You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Laurent Perez <do...@free.fr> on 2003/09/23 16:43:51 UTC
JDBC Realm problems
Hello
I am trying to protect a webapp I wrote using a JDBCRealm, but it doesn't
seem to work as expected. I am using Tomcat 4.1.27, and Postgresql 7.3.2,
with latest JDBC driver within $tomcat/common/lib.
My realm is described as follows, in $tomcat/conf/server.xml :
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.postgresql.Driver"
digest="md5"
connectionURL="jdbc:postgresql://127.0.0.1/mydb"
connectionName="mylogin" connectionPassword="mypass"
userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
userRoleTable="named_roles" roleNameCol="role" />
When I start Tomcat, I can see it connecting and idling to mydb, so JDBC
driver works. Also 'mylogin' has read access on named_roles.
My webapp is called 'test' and located within $tomcat/webapps/, its
WEB-INF/web.xml is as follows :
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<security-constraint>
<web-ressource-collection>
<web-ressource-name>test</web-ressource-name>
<url-pattern>/*</url-pattern>
</web-ressource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>test</realm-name>
</login-config>
<security-role>
<role-name>myrole</role-name>
</security-role>
</web-app>
The 'myrole' role is defined in my named_roles table, and I have several
users under that role. I did add <security-role> tags because Tomcat would
warn me about 'myrole' not being within <security-role> tags on startup.
Now when I am trying to access http://localhost:8080/test, no
authentication window pops up, I can access it freely, which shouldn't be
correct (?). When I look at logs, I can see :
2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator for
method BASIC
2003-09-23 14:14:52 StandardManager[/test]: Seeding random number generator
class java.security.SecureRandom
2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number
generator has been completed
If BASIC auth method is activated, why isn't my browser showing up an auth
window ? :-/
Also I know Postgres doesn't store md5 password files like
md5_func(password), but instead md5_func(password+login), will it cause
problems with Tomcat's digest=md5 behaviour ?
Thanks for any help
Laurent Perez
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Oh I'm very sorry, perhaps I confused your post with somebody else's.
The problem I am referring to is the issue with the <web-resource-name>
being spelt wrong.
Adam
On 09/24/2003 12:08 PM Laurent Perez wrote:
>
>> Yes! I was unaware that you could disable xml parsing exceptions. But
>> it seems you have. :(
>
>
> Sorry but I don't understand the link between my xml parser and
> Postgres' MD5 encoding.
> Do you have your Tomcat setup authenticating users against a Postgresql
> JDBCRealm using MD5 digest ?
>
> laurent
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Oh I'm very sorry, perhaps I confused your post with somebody else's.
The problem I am referring to is the issue with the <web-resource-name>
being spelt wrong.
Adam
On 09/24/2003 12:08 PM Laurent Perez wrote:
>
>> Yes! I was unaware that you could disable xml parsing exceptions. But
>> it seems you have. :(
>
>
> Sorry but I don't understand the link between my xml parser and
> Postgres' MD5 encoding.
> Do you have your Tomcat setup authenticating users against a Postgresql
> JDBCRealm using MD5 digest ?
>
> laurent
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Laurent Perez <do...@free.fr>.
>Yes! I was unaware that you could disable xml parsing exceptions. But it
>seems you have. :(
Sorry but I don't understand the link between my xml parser and Postgres'
MD5 encoding.
Do you have your Tomcat setup authenticating users against a Postgresql
JDBCRealm using MD5 digest ?
laurent
Re: JDBC Realm problems
Posted by Laurent Perez <do...@free.fr>.
>Yes! I was unaware that you could disable xml parsing exceptions. But it
>seems you have. :(
Sorry but I don't understand the link between my xml parser and Postgres'
MD5 encoding.
Do you have your Tomcat setup authenticating users against a Postgresql
JDBCRealm using MD5 digest ?
laurent
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Yes! I was unaware that you could disable xml parsing exceptions. But it
seems you have. :(
Perhaps it depends on the xml parser you are running. Mine is crimson
(SAX?).
Adam
On 09/24/2003 11:29 AM Laurent Perez wrote:
>
>> Don't you get:
>>
>> Digester.error(): org.xml.sax.SAXParseException: Element
>> "security-constraint" requires additional elements.
>
>
> No I don't. Should I ?
>
> laurent
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Yes! I was unaware that you could disable xml parsing exceptions. But it
seems you have. :(
Perhaps it depends on the xml parser you are running. Mine is crimson
(SAX?).
Adam
On 09/24/2003 11:29 AM Laurent Perez wrote:
>
>> Don't you get:
>>
>> Digester.error(): org.xml.sax.SAXParseException: Element
>> "security-constraint" requires additional elements.
>
>
> No I don't. Should I ?
>
> laurent
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
Re: JDBC Realm problems
Posted by Laurent Perez <do...@free.fr>.
>Don't you get:
>
>Digester.error(): org.xml.sax.SAXParseException: Element
>"security-constraint" requires additional elements.
No I don't. Should I ?
laurent
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Laurent Perez <do...@free.fr>.
>Don't you get:
>
>Digester.error(): org.xml.sax.SAXParseException: Element
>"security-constraint" requires additional elements.
No I don't. Should I ?
laurent
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Don't you get:
Digester.error(): org.xml.sax.SAXParseException: Element
"security-constraint" requires additional elements.
On 09/24/2003 09:48 AM Laurent Perez wrote:
>
>> in case no one noticed and it matters, web.xml has following typo in it,
>> where resource is spelled "ressource":
>> > > <web-ressource-collection>
>> > > <web-ressource-name>test</web-ressource-name>
>
>
> I wish I had seen that earlier x_x.
> Thanks alot Paul, it's now showing up auth window.
>
> Unfortunately I have the same problem as mentionned here :
> http://archives.real-time.com/pipermail/tomcat-users/2003-January/094373.html
>
>
> Do I have to modify the source code of
> org.apache.catalina.realm.JDBCRealm to have it concatenate
> username+password to make md5 auth successfull on Postgres, or is there
> another workaround (maybe in TC5) ?
>
> Thanks
> laurent
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Don't you get:
Digester.error(): org.xml.sax.SAXParseException: Element
"security-constraint" requires additional elements.
On 09/24/2003 09:48 AM Laurent Perez wrote:
>
>> in case no one noticed and it matters, web.xml has following typo in it,
>> where resource is spelled "ressource":
>> > > <web-ressource-collection>
>> > > <web-ressource-name>test</web-ressource-name>
>
>
> I wish I had seen that earlier x_x.
> Thanks alot Paul, it's now showing up auth window.
>
> Unfortunately I have the same problem as mentionned here :
> http://archives.real-time.com/pipermail/tomcat-users/2003-January/094373.html
>
>
> Do I have to modify the source code of
> org.apache.catalina.realm.JDBCRealm to have it concatenate
> username+password to make md5 auth successfull on Postgres, or is there
> another workaround (maybe in TC5) ?
>
> Thanks
> laurent
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
Re: JDBC Realm problems
Posted by Laurent Perez <do...@free.fr>.
>in case no one noticed and it matters, web.xml has following typo in it,
>where resource is spelled "ressource":
> > > <web-ressource-collection>
> > > <web-ressource-name>test</web-ressource-name>
I wish I had seen that earlier x_x.
Thanks alot Paul, it's now showing up auth window.
Unfortunately I have the same problem as mentionned here :
http://archives.real-time.com/pipermail/tomcat-users/2003-January/094373.html
Do I have to modify the source code of org.apache.catalina.realm.JDBCRealm
to have it concatenate username+password to make md5 auth successfull on
Postgres, or is there another workaround (maybe in TC5) ?
Thanks
laurent
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Laurent Perez <do...@free.fr>.
>in case no one noticed and it matters, web.xml has following typo in it,
>where resource is spelled "ressource":
> > > <web-ressource-collection>
> > > <web-ressource-name>test</web-ressource-name>
I wish I had seen that earlier x_x.
Thanks alot Paul, it's now showing up auth window.
Unfortunately I have the same problem as mentionned here :
http://archives.real-time.com/pipermail/tomcat-users/2003-January/094373.html
Do I have to modify the source code of org.apache.catalina.realm.JDBCRealm
to have it concatenate username+password to make md5 auth successfull on
Postgres, or is there another workaround (maybe in TC5) ?
Thanks
laurent
Re: JDBC Realm problems
Posted by Paul <pa...@msci.ca>.
in case no one noticed and it matters, web.xml has following typo in it,
where resource is spelled "ressource":
> > <web-ressource-collection>
> > <web-ressource-name>test</web-ressource-name>
----- Original Message -----
From: "Adam Hardy" <ah...@cyberspaceroad.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Tuesday, September 23, 2003 12:39 PM
Subject: Re: JDBC Realm problems
> Your config looks OK. Are you getting any errors logged when you try to
> log on?
>
> On 09/23/2003 04:43 PM Laurent Perez wrote:
> > Hello
> >
> > I am trying to protect a webapp I wrote using a JDBCRealm, but it
> > doesn't seem to work as expected. I am using Tomcat 4.1.27, and
> > Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
> >
> > My realm is described as follows, in $tomcat/conf/server.xml :
> >
> > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> > driverName="org.postgresql.Driver"
> > digest="md5"
> > connectionURL="jdbc:postgresql://127.0.0.1/mydb"
> > connectionName="mylogin" connectionPassword="mypass"
> > userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
> > userRoleTable="named_roles" roleNameCol="role" />
> >
> > When I start Tomcat, I can see it connecting and idling to mydb, so JDBC
> > driver works. Also 'mylogin' has read access on named_roles.
> >
> > My webapp is called 'test' and located within $tomcat/webapps/, its
> > WEB-INF/web.xml is as follows :
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> >
> > <!DOCTYPE web-app
> > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> >
> > <web-app>
> > <security-constraint>
> > <web-ressource-collection>
> > <web-ressource-name>test</web-ressource-name>
> > <url-pattern>/*</url-pattern>
> > </web-ressource-collection>
> > <auth-constraint>
> > <role-name>myrole</role-name>
> > </auth-constraint>
> > </security-constraint>
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>test</realm-name>
> > </login-config>
> > <security-role>
> > <role-name>myrole</role-name>
> > </security-role>
> > </web-app>
> >
> > The 'myrole' role is defined in my named_roles table, and I have several
> > users under that role. I did add <security-role> tags because Tomcat
> > would warn me about 'myrole' not being within <security-role> tags on
> > startup.
> >
> > Now when I am trying to access http://localhost:8080/test, no
> > authentication window pops up, I can access it freely, which shouldn't
> > be correct (?). When I look at logs, I can see :
> > 2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator
> > for method BASIC
> > 2003-09-23 14:14:52 StandardManager[/test]: Seeding random number
> > generator class java.security.SecureRandom
> > 2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number
> > generator has been completed
> >
> > If BASIC auth method is activated, why isn't my browser showing up an
> > auth window ? :-/
> >
> > Also I know Postgres doesn't store md5 password files like
> > md5_func(password), but instead md5_func(password+login), will it cause
> > problems with Tomcat's digest=md5 behaviour ?
> >
> > Thanks for any help
> >
> > Laurent Perez
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> --
> struts 1.1 + tomcat 4.1.27 + java 1.4.2
> Linux 2.4.20 RH9
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
Re: JDBC Realm problems
Posted by Paul <pa...@msci.ca>.
in case no one noticed and it matters, web.xml has following typo in it,
where resource is spelled "ressource":
> > <web-ressource-collection>
> > <web-ressource-name>test</web-ressource-name>
----- Original Message -----
From: "Adam Hardy" <ah...@cyberspaceroad.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Tuesday, September 23, 2003 12:39 PM
Subject: Re: JDBC Realm problems
> Your config looks OK. Are you getting any errors logged when you try to
> log on?
>
> On 09/23/2003 04:43 PM Laurent Perez wrote:
> > Hello
> >
> > I am trying to protect a webapp I wrote using a JDBCRealm, but it
> > doesn't seem to work as expected. I am using Tomcat 4.1.27, and
> > Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
> >
> > My realm is described as follows, in $tomcat/conf/server.xml :
> >
> > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> > driverName="org.postgresql.Driver"
> > digest="md5"
> > connectionURL="jdbc:postgresql://127.0.0.1/mydb"
> > connectionName="mylogin" connectionPassword="mypass"
> > userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
> > userRoleTable="named_roles" roleNameCol="role" />
> >
> > When I start Tomcat, I can see it connecting and idling to mydb, so JDBC
> > driver works. Also 'mylogin' has read access on named_roles.
> >
> > My webapp is called 'test' and located within $tomcat/webapps/, its
> > WEB-INF/web.xml is as follows :
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> >
> > <!DOCTYPE web-app
> > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> >
> > <web-app>
> > <security-constraint>
> > <web-ressource-collection>
> > <web-ressource-name>test</web-ressource-name>
> > <url-pattern>/*</url-pattern>
> > </web-ressource-collection>
> > <auth-constraint>
> > <role-name>myrole</role-name>
> > </auth-constraint>
> > </security-constraint>
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>test</realm-name>
> > </login-config>
> > <security-role>
> > <role-name>myrole</role-name>
> > </security-role>
> > </web-app>
> >
> > The 'myrole' role is defined in my named_roles table, and I have several
> > users under that role. I did add <security-role> tags because Tomcat
> > would warn me about 'myrole' not being within <security-role> tags on
> > startup.
> >
> > Now when I am trying to access http://localhost:8080/test, no
> > authentication window pops up, I can access it freely, which shouldn't
> > be correct (?). When I look at logs, I can see :
> > 2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator
> > for method BASIC
> > 2003-09-23 14:14:52 StandardManager[/test]: Seeding random number
> > generator class java.security.SecureRandom
> > 2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number
> > generator has been completed
> >
> > If BASIC auth method is activated, why isn't my browser showing up an
> > auth window ? :-/
> >
> > Also I know Postgres doesn't store md5 password files like
> > md5_func(password), but instead md5_func(password+login), will it cause
> > problems with Tomcat's digest=md5 behaviour ?
> >
> > Thanks for any help
> >
> > Laurent Perez
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> --
> struts 1.1 + tomcat 4.1.27 + java 1.4.2
> Linux 2.4.20 RH9
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Your config looks OK. Are you getting any errors logged when you try to
log on?
On 09/23/2003 04:43 PM Laurent Perez wrote:
> Hello
>
> I am trying to protect a webapp I wrote using a JDBCRealm, but it
> doesn't seem to work as expected. I am using Tomcat 4.1.27, and
> Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
>
> My realm is described as follows, in $tomcat/conf/server.xml :
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.postgresql.Driver"
> digest="md5"
> connectionURL="jdbc:postgresql://127.0.0.1/mydb"
> connectionName="mylogin" connectionPassword="mypass"
> userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
> userRoleTable="named_roles" roleNameCol="role" />
>
> When I start Tomcat, I can see it connecting and idling to mydb, so JDBC
> driver works. Also 'mylogin' has read access on named_roles.
>
> My webapp is called 'test' and located within $tomcat/webapps/, its
> WEB-INF/web.xml is as follows :
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
>
> <web-app>
> <security-constraint>
> <web-ressource-collection>
> <web-ressource-name>test</web-ressource-name>
> <url-pattern>/*</url-pattern>
> </web-ressource-collection>
> <auth-constraint>
> <role-name>myrole</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>test</realm-name>
> </login-config>
> <security-role>
> <role-name>myrole</role-name>
> </security-role>
> </web-app>
>
> The 'myrole' role is defined in my named_roles table, and I have several
> users under that role. I did add <security-role> tags because Tomcat
> would warn me about 'myrole' not being within <security-role> tags on
> startup.
>
> Now when I am trying to access http://localhost:8080/test, no
> authentication window pops up, I can access it freely, which shouldn't
> be correct (?). When I look at logs, I can see :
> 2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator
> for method BASIC
> 2003-09-23 14:14:52 StandardManager[/test]: Seeding random number
> generator class java.security.SecureRandom
> 2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number
> generator has been completed
>
> If BASIC auth method is activated, why isn't my browser showing up an
> auth window ? :-/
>
> Also I know Postgres doesn't store md5 password files like
> md5_func(password), but instead md5_func(password+login), will it cause
> problems with Tomcat's digest=md5 behaviour ?
>
> Thanks for any help
>
> Laurent Perez
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
Re: JDBC Realm problems
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Your config looks OK. Are you getting any errors logged when you try to
log on?
On 09/23/2003 04:43 PM Laurent Perez wrote:
> Hello
>
> I am trying to protect a webapp I wrote using a JDBCRealm, but it
> doesn't seem to work as expected. I am using Tomcat 4.1.27, and
> Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
>
> My realm is described as follows, in $tomcat/conf/server.xml :
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.postgresql.Driver"
> digest="md5"
> connectionURL="jdbc:postgresql://127.0.0.1/mydb"
> connectionName="mylogin" connectionPassword="mypass"
> userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
> userRoleTable="named_roles" roleNameCol="role" />
>
> When I start Tomcat, I can see it connecting and idling to mydb, so JDBC
> driver works. Also 'mylogin' has read access on named_roles.
>
> My webapp is called 'test' and located within $tomcat/webapps/, its
> WEB-INF/web.xml is as follows :
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app
> PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
>
> <web-app>
> <security-constraint>
> <web-ressource-collection>
> <web-ressource-name>test</web-ressource-name>
> <url-pattern>/*</url-pattern>
> </web-ressource-collection>
> <auth-constraint>
> <role-name>myrole</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>test</realm-name>
> </login-config>
> <security-role>
> <role-name>myrole</role-name>
> </security-role>
> </web-app>
>
> The 'myrole' role is defined in my named_roles table, and I have several
> users under that role. I did add <security-role> tags because Tomcat
> would warn me about 'myrole' not being within <security-role> tags on
> startup.
>
> Now when I am trying to access http://localhost:8080/test, no
> authentication window pops up, I can access it freely, which shouldn't
> be correct (?). When I look at logs, I can see :
> 2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator
> for method BASIC
> 2003-09-23 14:14:52 StandardManager[/test]: Seeding random number
> generator class java.security.SecureRandom
> 2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number
> generator has been completed
>
> If BASIC auth method is activated, why isn't my browser showing up an
> auth window ? :-/
>
> Also I know Postgres doesn't store md5 password files like
> md5_func(password), but instead md5_func(password+login), will it cause
> problems with Tomcat's digest=md5 behaviour ?
>
> Thanks for any help
>
> Laurent Perez
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 4.1.27 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org