Tomcat JDBCRealm And <security-constraint

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Struts - A MVC web framework

Tomcat - JSP/Servlet container

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

JSP - A mailing list about Java Server Pages specification and reference

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Oracle Connection Pooling in 3 2 2
•	Servlet : Session invalidate
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Tomcat and webapplication specific java library path
•	Running a Simple JMS Example
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	Cannot find message resources under key org apache struts action MESSAGE
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	url string for connecting jboss to oracle
•	Value attribute of <html:checkbox
•	javax servlet ServletException: BeanUtils populate
•	HTTP Status 404 The requested resource is not available
•	5 0 18: Windows XP Pro vs Windows 2000

Tomcat JDBCRealm And <security-constraint > in the web.xml

Tomcat JDBCRealm And <security-constraint > in the web.xml

2003-10-11 - By Caroline Jen

Back

Reply: 1 2 3 4 5 6 7 8 9 10

My applications behave wierd after I configured the
JDBCRealm. After experimenting in many different
ways, I found that as long as I have the JDBCRealm in
the server.xml, the Tomcat does not accept
<security-constraint> specified in the application's
web.xml file. Please help me.

My configuration in the $TOMCAT_HOME/conf/sever.xml is
shown below:

<Engine>
<Host>
<Context>
<Realm className="org.apache.catalina.realm.JDBCRealm

Source code of org.apache.catalina.realm.JDBCRealm

"
debug="99"
driverName="com.mysql.jdbc.Driver

"
connectionURL="jdbc:mysql://localhost:3306/artimus
user=javauser&password=javadude"
userTable="members" userNameCol="user_name"
userCredCol="user_password"
userRoleTable="user_roles" roleNameCol="user_role"/>
</Context>
</Host>
</Engine>

What happened is:

First, I have an application artimus_1_1 that had
worked well before JDBCRealm was inserted in the
server.xml. Now, whenever I run the same application,
I get:

HTTP Status 404 -/artimus_1_1
description: The requested resource(/artimus_1_1)
is not availabe.

The web.xml of the application artimus_1_1 has
<security-constraint> element in it and uses BASIC to
authenticate users (i.e. the roles of the users are
stored in the $TOMCAT_HOME/conf/tomcat-users.xml.)

Second, I am working on another application. And I
want to user FORM-based container-managed
authentication for this application. I had

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>

<form-login-page>/signin/logon.jsp</form-login-page>

<form-error-page>/signin/logon.jsp?error=true</form-error-page>
</form-login-config>
</login-config>

in the web.xml file and I had JDBCRealm in the
$TOMCAT_HOME/conf/server.xml. I was able to display
the welcome page. Thereafter,I inserted
<security-constraint> preceding the <login-config>
element, and inserted <security-role> following the
<login-config> element. The application stops
functioning. I get:

HTTP Status 404 -/PracticeVersion
description: The requested resource(/PracticeVersion)
is not availabe.

in the browser, and I have this message in the Tomcat
log file (the Tomcat log file can be found in the
attachment):

LifecycleException: Container
StandardContext[/PracticeVersion] has not been started

This is what my PracticeVersion/WEB-INF/web.xml looks
like when the problem
happens (nothing is wrong with the specification and
order of the tags):

<security-constraint>
<web-resource-collection>

<web-resource-name>Administrative</web-resource-name>

<url-pattern>/do/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>

<role-name>administrator</role-name>
<role-name>editor</role-name>
<role-name>contributor</role-name>
<role-name>advisor</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>

<form-login-page>/signin/logon.jsp</form-login-page>

<form-error-page>/signin/error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>advisor</role-name>
</security-role>
<security-role>
<role-name>editor</role-name>
</security-role>
<security-role>
<role-name>contributor</role-name>
</security-role>

__ ____ ____ ____ ____ ____ ______
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)