Give Jim Goodwill your feedback and questions.
You must be logged in to the O'Reilly Network to post a talkback.

Showing messages 1 through 48 of 48.

• JDBC Realm Authentication with Tomcat 5 and Eclipse 3
  2006-08-21 16:04:50  jCoder1973 [Reply | View]
  
  
  Thanks for the article I found it useful. One thing that others may find handy is the hassle of getting realm authentication running with Eclipse 3 and Tomcat 5. You need to copy the JDBC realm information from Tomcat 5.5 server.xml into the context.xml document in your project under META-INF. Apparently Eclipse 3 doesn't reference Tomcat's server.xml settings.

• Problem with Login
  2006-03-09 12:09:20  gesuino [Reply | View]
  
  
  We have a problem!!!!!!!!!! If we insert correct psw and username and the role associated have the permission to access the resource, all work fine! If we insert psw or username that aren't on the DataBase all work right and error page is displayed! But if we insert psw and username correct (they are on db) but our role is forbidden to access the resource we are redirect on page with the error message 403 resource forbidden!!!! Our problem is :
  In the thirty case our error page is not displayed and we obtain a Principal for the correct user and password then we remain logged in without possibility to logout!!!!! Some ideas to resolve our problem????
• Problem with Login
  2006-07-25 06:29:57  cybernatus [Reply | View]
  
  
  Hi!
  I've got exactly the same probleme!!
  did you now resolve the probleme???
  thanks

• How to protect a directory in my application
  2006-03-07 05:44:54  singhgurpreet [Reply | View]
  
  
  Hi
  
  This is a great article , and every thing work for me, i am u sing Memory Realm.
  
  i want to change url patters so that it secure my one direcory inside my application and not the compelete project
  
  i tried to play around with url pattern , but dosent seem to be working
  
  i nedd some thing like
  <url-pattern>/myapplication/executives/*</url-pattern>
  
  or
  
  <url-pattern>/executives/*</url-pattern>
  
  
  it will be a great help, if some one can suggest some way
  
  
  Thanx in advance

• Disable Userdir
  2006-03-01 07:31:25  kdsimms [Reply | View]
  
  
  I'm having a real hard time finding an example of disabling Userdir in the server.xml file.
  
  Can anyone help with an example of where to place the command?
  
  Thanks in advance for your help.

• how do you know the DB conn is working?
  2004-12-01 07:18:42  beam [Reply | View]
  
  
  Followed this but none of the names/pwords will work, it seems like Tomcat is not connecting to mysql. Where will I find errors or log info to this effect? logs/catalina.out says stuff like
  
  
Dec 1, 2004 10:11:43 AM org.apache.catalina.realm.JDBCRealm authenticate
SEVERE: Exception performing authentication
java.sql.SQLException: org.gjt.mm.mysql.Driver
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)

  
  but I can;t tell if thats a suth failure to the mySQL driver or the auth failure within the Authenicator.

• suggestion for more robust database schema
  2004-04-27 12:51:40  pmocek [Reply | View]
  
  
  The article's database schema would allow the creation of a user_role for a nonexistent user_name or role_name. It also allows a user or role to be deleted when a corresponding user_role exists.
  
  For a DBMS which supports foreign key constraints (such as PostgreSQL), I suggest the following schema:
  
  CREATE TABLE users (
user_name VARCHAR(15) PRIMARY KEY,
user_pass VARCHAR(15) NOT NULL
);

CREATE TABLE roles (
role_name VARCHAR(15) PRIMARY KEY
);

CREATE TABLE user_roles (
user_name VARCHAR(15) REFERENCES users ON DELETE CASCADE,
role_name VARCHAR(15) REFERENCES roles ON DELETE CASCADE,
PRIMARY KEY(user_name, role_name)
);

• error in article
  2004-04-27 11:48:50  pmocek [Reply | View]
  
  
  In section ``JDBC Realms'', subsection ``Defining the Users Database'', in the steps to create and configure a MySQL Users database, step 5 shows an incorrect SQL statement.
  
  5. Create the user_roles table using the following command:
  
  create table users
(
  
  should be:
  create table user_roles
(

• need clarification
  2004-04-07 23:52:46  msreedhar2k [Reply | View]
  
  
  I had included the following configuration in web.xml. The thing is, i want all the files within in the directory 'Users', which is in application context, should not be accessed.
  
  Will the following code is sufficient or would we need to do any thing more? Please help me in this regard.
  
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>restrict all files</web-resource-name>
  <url-pattern>/Users/*</url-pattern>
  </web-resource-collection>
  </security-constraint>
  
  
  thanx,
  Sree

• Problem in accessing HTML pages
  2004-03-02 23:03:49  bdsai [Reply | View]
  
  
  Hi,
  
  the memory realm with basic auth does not works for html pages, please help me to solve the problem i am using Tomcat4.0.3.
  
  The html pages in the URL is accessed with out authentication.
  
  Thx in advance....

• Very good Article
  2004-02-23 22:01:27  sripathi [Reply | View]
  
  
  This technical article is very good and very simple to understand <br/>
  Please provide more of such articles.
  Also I request you to provide articles on SSL and tomcat.<br/>
  Thanks for a nice article like this one.<br/>
  

• Realm accessed through DataSource
  2004-02-03 23:44:30  sbrbot [Reply | View]
  
  
  First of all I have to say that this is a very helpful article but, like many other people, instead of pure JDBC connection I'd like rather to see how to access JDBCRealm through DataSource (defined inside JNDI tree).

• Basic authentification error
  2004-01-15 01:55:19  joepizza [Reply | View]
  
  
  I have a Basic authentification. When I enter a correct login/pass, all is ok.
  But when I click on "cancel", I get a blank page instead of my error page!!!
  
  please help me
  
  thanks
  julien
  
  in my web.xml :
  <error-page>
  <exception-type>401</exception-type>
  <location>/error.html</location>
  </error-page>
  <error-page>
  <error-code>403</error-code>
  <location>/error.jsp</location>
  </error-page>

• Basic authentification error
  2004-01-15 01:53:19  joepizza [Reply | View]
  
  
  I have a Basic authentification. When I enter a correct login/pass, all is ok.
  But when I click on "cancel", I get a blank page instead of my error page!!!
  
  please help me
  
  thanks
  julien
  
  in my web.xml :
  <error-page>
  <exception-type>401</exception-type>
  <location>/error.html</location>
  </error-page>
  <error-page>
  <error-code>403</error-code>
  <location>/error.jsp</location>
  </error-page>

• Connection Realm Wrong in example
  2003-08-14 13:24:28  anonymous2 [Reply | View]
  
  
  This is how the connection realm should be written. The realm is case-sensitive don't follow the examples use this.
  
  <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
  driverName="org.gjt.mm.mysql.Driver"
  connectionURL="jdbc:mysql://localhost:3306/tomcatusers"
  connectionName="root"
  connectionPassword=""
  userTable="users"
  userNameCol="user_name"
  userCredCol="user_pass"
  userRoleTable="user_roles"
  roleNameCol="role_name"/>

• can also be done by a security filter
  2003-08-07 06:19:54  anonymous2 [Reply | View]
  
  
  For those that needs a bit more control of how authentication is done, and how it interacts with the application can look at http://securityfilter.sf.net, which implements the same functionality by using servlet filters. We use this because we need more control with how FROM authentication is done, eg. by including a login page on all content pages.

• Using Realm from within a context.xml file
  2003-06-19 14:06:17  anonymous2 [Reply | View]
  
  
  I ran into this problem today. I was attempting to implement realm security from my app and wasn't able to get it to work. I have a META-INF directory with a context.xml file in it and am using ant to deploy my app. It turns out that ant doesn't do a good job of escaping special characters across the net. I had to use the following:
  
  connectionURL="jdbc:mysql://localhost/authority?user=dbuser&password=dbpass"
  
  Note the substitution of & for &.

• HTTP 403 - Wrong password and then?
  2003-06-08 10:19:42  anonymous2 [Reply | View]
  
  
  Hi,
  
  i'm interested in the memory realm: what happens if a user types in a wrong password. i'm getting a http error 403 - every time i reload my browser, so i am unable to type in the correct one. this isn't that user friendly... it seems as if this lasts for the hole session. can i change this behavior? would be great to know.
  
  thanks a lot
  daniel
• HTTP 403 - Wrong password and then?
  2004-02-03 23:55:10  sbrbot [Reply | View]
  
  
  If user types a wrong password, this password is then embedded inside request and sent to the server. Running reload in a browser forces the browser to send the same request once again (with the wrong password!) and of course one san expect only the same answer from the server. Go back to the original authentication page instead.

• JDBCRealm: Protecting all webapps
  2003-05-05 06:12:49  skladov [Reply | View]
  
  
  Dear James!
  
  I found your article very useful, it works perfect. But I have a question regarding tomcat security.
  The problem is, that I have both my web application called myproject and cocoon under webapps in my tomcat4. Each webapp has it's own WEB-INF directory and a web.xml file with security constraints in it.
  
  BUT: I must login TWICE always for every webapp separately, wenn I call, say, my myproject servlet and cocoon from myproject.
  
  Can I protect all my webapps at a time in one place so that I need to login only one time for all applications? Is it possible?
  
  Thanks in advance,
  Regards,
  Viktor Skladov,
  Germany

• Error when entering username and password
  2003-03-26 13:09:53  anonymous2 [Reply | View]
  
  
  Good article, but as a complete novis on the subject I need some help.
  
  I have a MSAccess Database with a User, Role and User_Role table as the article said. I get the login dialog to pop up but when I enter a username and password (that of course are in the User table and are mapped to the role in the User_Role table) nothing happens. After 3 tries I get an error page saying "This request requires HTTP authentication ()". What is wrong?
  
  Here is what I enterd in server.xml and web.xml:
  
  server.xml:
  <realm classname="org.apache.catalina.realm.JDBCRealm" debug="99"
  drivername="sun.jdbc.odbc.JdbcOdbcDriver"
  connectionurl="jdbc:odbc://localhost/SWE11" connectionname=""
  connectionpassword=""
  usertable="User" usernamecol="UserName" usercredcol="Password"
  userroletable="User_Role" rolenamecol="RoleName"/>
  
  web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MyApp Online</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>MyApp Online</realm-name>
  </login-config>
  
  

• Sybase & Tomcat
  2003-03-25 12:37:12  cvilsack [Reply | View]
  
  
  Anybody ever get the JDBCRealm working against Sybase for maintaining logins & passwords? I can't seem to get this working. The file-based memory realm is working fine. But I'd like to have a JDBC-based setup. Any ideas? cvilsack@btmna.com
• Sybase & Tomcat
  2003-06-09 10:59:50  anonymous2 [Reply | View]
  
  
  I have JDBCRealms working under Sybase. There wasn't anything special about it though. email me if you're still having trouble with it.
  
  jsexton@odshp.com

• Well explained
  2003-03-07 02:33:39  anonymous2 [Reply | View]
  
  
  This is a great tutorial. I'm a final year student (CIS) at the University of London. You make it straightforward and effective.
  Well done.
  
  However, what I would like to know is whether I can mirror tomcats server.xml and -users.xml files in my local directory on the university network inorder to define users to my own rules?
  
  Please reply to farelthomas@hotmail.com
  
  Farel
  
  Thankyou

• Embedded Tomcat 4.0 and Realms
  2003-02-25 10:57:54  anonymous2 [Reply | View]
  
  
  The artilcle was simple and clear to understand. But i would like to to cover some more things like Embedded tomcat and realm configuration. As we cannot user server.xml in embedded tomcat how can we specify the realm configuration.
• Embedded Tomcat 4.0 and Realms
  2003-08-07 06:19:13  anonymous2 [Reply | View]
  
  
  You can use fragment xml files for adding stuff without changing server.xml. See http://www.onjava.com/pub/a/onjava/2003/06/25/tomcat_tips.html
  
• Embedded Tomcat 4.0 and Realms
  2003-04-10 02:27:10  anonymous2 [Reply | View]
  
  
  you can't I think!

• Stayed clear of jndi
  2003-02-13 16:54:11  anonymous2 [Reply | View]
  
  
  I like how this author stayed clear of the hard
  authentication w/ Tomcat...that is getting the
  freaking openldap suite to function properly!

• Separate realms for different applications
  2002-11-08 14:19:51  roymcbrayer [Reply | View]
  
  
  I have not been able to configure TomCat to use separate realms for different web-apps. I have defined the separate realms in the <context> tag for a web application in the server.xml. I have not found any detailed descriptions on how to accomplish this even though I would think that it is a routine requirement. Does anyone have any suggestions on how to configure this?

• Tomcat JDBC ODBC error
  2002-10-15 11:31:03  anonymous2 [Reply | View]
  
  
  James, is a very good article. But my problem is:
  when I execute fifty queries in my web aplication (servlet query any MS ACCESS Data Base) Tomcat's console display message "[SQL][ODBC] cannot open any more tables" and DB not accept any more queries.
  
  Is a problem of ODBC, or MS ACCESS.
  I must download other driver version?
  Thanks, Eduardo

• Table confusion
  2002-10-03 07:48:40  petit [Reply | View]
  
  
  Your "Using Tomcat 4 Security Realms" is an excellent itroduction to the Realms and their use.
  Thanx!
  Howerver, there is some confusion to the database tables in your description of the JDBC realm.
  
  First it would be nice under the heading "Defining the Users Database" not to cal the definitions Table 2, Table 3 and so on, where Table 2 describes the first table of the database, Table 3 tdhe second database table...
  ( To much tables :)
  
  We could live with that though.
  The real confusion comes next.
  The users table is ok and also it population.
  The user_roles table definition is ok, but inconsitent with the populated version, where the column names doesn't match.
  Also in the populated table there semm to be roles not found in the roles table.
  
  Som cut&paste errors I belive!
  
  Thank you again for brilliant explanations!
  Regards! / Bertil
  

• Jndi - LDAP
  2002-09-24 02:24:31  anonymous2 [Reply | View]
  
  
  Very interesting article. It would be usefull if there may be a description of configurating a Jndi- Realm.

• Part4 "Web Applications and the ServletContext"
  2002-08-20 11:40:19  taylormaai [Reply | View]
  
  
  What happened to the article Part4 "Web Applications and the ServletContext" mentioned in part 3?

• 404 Error
  2002-07-22 05:54:48  der011 [Reply | View]
  
  
  I read the entire article and I did all according it, but now my tomcat server don't start and if I am looking to the log file, there is a message: "No Realm has been configured to authenticate against", do somebody know, what is wrong?
• 404 Error
  2003-08-04 11:31:12  anonymous2 [Reply | View]
  
  
  I have exactly the same problem with my tomcat 4.0.4 bundled with Jbuilder 7. It onlu happens if i try to debug JSP. It does not happen when I deploy app to /webapp.
• 404 Error
  2003-04-14 00:38:01  anonymous2 [Reply | View]
  
  
  hi,
  probabaly u may not have uncommented the Realm
  tag in the server.xml file. If u r using a memory realm ,uncomment the line
  <Realm className="org.apache.catalina.realm.MemoryRealm" />
  
  u can find it under the <Engine> tag.
  
  Or if u r using JDBC realm comment the above line
  and uncomment the JDBC realm tag (there will be more than one and u have to decide which one to
  use which depends on the db u r using)
  regards
  abhi.

• tomcat jdbc realm
  2002-05-13 06:57:59  dwbrown [Reply | View]
  
  
  Hello James, this is a great article. but i had some exceptions when i restart tomcat after installing the jdbc realm xml tag inserted into server.xml. where would i start in debugging this exception? thanx, david brown.

• tomcat security
  2002-04-12 07:50:56  reza1001 [Reply | View]
  
  
  very helpful article

• Tomcat Secure Realms for LDAP directory
  2002-04-12 01:05:24  schen01 [Reply | View]
  
  
  I found that Tomcat has secure Realms for LDAP directory definition at tomcat official site.
  why you don't have a section for descibing JNDI relams in the segment Using Tomcat 4 Security Relams.
  I am encounterring a problem from it. Please kindly let me know if here is solution in place.
  
  Thanks for help in advance.
  Simon.
  
• Tomcat Secure Realms for LDAP directory
  2002-06-19 12:46:22  markvovsi [Reply | View]
  
  
  I would also benefit from a section on Tomcat's integration with an LDAP directory/JNDI realm. I'm having problems setting up Tomcat to work with iPlanet Directory Server, since the treatment of person to role relationships seems to be different on the two servers. Any feedback to mark@weirdtable.org is appreciated. Thanks, Mark.

• Oracle Driver URL cannot take username/password
  2002-02-27 12:21:21  c_novak@yahoo.com [Reply | View]
  
  
  I was getting an error putting username/password on the url line, but then noticed Tomcat 4.2 has connectionName and connectionPassword attributes in Realm:
  
  
  <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
  driverName="oracle.jdbc.driver.OracleDriver"
  connectionName="scott"
  connectionPassword="tiger"
  connectionURL="jdbc:oracle:thin:@plate10.brc.gnf.org:1521:regdev"
  userTable="AUTH_USER" userNameCol="USERNAME" userCredCol="PASSWORD"
  userRoleTable="AUTH_USER_ROLE" roleNameCol="ROLE_NAME"/>

• CLIENT-CERT auth-method not covered!
  2001-12-28 14:24:59  chaitresh [Reply | View]
  
  
  I was really interested in reading about CLIENT-CERT authentication method in login-config. But for some reason, it is ignored in this article let alone cover it!
  
  ----------------------------
  
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>OnJava Application</realm-name>
  </login-config>
  
  The <login-config> sub-element defines the authentication method for the defined realm. The possible values are BASIC, DIGEST, and FORM. And the <realm-name> sub-element names the Web resource that this <login-config> maps to.
  
  

• Transactions are not enabled
  2001-12-07 16:11:18  mbober [Reply | View]
  
  
  I connet MySql database through jdbc:odbc bridge to support JDBCRealm and after I start the Tomcat the Exception is thrown:
  "Transactions are not enabled"
  
  But I now that there are transactions enabled in ODBC DataSource configuration.
  Please, help me.
  Marcin.
• Transactions are not enabled
  2002-03-04 07:49:01  mlevitt [Reply | View]
  
  
  Transactions are not supported for the default (ISAM) database tables in the 'normal' daemon. You have to run the 'max' server which supports Berkley databases and create the tables using something like this:
  
  create table users (
  id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
  userID VARCHAR(20),
  password VARCHAR(20),
  primary key (id)
  ) TYPE = bdb;
  
  
  hth,
  mark
  
• Transactions are not enabled
  2002-02-27 11:54:19  c_novak@yahoo.com [Reply | View]
  
  
  MySQL does not support transactions by default. I cannot remember how to do it, but check out MySql docs for "Transaction Support"

• Error in connection string
  2001-10-23 09:48:48  sonofseven [Reply | View]
  
  
  Hi,
  
  The following text contains error.
  
  <realm classname="org.apache.catalina.realm.JDBCRealm" debug="99"
  drivername="org.gjt.mm.mysql.Driver"
  connectionurl="jdbc:mysql://localhost/tomcatusers?user=test;password=test"
  usertable="users" usernamecol="user_name" usercredcol="user_pass"
  userroletable="user_roles" rolenamecol="role_name"/>
  
  The connection string is incorrect. It should not used ';' but '&apm;' instead.
  
  RP
  
• Error in connection string
  2001-10-23 09:50:01  sonofseven [Reply | View]
  
  
  ups, it shuld be '&' not '&apm;' :)
  
• Error in connection string
  2007-07-20 14:59:27  dereck27 [Reply | View]
  
  
  http://www.google.com (http://www.google.com)