« Return to Thread: problem: tomcat jdbcrealm+jaas web form authentication
problem: tomcat jdbcrealm+jaas web form authentication
by switchingbottle
::
Rate this Message:
Hi all,
I try to use the built-in authentcation service of tomcat which allows to restrict certain pages given certain roles. Following lots of tutorials including the official tomcat documentation I set up a jdbc realm in the server.xml file. I wrote a little web-app with a restricted folder and when I try to access it it comes the login page i specified. The users stored in the database give me a loginerror, when I input a user of the tomcat-users.xml file the access is granted and I can see the pages on the protected folder. Following an other tutorial which uses glassfish v2ur2 as application server and a derby database all configured trough the webinterface of the glassfish server works fine. However I have to use tomcat. // tomcat 6.0, Java EE 5, JDK 1.5
On the webapp i configured the web.xml and the sun-web.xml as follows
The server.xml file snippet which I changed:
I tried mysql and postgresql als databases. The drivers are located in the tomcat/lib folder
{code}
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://127.0.0.1:3306/auth?user=root&password=root"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>
{code}
web.xml of the webapp
{code}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description/>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>developinjava</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
{code}
sun-web.xml
{code}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<context-root>/dogma</context-root>
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>USERS</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>
{code}
*Question*: Is there som missing configuration which I forgot, did I made mistakes?
Thanks for any hint
I try to use the built-in authentcation service of tomcat which allows to restrict certain pages given certain roles. Following lots of tutorials including the official tomcat documentation I set up a jdbc realm in the server.xml file. I wrote a little web-app with a restricted folder and when I try to access it it comes the login page i specified. The users stored in the database give me a loginerror, when I input a user of the tomcat-users.xml file the access is granted and I can see the pages on the protected folder. Following an other tutorial which uses glassfish v2ur2 as application server and a derby database all configured trough the webinterface of the glassfish server works fine. However I have to use tomcat. // tomcat 6.0, Java EE 5, JDK 1.5
On the webapp i configured the web.xml and the sun-web.xml as follows
The server.xml file snippet which I changed:
I tried mysql and postgresql als databases. The drivers are located in the tomcat/lib folder
{code}
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://127.0.0.1:3306/auth?user=root&password=root"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>
{code}
web.xml of the webapp
{code}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description/>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>developinjava</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
{code}
sun-web.xml
{code}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<context-root>/dogma</context-root>
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>USERS</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>
{code}
*Question*: Is there som missing configuration which I forgot, did I made mistakes?
Thanks for any hint
« Return to Thread: problem: tomcat jdbcrealm+jaas web form authentication
| Free Forum Powered by Nabble | Forum Help |