 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Struts - A MVC web framework | | Tomcat - JSP/Servlet container | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | | JSP - A mailing list about Java Server Pages specification and reference | |
Struts & Hibernate
|
|
|
| | | Tomcat JDBCRealm And <security-constraint > in the web.xml | Tomcat JDBCRealm And <security-constraint > in the web.xml 2003-10-13 - By Tim Funk
Back
At any given "level" (Engine, Host, Context) there is only one Realm which
can be used. But each Realm can be overridden in a nested element. So you may
do the following:
<Engine ...>
<Realm class="..."></Realm>
<Host ...> <!-- Using the Engine's Realm -->
<Context ...>
<Realm ...> <!-- This overrides the Engine's Realm just
for this Context -->
</Realm>
</Context>
</Host>
<Host ...> <!-- Using the Engine's Realm -->
<Realm ...> <!-- Ignore the Engine's Realm and use this one -->
</Realm>
<Context ...> <!-- This overrides the Host's Realm -->
</Context>
</Host>
</Engine>
[Actually the <Context> elements should be their own xml files, but thats a
topic for another day]
-Tim
Caroline Jen wrote:
> I am lost. Right now, I have
>
> <Realm className="org.apache.catalina.realm.JDBCRealm  "
>
> debug="99" driverName="com.mysql.jdbc.Driver "
>
> connectionURL="jdbc:mysql://localhost:3306/artimus?
> user=javauser&password=javadude"
> userTable="members" userNameCol="user_name"
> userCredCol="user_password"
> userRoleTable="user_roles" roleNameCol="user_role"/>
>
> in the <Host> element. The UserDataTable is in the
> <Engine> element and is commented out like this:
>
> <!--
> <Realm
> className="org.apache.catalina.realm.UserDatabaseRealm "
> debug="0" resourceName="UserDatabase"/>
> -->
>
> For the JDBCRealm applies to my application only, your
> advice is that I should configure within the <Context>
> element like this:
>
> <Context path="/myapp" docBase="myapp">
> <Realm className="org.apache.catalina.realm.JDBCRealm "
> ..... />
>
> Do you mean that I should also move UserDatabaseRealm
> from <Engine> to <Host>? And I should not comment it
> out?
>
> -Caroline
> </Context>
>
>
>
> --- Adam Hardy <ahardy.struts@(protected)>
> wrote:
>
>>On 10/13/2003 07:56 AM Bill Barker wrote:
>>
>>>"Caroline Jen" <jiapei_jen@(protected)> wrote in
>>
>>message
>>
> news:20031013015911.98344.qmail@(protected)
>
>>>>Tim:
>>>>
>>>> Before I posted my questions regarding the
>>>>problem that I encountered, I have gone through
>>>>
>>>
>>>
> http://jakarta.apache.org/tomcat/tomcat-4 (See http://cat-4.ora-code.com).1-doc/realm-howto.html#Configuring
%20a%20Realm
>
>>>> As long as I have the JDBCRealm in
>>>>the server.xml, the Tomcat does not accept
>>>><security-constraint> specified in the
>>
>>application's
>>
>>>>web.xml file. And the Tomcat cannot find my
>>>>application.
>>>>
>>>> Following your advice, I moved the Realm
>>>>declaration outside of the <Context> declaration
>>
>>into
>>
>>>>the <Host> declaration, and my problem is solved.
>>>>
>>>> Nonetheles, you also said "refine the <Realm>
>>
>>in
>>
>>>>each context where it is needed." I really want
>>
>>the
>>
>>>>JDBCRealm applies to my application only. My
>>
>>question
>>
>>>>is how do I do it?
>>>>
>>>
>>>
>>>If what is below is accurate, then your <Context>
>>
>>is configured wrong. It
>>
>>>needs to be:
>>> <Context path="/myapp" docBase="myapp">
>>> <Realm
>>
>>className="org.apache.catalina.realm.JDBCRealm "
>>
>>> ..... />
>>> </Context>
>>>
>>>You should probably also leave e.g. the
>>
>>UserDatabaseRealm configured under
>>
>>>the <Host>, so that other Contexts (i.e. admin &
>>
>>manager) have a Realm to
>>
>>>use. By configuring your own Realm under your
>>
>><Context>, it will override
>>
>>>the one defined in the <Host>.
>>>
>>>
>>
>>As long as you configure a 'manager' role for the
>>superuser in your
>>realm, then the superuser can happily login to & use
>>admin & manager -
>>if that fits in with the security requirements of
>>course. That's what I
>>do. But then I am project manager, chief developer,
>>webmaster and DBA
>>for my current project (I should say that more
>>often, it makes Monday
>>mornings great! Just don't tell anyone I'm working
>>for myself :) ).
>>
>>
>>
>>
>>>> Currently, my JDBCRealm looks like:
>>>>
>>>><Engine>
>>>><Host>
>>>><Realm
>>>>className="org.apache.catalina.realm.JDBCRealm "
>>>> debug="99"
>>>>driverName="com.mysql.jdbc.Driver "
>>
>>>connectionURL="jdbc:mysql://localhost:3306/artimus?
>>>
>>>>
>>
>>user=javauser&password=javadude"
>>
>>>>userTable="members" userNameCol="user_name"
>>>> userCredCol="user_password"
>>>>userRoleTable="user_roles"
>>
>>roleNameCol="user_role"/>
>>
>>>> <Context>
>>>> .................
>>>> </Context>
>>>></Host>
>>>></Engine>
>>>>
>>>>--Caroline
>>>>
>>>>
>>>>My configuration in the
>>
>>$TOMCAT_HOME/conf/sever.xml is
>>
>>>>shown below:
>>>>
>>>><Engine>
>>>><Host>
>>>><Context>
>>>><Realm
>>
>>className="org.apache.catalina.realm.JDBCRealm "
>>
>>>>debug="99"
>>>>driverName="com.mysql.jdbc.Driver "
>>>>
>>
>>connectionURL="jdbc:mysql://localhost:3306/artimus
>>
>>>> user=javauser&password=javadude"
>>>>userTable="members" userNameCol="user_name"
>>>> userCredCol="user_password"
>>>>userRoleTable="user_roles"
>>
>>roleNameCol="user_role"/>
>>
>>>></Context>
>>>></Host>
>>>></Engine>
>>>>
>>>>
>>>>--- Tim Funk <funkman@(protected)> wrote:
>>>>
>>>
> http://jakarta.apache.org/tomcat/tomcat-4 (See http://cat-4.ora-code.com).1-doc/realm-howto.html#Configuring
%20a%20Realm
>
>>>>>-Tim
>>>>>
>>>>>Caroline Jen wrote:
>>>>>
>>>>>
>>>>>>Tim:
>>>>>>
>>>>>> Would you explain "refine the <Realm> in
>>
>>each
>>
>>>>>>context where it is needed"?
>>>>>>
>>>>>>-Caroline
>>>>>>--- Tim Funk <funkman@(protected)> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Move the Realm declaration outside of the
>>>>>
>>>>><Context>
>>>>>
>>>>>>>declaration into the
>>>>>>><Host> declaration. Or refine the <Realm> in
>>
>>each
>>
>>>>>>>context where it is needed.
>>>>>>>
>>>>>>>-Tim
>>>>>>>
>>>>>>>Caroline Jen wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>My applications behave wierd after I
>>
>>configured
>>
>>>>>>>the
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>JDBCRealm. After experimenting in many
>>
>>different
>>
>>>>>>>>ways, I found that as long as I have the
>>>>>
>>>>>JDBCRealm
>>>>>
>>>>>
>>>>>>>in
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>the server.xml, the Tomcat does not accept
>>>>>>>><security-constraint> specified in the
>>>>>>>
>>>>>>>application's
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>web.xml file. Please help me.
>>>>>>>>
>>>>>>>>My configuration in the
>>>>>>>
>>>>>>>$TOMCAT_HOME/conf/sever.xml is
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>shown below:
>>>>>>>>
>>>>>>>><Engine>
>>>>>>>><Host>
>>>>>>>><Context>
>>>>>>>><Realm
>>>>>>>
>>>>>>>className="org.apache.catalina.realm.JDBCRealm "
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>debug="99"
>>>>>>>>driverName="com.mysql.jdbc.Driver "
>>>>>>>>
>>>>>>>
>>>>>>connectionURL="jdbc:mysql://localhost:3306/artimus
>>>>>
>>>>>>>>
>>
>>user=javauser&password=javadude"
>>
>>>>>>>>userTable="members" userNameCol="user_name"
>>>>>>>> userCredCol="user_password"
>>>>>>>>userRoleTable="user_roles"
>>
> === message truncated ===
>
>
> __ ____ ____ ____ ____ ____ ______
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
> For additional commands, e-mail: tomcat-user-help@(protected)
>
>
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
|
|
|
