Tomcat's JDBC Realm won't work with an empty database password. I posted
about this a week ago and asked if it was a bug and noone responded.
If you proved the JDBCRealm a valid username with a blank (empty string)
password, Tomcat will ignore BOTH Username and password.
Here's my previous post:
-----Original Message-----
From: Jann VanOver
Sent: Tuesday, June 26, 2001 12:27 PM
To: [EMAIL PROTECTED]
Subject: JDBCRealm doesn't allow a "blank" password -- is this a bug?
I'm using Tomcat 3.2.2
I was just beginning to try out JDBCRealm and was continuing to get an
error. The Tomcat.log said:
2001-06-26 11:27:05 - ContextManager: JDBCRealm: SQLException:
java.sql.SQLException: Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection. Severity 14, State 1,
Procedure 'null null', Line 0 Unable to connect, please check your server's
version and availability.
I WAS including the proper credentials in my web.xml, so I delved into the
Tomcat source code to find what was going wrong. (this was my FIRST Tomcat
delving experience!) In JDBCRealm, method checkConnection() I found this:
if ((connectionName == null || connectionName.equals("")) ||
(connectionPassword == null || connectionPassword.equals(""))) {
dbConnection = DriverManager.getConnection(connectionURL);
} else {
dbConnection = DriverManager.getConnection(connectionURL,
connectionName,
connectionPassword);
}
I'm practicing on an internal dev server that is poorly protected and has no
password for the username I was using, so my server.xml had:
connectionName="aDevUser" connectionPassword=""
Obviously, this is what is causing the problem, given the code snippet
above.
I created a new username with a real password, entered those in my
server.xml, and the problem went away.
Now I know it's not a good practice to have a password that is an empty
string, but is it an error? Should this be logged as a Tomcat bug? I'm
still fairly new to Tomcat and tried searching for this in Bugzilla and
didn't find anything and wasn't sure where to go from there. Would someone
with more experience with the process like to enter this?
-----Original Message-----
From: Michael Wentzel [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 06, 2001 4:28 AM
To: '[EMAIL PROTECTED]'
Subject: RE: JDBC Realm Questions Tomcat 3.2.2
> Now, when somebody wants to access myServlet resource, he/she
> must have the role
> of an Administrator or Operator. I think this should be
> checked into the
> database. The problem is that, when I've tried to access
> myServlet for the
> first time, the following message was generated in the tomcat console:
>
> 2001-07-05 04:11:49 - ContextManager: JDBCRealm:
> JDBCRealm.authenticate: SELECT
> PASSWORD FROM MYUSERTABLE WHERE NAME = ?
> 2001-07-05 04:11:50 - ContextManager: JDBCRealm:
> Authentication unsuccessful for
> user null
>
> In the same time, the login window has appeard on Netscape
> browser, but after
> I'd entered a valid user name and password (from myUserTable)
> the message was
> the same:
>
> 2001-07-05 04:14:19 - ContextManager: JDBCRealm:
> Authentication unsuccessful for
> user null
>
> It seems for me that the user name is null every time, no
> matter if I enter a
> valid (user, passwd) or not. Is that a Tomcat bug, or I've
> missed something....?
Check your database schema and make sure it is correct. If it is
all I can suggest is add some debugging code to JDBCRealm, recompile
and throw it in TOMCAT_HOME/classes/, then restart and see what
the actual value of username is when authenticate(String, String)
is called.
---
Michael Wentzel
Software Developer
Software As We Think - http://www.aswethink.com
