberspaceroad.com>
To: Tomcat Users List <to...@jakarta.apache.org>
Sent: Thursday, December 11, 2003 10:33 PM
Subject: Re: Tomcat 5.0.16 : manager-app access - solved
> Ah! If only you hadn't dropped the thread! Oh well, glad you got it
sorted.
>
> As for the commas, looks like you found a bug - although I would check
> that user_roles="admin" works for admin only as well.
>
> Adam
>
> On 12/11/2003 04:09 PM Dirk Griesbach wrote:
> > I traced the problem down to the 'user_role' entry in the database:
> > The role of the user used by the manager-app had role "admin,manager"
> > (like in 'tomcat-users.xml' in a memory Realm) which does not work.
> > Changing the user_role to 'manager' puts it......but now the admin-app
using
> > the same user complains.
> >
> > Maybe class
> > "org.apache.catalina.realm.DataSourceRealm" works different than
> > "org.apache.catalina.realm.UserDatabaseRealm"
> > regarding comma seperated roles ?
> >
> > grisi
> > ----- Original Message -----
> > From: Dirk Griesbach <dg...@eurocom-depora.de>
> > To: Tomcat Users List <to...@jakarta.apache.org>
> > Sent: Thursday, December 11, 2003 9:57 AM
> > Subject: Re: Tomcat 5.0.16 : manager-app access
> >
> >
> >
> >>Hi Adam,
> >>
> >>thanx for your hint, is there a FAQ or Readme on TC5 I missed ?
> >>
> >>I moved the manager.xml to ...\conf\catalina\localhost.
> >>It has the following content:
> >>"
> >><Context path="/manager" docBase="../server/webapps/manager"
> >> debug="0" privileged="true">
> >>
> >> <ResourceLink name="users" global="UserDatabase"
> >> type="javax.sql.DataSource"/>
> >></Context>
> >>"
> >>You're right, the Realm is defined in the server.xml:
> >>
> >>"
> >>...
> >><GlobalNamingResources>
> >>...
> >><Resource name="UserDatabase"
> >> auth="Container"
> >> type="javax.sql.DataSource" />
> >>
> >> <ResourceParams name="UserDatabase" >
> >>....
> >> </ResourceParams>
> >> </GlobalNamingResources>
> >>"
> >>Unfortunately: no effect, "403 - Access to the requested resource has
been
> >>denied"
> >>The admin-app still shows no entry in 'User database"
> >>
> >>Is there something else that's worth having a look at ?
> >>
> >>Dirk
> >>
> >>----- Original Message -----
> >>From: Adam Hardy <ah...@cyberspaceroad.com>
> >>To: Tomcat Users List <to...@jakarta.apache.org>
> >>Sent: Wednesday, December 10, 2003 10:17 PM
> >>Subject: Re: Tomcat 5.0.16 : manager-app access
> >>
> >>
> >>
> >>>On 12/10/2003 05:49 PM Dirk Griesbach wrote:
> >>>
> >>>>hello folks,
> >>>>
> >>>>a question on datasource realms and the manager app:
> >>>>
> >>>>When I installed TC 5.0.16 'out-of-the-box' I could start the
> >>
> >>manager-app.
> >>
> >>>>Then I deployed our webapp (manually), configured a DataSourceRealm
> >>
> >>using mysql
> >>
> >>>>for authentification, configured SSL, form based LogIn and ... the
> >>
> >>webapp works fine.
> >>
> >>>>(The resource name is still "UserDatabase")
> >>>>
> >>>>But if I now try to use the manager-app I get the error: "403 - access
> >>
> >>denied" without even being prompted.
> >>
> >>>>I've modified "..server\webapps\manager\WEB-INF\web.xml" so that it
> >>
> >>reads:
> >>
> >>>>"...
> >>>> <resource-env-ref-name>UserDatabase</resource-env-ref-name>
> >>>> <resource-env-ref-type>javax.sql.DataSource</resource-env-ref-type>
> >>>>....
> >>>>"
> >>>>
> >>>>and "..server\webapps\manager\manager.xml" that it reads
> >>>>
> >>>>"...
> >>>><ResourceLink name="users" global="UserDatabase"
> >>>> type="javax.sql.DataSource"/>
> >>>>....
> >>>>"
> >>>>....no effect.
> >>>>
> >>>>Even more strange the behaviour of the "admin-app":
> >>>>
> >>>>The Login-screen appears as usual and login data that complies with
> >
> > the
> >
> >>the DataSource Realm is being accepted.
> >>
> >>>>Clicking on "dataSource" shows up the 'mysql-jdbc' Installation.
> >>>>Clicking on 'user database' shows....nothing.
> >>>>Clicking on 'user roles, groups' etc. results in an error
> >>>>"The server encountered an internal error (Error retrieving attribute
> >>
> >>groups) that prevented it from fulfilling this request."
> >>
> >>>>Admin-app uses struts with TagLibs, is there something hardcoded in
> >>
> >>there ?
> >>
> >>>>Why do the these two applications not recognize the new Realm ?
> >>>
> >>>
> >>>Hi Dirk,
> >>>presumably you configured the realm in the server.xml.
> >>>
> >>>You need to put the manager.xml file in conf/Catalina/localhost/ which
> >>>is the new place for it in 5.x
> >>>
> >>>Adam
> >>>--
> >>>struts 1.1 + tomcat 5.0.16 + java 1.4.2
> >>>Linux 2.4.20 Debian
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>>
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
> --
> struts 1.1 + tomcat 5.0.16 + java 1.4.2
> Linux 2.4.20 Debian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat 5.0.16 : manager-app access - solved
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Ah! If only you hadn't dropped the thread! Oh well, glad you got it sorted.
As for the commas, looks like you found a bug - although I would check
that user_roles="admin" works for admin only as well.
Adam
On 12/11/2003 04:09 PM Dirk Griesbach wrote:
> I traced the problem down to the 'user_role' entry in the database:
> The role of the user used by the manager-app had role "admin,manager"
> (like in 'tomcat-users.xml' in a memory Realm) which does not work.
> Changing the user_role to 'manager' puts it......but now the admin-app using
> the same user complains.
>
> Maybe class
> "org.apache.catalina.realm.DataSourceRealm" works different than
> "org.apache.catalina.realm.UserDatabaseRealm"
> regarding comma seperated roles ?
>
> grisi
> ----- Original Message -----
> From: Dirk Griesbach <dg...@eurocom-depora.de>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Sent: Thursday, December 11, 2003 9:57 AM
> Subject: Re: Tomcat 5.0.16 : manager-app access
>
>
>
>>Hi Adam,
>>
>>thanx for your hint, is there a FAQ or Readme on TC5 I missed ?
>>
>>I moved the manager.xml to ...\conf\catalina\localhost.
>>It has the following content:
>>"
>><Context path="/manager" docBase="../server/webapps/manager"
>> debug="0" privileged="true">
>>
>> <ResourceLink name="users" global="UserDatabase"
>> type="javax.sql.DataSource"/>
>></Context>
>>"
>>You're right, the Realm is defined in the server.xml:
>>
>>"
>>...
>><GlobalNamingResources>
>>...
>><Resource name="UserDatabase"
>> auth="Container"
>> type="javax.sql.DataSource" />
>>
>> <ResourceParams name="UserDatabase" >
>>....
>> </ResourceParams>
>> </GlobalNamingResources>
>>"
>>Unfortunately: no effect, "403 - Access to the requested resource has been
>>denied"
>>The admin-app still shows no entry in 'User database"
>>
>>Is there something else that's worth having a look at ?
>>
>>Dirk
>>
>>----- Original Message -----
>>From: Adam Hardy <ah...@cyberspaceroad.com>
>>To: Tomcat Users List <to...@jakarta.apache.org>
>>Sent: Wednesday, December 10, 2003 10:17 PM
>>Subject: Re: Tomcat 5.0.16 : manager-app access
>>
>>
>>
>>>On 12/10/2003 05:49 PM Dirk Griesbach wrote:
>>>
>>>>hello folks,
>>>>
>>>>a question on datasource realms and the manager app:
>>>>
>>>>When I installed TC 5.0.16 'out-of-the-box' I could start the
>>
>>manager-app.
>>
>>>>Then I deployed our webapp (manually), configured a DataSourceRealm
>>
>>using mysql
>>
>>>>for authentification, configured SSL, form based LogIn and ... the
>>
>>webapp works fine.
>>
>>>>(The resource name is still "UserDatabase")
>>>>
>>>>But if I now try to use the manager-app I get the error: "403 - access
>>
>>denied" without even being prompted.
>>
>>>>I've modified "..server\webapps\manager\WEB-INF\web.xml" so that it
>>
>>reads:
>>
>>>>"...
>>>> <resource-env-ref-name>UserDatabase</resource-env-ref-name>
>>>> <resource-env-ref-type>javax.sql.DataSource</resource-env-ref-type>
>>>>....
>>>>"
>>>>
>>>>and "..server\webapps\manager\manager.xml" that it reads
>>>>
>>>>"...
>>>><ResourceLink name="users" global="UserDatabase"
>>>> type="javax.sql.DataSource"/>
>>>>....
>>>>"
>>>>....no effect.
>>>>
>>>>Even more strange the behaviour of the "admin-app":
>>>>
>>>>The Login-screen appears as usual and login data that complies with
>
> the
>
>>the DataSource Realm is being accepted.
>>
>>>>Clicking on "dataSource" shows up the 'mysql-jdbc' Installation.
>>>>Clicking on 'user database' shows....nothing.
>>>>Clicking on 'user roles, groups' etc. results in an error
>>>>"The server encountered an internal error (Error retrieving attribute
>>
>>groups) that prevented it from fulfilling this request."
>>
>>>>Admin-app uses struts with TagLibs, is there something hardcoded in
>>
>>there ?
>>
>>>>Why do the these two applications not recognize the new Realm ?
>>>
>>>
>>>Hi Dirk,
>>>presumably you configured the realm in the server.xml.
>>>
>>>You need to put the manager.xml file in conf/Catalina/localhost/ which
>>>is the new place for it in 5.x
>>>
>>>Adam
>>>--
>>>struts 1.1 + tomcat 5.0.16 + java 1.4.2
>>>Linux 2.4.20 Debian
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org