This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c714bfdfbeb37a7fcc679143a35fd72ac40cdabf
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Sep 15 15:01:18 2020 +0100
Remove deprecated JDBCRealm
---
build.xml | 1 -
java/org/apache/catalina/mbeans/MBeanFactory.java | 32 -
.../apache/catalina/mbeans/mbeans-descriptors.xml | 9 -
java/org/apache/catalina/realm/JDBCRealm.java | 745 ---------------------
.../apache/catalina/realm/LocalStrings.properties | 7 -
.../catalina/realm/LocalStrings_de.properties | 3 -
.../catalina/realm/LocalStrings_es.properties | 7 -
.../catalina/realm/LocalStrings_fr.properties | 7 -
.../catalina/realm/LocalStrings_ja.properties | 7 -
.../catalina/realm/LocalStrings_ko.properties | 7 -
.../catalina/realm/LocalStrings_zh_CN.properties | 7 -
.../apache/catalina/realm/mbeans-descriptors.xml | 71 --
res/findbugs/filter-false-positives.xml | 19 +-
webapps/docs/config/realm.xml | 126 ----
webapps/docs/manager-howto.xml | 2 +-
webapps/docs/realm-howto.xml | 113 ----
webapps/docs/security-howto.xml | 4 -
17 files changed, 2 insertions(+), 1165 deletions(-)
diff --git a/build.xml b/build.xml
index 349c1d4..717912d 100644
--- a/build.xml
+++ b/build.xml
@@ -561,7 +561,6 @@
<exclude name="org/apache/catalina/realm/JAASCallbackHandler.class" />
<exclude name="org/apache/catalina/realm/JAASMemoryLoginModule.class" />
<exclude name="org/apache/catalina/realm/JAASRealm.class" />
- <exclude name="org/apache/catalina/realm/JDBCRealm.class" />
<exclude name="org/apache/catalina/realm/JNDIRealm$User.class" />
<exclude name="org/apache/catalina/realm/JNDIRealm.class" />
<exclude name="org/apache/catalina/realm/LockOutRealm*" />
diff --git a/java/org/apache/catalina/mbeans/MBeanFactory.java
b/java/org/apache/catalina/mbeans/MBeanFactory.java
index bf2970e..8ef53ce 100644
--- a/java/org/apache/catalina/mbeans/MBeanFactory.java
+++ b/java/org/apache/catalina/mbeans/MBeanFactory.java
@@ -323,38 +323,6 @@ public class MBeanFactory {
/**
- * Create a new JDBC Realm.
- *
- * @param parent MBean Name of the associated parent component
- * @param driverName JDBC driver name
- * @param connectionName the user name for the connection
- * @param connectionPassword the password for the connection
- * @param connectionURL the connection URL to the database
- * @return the object name of the created realm
- *
- * @exception Exception if an MBean cannot be created or registered
- *
- * @deprecated This method will be removed in Tomcat 10. Use a
- * DataSourceRealm instead.
- */
- @Deprecated
- public String createJDBCRealm(String parent, String driverName,
- String connectionName, String connectionPassword, String connectionURL)
- throws Exception {
-
- // Create a new JDBCRealm instance
- org.apache.catalina.realm.JDBCRealm realm = new
org.apache.catalina.realm.JDBCRealm();
- realm.setDriverName(driverName);
- realm.setConnectionName(connectionName);
- realm.setConnectionPassword(connectionPassword);
- realm.setConnectionURL(connectionURL);
-
- // Add the new instance to its parent component
- return addRealmToParent(parent, realm);
- }
-
-
- /**
* Create a new JNDI Realm.
*
* @param parent MBean Name of the associated parent component
diff --git a/java/org/apache/catalina/mbeans/mbeans-descriptors.xml
b/java/org/apache/catalina/mbeans/mbeans-descriptors.xml
index 913830f..9597210 100644
--- a/java/org/apache/catalina/mbeans/mbeans-descriptors.xml
+++ b/java/org/apache/catalina/mbeans/mbeans-descriptors.xml
@@ -105,15 +105,6 @@
type="int"/>
</operation>
- <operation name="createJDBCRealm"
- description="Create a new JDBC Realm (deprecated - will be removed
in Tomcat 10)"
- impact="ACTION"
- returnType="java.lang.String">
- <parameter name="parent"
- description="MBean Name of the associated parent component"
- type="java.lang.String"/>
- </operation>
-
<operation name="createJNDIRealm"
description="Create a new JNDI Realm"
impact="ACTION"
diff --git a/java/org/apache/catalina/realm/JDBCRealm.java
b/java/org/apache/catalina/realm/JDBCRealm.java
deleted file mode 100644
index 8b9c472..0000000
--- a/java/org/apache/catalina/realm/JDBCRealm.java
+++ /dev/null
@@ -1,745 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-package org.apache.catalina.realm;
-
-
-import java.security.Principal;
-import java.sql.Connection;
-import java.sql.Driver;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.ArrayList;
-import java.util.Properties;
-
-import org.apache.catalina.LifecycleException;
-import org.apache.tomcat.util.ExceptionUtils;
-
-
-/**
-*
-* Implementation of <b>Realm</b> that works with any JDBC supported database.
-* See the JDBCRealm.howto for more details on how to set up the database and
-* for configuration options.
-*
-* <p>For a <b>Realm</b> implementation that supports connection pooling and
-* doesn't require synchronisation of <code>authenticate()</code>,
-* <code>getPassword()</code>, <code>roles()</code> and
-* <code>getPrincipal()</code> or the ugly connection logic use the
-* <code>DataSourceRealm</code>.</p>
-*
-* @author Craig R. McClanahan
-* @author Carson McDonald
-* @author Ignacio Ortega
-*
-* @deprecated Will be removed in Tomcat 10 onwards. Use the DataSourceRealm
-* instead.
-*/
-@Deprecated
-public class JDBCRealm
- extends RealmBase {
-
-
- // ----------------------------------------------------- Instance Variables
-
-
- /**
- * The connection username to use when trying to connect to the database.
- */
- protected String connectionName = null;
-
-
- /**
- * The connection URL to use when trying to connect to the database.
- */
- protected String connectionPassword = null;
-
-
- /**
- * The connection URL to use when trying to connect to the database.
- */
- protected String connectionURL = null;
-
-
- /**
- * The connection to the database.
- */
- protected Connection dbConnection = null;
-
-
- /**
- * Instance of the JDBC Driver class we use as a connection factory.
- */
- protected Driver driver = null;
-
-
- /**
- * The JDBC driver to use.
- */
- protected String driverName = null;
-
-
- /**
- * The PreparedStatement to use for authenticating users.
- */
- protected PreparedStatement preparedCredentials = null;
-
-
- /**
- * The PreparedStatement to use for identifying the roles for
- * a specified user.
- */
- protected PreparedStatement preparedRoles = null;
-
-
- /**
- * The column in the user role table that names a role
- */
- protected String roleNameCol = null;
-
-
- /**
- * The column in the user table that holds the user's credentials
- */
- protected String userCredCol = null;
-
-
- /**
- * The column in the user table that holds the user's name
- */
- protected String userNameCol = null;
-
-
- /**
- * The table that holds the relation between user's and roles
- */
- protected String userRoleTable = null;
-
-
- /**
- * The table that holds user data.
- */
- protected String userTable = null;
-
-
- // ------------------------------------------------------------- Properties
-
- /**
- * @return the username to use to connect to the database.
- */
- public String getConnectionName() {
- return connectionName;
- }
-
- /**
- * Set the username to use to connect to the database.
- *
- * @param connectionName Username
- */
- public void setConnectionName(String connectionName) {
- this.connectionName = connectionName;
- }
-
- /**
- * @return the password to use to connect to the database.
- */
- public String getConnectionPassword() {
- return connectionPassword;
- }
-
- /**
- * Set the password to use to connect to the database.
- *
- * @param connectionPassword User password
- */
- public void setConnectionPassword(String connectionPassword) {
- this.connectionPassword = connectionPassword;
- }
-
- /**
- * @return the URL to use to connect to the database.
- */
- public String getConnectionURL() {
- return connectionURL;
- }
-
- /**
- * Set the URL to use to connect to the database.
- *
- * @param connectionURL The new connection URL
- */
- public void setConnectionURL( String connectionURL ) {
- this.connectionURL = connectionURL;
- }
-
- /**
- * @return the JDBC driver that will be used.
- */
- public String getDriverName() {
- return driverName;
- }
-
- /**
- * Set the JDBC driver that will be used.
- *
- * @param driverName The driver name
- */
- public void setDriverName( String driverName ) {
- this.driverName = driverName;
- }
-
- /**
- * @return the column in the user role table that names a role.
- */
- public String getRoleNameCol() {
- return roleNameCol;
- }
-
- /**
- * Set the column in the user role table that names a role.
- *
- * @param roleNameCol The column name
- */
- public void setRoleNameCol( String roleNameCol ) {
- this.roleNameCol = roleNameCol;
- }
-
- /**
- * @return the column in the user table that holds the user's credentials.
- */
- public String getUserCredCol() {
- return userCredCol;
- }
-
- /**
- * Set the column in the user table that holds the user's credentials.
- *
- * @param userCredCol The column name
- */
- public void setUserCredCol( String userCredCol ) {
- this.userCredCol = userCredCol;
- }
-
- /**
- * @return the column in the user table that holds the user's name.
- */
- public String getUserNameCol() {
- return userNameCol;
- }
-
- /**
- * Set the column in the user table that holds the user's name.
- *
- * @param userNameCol The column name
- */
- public void setUserNameCol( String userNameCol ) {
- this.userNameCol = userNameCol;
- }
-
- /**
- * @return the table that holds the relation between user's and roles.
- */
- public String getUserRoleTable() {
- return userRoleTable;
- }
-
- /**
- * Set the table that holds the relation between user's and roles.
- *
- * @param userRoleTable The table name
- */
- public void setUserRoleTable( String userRoleTable ) {
- this.userRoleTable = userRoleTable;
- }
-
- /**
- * @return the table that holds user data..
- */
- public String getUserTable() {
- return userTable;
- }
-
- /**
- * Set the table that holds user data.
- *
- * @param userTable The table name
- */
- public void setUserTable( String userTable ) {
- this.userTable = userTable;
- }
-
-
- // --------------------------------------------------------- Public Methods
-
- /**
- * Return the Principal associated with the specified username and
- * credentials, if there is one; otherwise return <code>null</code>.
- *
- * If there are any errors with the JDBC connection, executing
- * the query or anything we return null (don't authenticate). This
- * event is also logged, and the connection will be closed so that
- * a subsequent request will automatically re-open it.
- *
- *
- * @param username Username of the Principal to look up
- * @param credentials Password or other credentials to use in
- * authenticating this username
- * @return the associated principal, or <code>null</code> if there is none.
- */
- @Override
- public synchronized Principal authenticate(String username, String
credentials) {
-
- // Number of tries is the number of attempts to connect to the database
- // during this login attempt (if we need to open the database)
- // This needs rewritten with better pooling support, the existing code
- // needs signature changes since the Prepared statements needs cached
- // with the connections.
- // The code below will try twice if there is an SQLException so the
- // connection may try to be opened again. On normal conditions
(including
- // invalid login - the above is only used once.
- int numberOfTries = 2;
- while (numberOfTries>0) {
- try {
-
- // Ensure that we have an open database connection
- open();
-
- // Acquire a Principal object for this user
- Principal principal = authenticate(dbConnection,
- username, credentials);
-
-
- // Return the Principal (if any)
- return principal;
-
- } catch (SQLException e) {
-
- // Log the problem for posterity
- containerLog.error(sm.getString("jdbcRealm.exception"), e);
-
- // Close the connection so that it gets reopened next time
- if (dbConnection != null)
- close(dbConnection);
-
- }
-
- numberOfTries--;
- }
-
- // Worst case scenario
- return null;
-
- }
-
-
- // -------------------------------------------------------- Package Methods
-
-
- // ------------------------------------------------------ Protected Methods
-
-
- /**
- * Attempt to authenticate the user with the provided credentials.
- *
- * @param dbConnection The database connection to be used
- * @param username Username of the Principal to look up
- * @param credentials Password or other credentials to use in
authenticating
- * this username
- *
- * @return Return the Principal associated with the specified username and
- * credentials, if there is one; otherwise return
<code>null</code>.
- */
- public synchronized Principal authenticate(Connection dbConnection,
- String username,
- String credentials) {
- // No user or no credentials
- // Can't possibly authenticate, don't bother the database then
- if (username == null || credentials == null) {
- if (containerLog.isTraceEnabled())
-
containerLog.trace(sm.getString("jdbcRealm.authenticateFailure",
- username));
- return null;
- }
-
- // Look up the user's credentials
- String dbCredentials = getPassword(username);
-
- if (dbCredentials == null) {
- // User was not found in the database.
- // Waste a bit of time as not to reveal that the user does not
exist.
- getCredentialHandler().mutate(credentials);
-
- if (containerLog.isTraceEnabled())
-
containerLog.trace(sm.getString("jdbcRealm.authenticateFailure",
- username));
- return null;
- }
-
- // Validate the user's credentials
- boolean validated = getCredentialHandler().matches(credentials,
dbCredentials);
-
- if (validated) {
- if (containerLog.isTraceEnabled())
-
containerLog.trace(sm.getString("jdbcRealm.authenticateSuccess",
- username));
- } else {
- if (containerLog.isTraceEnabled())
-
containerLog.trace(sm.getString("jdbcRealm.authenticateFailure",
- username));
- return null;
- }
-
- ArrayList<String> roles = getRoles(username);
-
- // Create and return a suitable Principal for this user
- return new GenericPrincipal(username, roles);
- }
-
-
- @Override
- public boolean isAvailable() {
- return (dbConnection != null);
- }
-
-
- /**
- * Close the specified database connection.
- *
- * @param dbConnection The connection to be closed
- */
- protected void close(Connection dbConnection) {
-
- // Do nothing if the database connection is already closed
- if (dbConnection == null)
- return;
-
- // Close our prepared statements (if any)
- try {
- preparedCredentials.close();
- } catch (Throwable f) {
- ExceptionUtils.handleThrowable(f);
- }
- this.preparedCredentials = null;
-
-
- try {
- preparedRoles.close();
- } catch (Throwable f) {
- ExceptionUtils.handleThrowable(f);
- }
- this.preparedRoles = null;
-
-
- // Close this database connection, and log any errors
- try {
- dbConnection.close();
- } catch (SQLException e) {
- containerLog.warn(sm.getString("jdbcRealm.close"), e); // Just log
it here
- } finally {
- this.dbConnection = null;
- }
-
- }
-
-
- /**
- * Return a PreparedStatement configured to perform the SELECT required
- * to retrieve user credentials for the specified username.
- *
- * @param dbConnection The database connection to be used
- * @param username Username for which credentials should be retrieved
- * @return the prepared statement
- * @exception SQLException if a database error occurs
- */
- protected PreparedStatement credentials(Connection dbConnection, String
username)
- throws SQLException {
-
- if (preparedCredentials == null) {
- StringBuilder sb = new StringBuilder("SELECT ");
- sb.append(userCredCol);
- sb.append(" FROM ");
- sb.append(userTable);
- sb.append(" WHERE ");
- sb.append(userNameCol);
- sb.append(" = ?");
-
- if(containerLog.isDebugEnabled()) {
- containerLog.debug("credentials query: " + sb.toString());
- }
-
- preparedCredentials =
- dbConnection.prepareStatement(sb.toString());
- }
-
- if (username == null) {
- preparedCredentials.setNull(1,java.sql.Types.VARCHAR);
- } else {
- preparedCredentials.setString(1, username);
- }
-
- return preparedCredentials;
- }
-
-
- /**
- * Get the password for the specified user.
- * @param username The user name
- * @return the password associated with the given principal's user name.
- */
- @Override
- protected synchronized String getPassword(String username) {
-
- // Look up the user's credentials
- String dbCredentials = null;
-
- // Number of tries is the number of attempts to connect to the database
- // during this login attempt (if we need to open the database)
- // This needs rewritten with better pooling support, the existing code
- // needs signature changes since the Prepared statements needs cached
- // with the connections.
- // The code below will try twice if there is an SQLException so the
- // connection may try to be opened again. On normal conditions
(including
- // invalid login - the above is only used once.
- int numberOfTries = 2;
- while (numberOfTries > 0) {
- try {
- // Ensure that we have an open database connection
- open();
-
- PreparedStatement stmt = credentials(dbConnection, username);
- try (ResultSet rs = stmt.executeQuery()) {
- if (rs.next()) {
- dbCredentials = rs.getString(1);
- }
-
- dbConnection.commit();
-
- if (dbCredentials != null) {
- dbCredentials = dbCredentials.trim();
- }
-
- return dbCredentials;
- }
- } catch (SQLException e) {
- // Log the problem for posterity
- containerLog.error(sm.getString("jdbcRealm.exception"), e);
- }
-
- // Close the connection so that it gets reopened next time
- if (dbConnection != null) {
- close(dbConnection);
- }
-
- numberOfTries--;
- }
-
- return null;
- }
-
- /**
- * Get the principal associated with the specified user.
- * @param username The user name
- * @return the Principal associated with the given user name.
- */
- @Override
- protected synchronized Principal getPrincipal(String username) {
-
- return new GenericPrincipal(username, getRoles(username));
-
- }
-
-
- /**
- * Return the roles associated with the given user name.
- * @param username The user name
- * @return an array list of the role names
- */
- protected ArrayList<String> getRoles(String username) {
-
- if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined())
{
- // Using an authentication only configuration and no role store has
- // been defined so don't spend cycles looking
- return null;
- }
-
- // Number of tries is the number of attempts to connect to the database
- // during this login attempt (if we need to open the database)
- // This needs rewritten wuth better pooling support, the existing code
- // needs signature changes since the Prepared statements needs cached
- // with the connections.
- // The code below will try twice if there is an SQLException so the
- // connection may try to be opened again. On normal conditions
(including
- // invalid login - the above is only used once.
- int numberOfTries = 2;
- while (numberOfTries>0) {
- try {
- // Ensure that we have an open database connection
- open();
-
- PreparedStatement stmt = roles(dbConnection, username);
- try (ResultSet rs = stmt.executeQuery()) {
- // Accumulate the user's roles
- ArrayList<String> roleList = new ArrayList<>();
-
- while (rs.next()) {
- String role = rs.getString(1);
- if (null!=role) {
- roleList.add(role.trim());
- }
- }
-
- return roleList;
- } finally {
- dbConnection.commit();
- }
- } catch (SQLException e) {
- // Log the problem for posterity
- containerLog.error(sm.getString("jdbcRealm.exception"), e);
-
- // Close the connection so that it gets reopened next time
- if (dbConnection != null)
- close(dbConnection);
- }
-
- numberOfTries--;
- }
-
- return null;
- }
-
-
- /**
- * Open (if necessary) and return a database connection for use by
- * this Realm.
- * @return the opened connection
- * @exception SQLException if a database error occurs
- */
- protected Connection open() throws SQLException {
-
- // Do nothing if there is a database connection already open
- if (dbConnection != null)
- return dbConnection;
-
- // Instantiate our database driver if necessary
- if (driver == null) {
- try {
- Class<?> clazz = Class.forName(driverName);
- driver = (Driver) clazz.getConstructor().newInstance();
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- throw new SQLException(e.getMessage(), e);
- }
- }
-
- // Open a new connection
- Properties props = new Properties();
- if (connectionName != null)
- props.put("user", connectionName);
- if (connectionPassword != null)
- props.put("password", connectionPassword);
- dbConnection = driver.connect(connectionURL, props);
- if (dbConnection == null) {
- throw new SQLException(sm.getString(
- "jdbcRealm.open.invalidurl",driverName, connectionURL));
- }
- dbConnection.setAutoCommit(false);
- return dbConnection;
-
- }
-
-
- /**
- * Return a PreparedStatement configured to perform the SELECT required
- * to retrieve user roles for the specified username.
- *
- * @param dbConnection The database connection to be used
- * @param username Username for which roles should be retrieved
- * @return the prepared statement
- * @exception SQLException if a database error occurs
- */
- protected synchronized PreparedStatement roles(Connection dbConnection,
String username)
- throws SQLException {
-
- if (preparedRoles == null) {
- StringBuilder sb = new StringBuilder("SELECT ");
- sb.append(roleNameCol);
- sb.append(" FROM ");
- sb.append(userRoleTable);
- sb.append(" WHERE ");
- sb.append(userNameCol);
- sb.append(" = ?");
- preparedRoles = dbConnection.prepareStatement(sb.toString());
- }
-
- preparedRoles.setString(1, username);
- return preparedRoles;
-
- }
-
-
- private boolean isRoleStoreDefined() {
- return userRoleTable != null || roleNameCol != null;
- }
-
-
- // ------------------------------------------------------ Lifecycle Methods
-
- /**
- * Prepare for the beginning of active use of the public methods of this
- * component and implement the requirements of
- * {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that prevents this component from being used
- */
- @Override
- protected void startInternal() throws LifecycleException {
-
- // Validate that we can open our connection - but let tomcat
- // startup in case the database is temporarily unavailable
- try {
- open();
- } catch (SQLException e) {
- containerLog.error(sm.getString("jdbcRealm.open"), e);
- }
-
- super.startInternal();
- }
-
-
- /**
- * Gracefully terminate the active use of the public methods of this
- * component and implement the requirements of
- * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}.
- *
- * @exception LifecycleException if this component detects a fatal error
- * that needs to be reported
- */
- @Override
- protected void stopInternal() throws LifecycleException {
-
- super.stopInternal();
-
- // Close any open DB connection
- close(this.dbConnection);
-
- }
-
-
-}
diff --git a/java/org/apache/catalina/realm/LocalStrings.properties
b/java/org/apache/catalina/realm/LocalStrings.properties
index 20398fa..49034d1 100644
--- a/java/org/apache/catalina/realm/LocalStrings.properties
+++ b/java/org/apache/catalina/realm/LocalStrings.properties
@@ -60,13 +60,6 @@ jaasRealm.unexpectedError=Unexpected error
jaasRealm.userPrincipalFailure=No valid user Principal found
jaasRealm.userPrincipalSuccess=Principal [{0}] is a valid user class. We will
use this as the user Principal.
-jdbcRealm.authenticateFailure=Username [{0}] NOT successfully authenticated
-jdbcRealm.authenticateSuccess=Username [{0}] successfully authenticated
-jdbcRealm.close=Exception closing database connection
-jdbcRealm.exception=Exception performing authentication
-jdbcRealm.open=Exception opening database connection
-jdbcRealm.open.invalidurl=Driver [{0}] does not support the url [{1}]
-
jndiRealm.authenticateFailure=Username [{0}] NOT successfully authenticated
jndiRealm.authenticateSuccess=Username [{0}] successfully authenticated
jndiRealm.cipherSuites=Enable [{0}] as cipher suites for tls connection.
diff --git a/java/org/apache/catalina/realm/LocalStrings_de.properties
b/java/org/apache/catalina/realm/LocalStrings_de.properties
index bf923bf..8d51653 100644
--- a/java/org/apache/catalina/realm/LocalStrings_de.properties
+++ b/java/org/apache/catalina/realm/LocalStrings_de.properties
@@ -27,9 +27,6 @@ jaasRealm.credentialExpired=Benutzername [{0}] konnte auf
Grund abgelaufener Zug
jaasRealm.failedLogin=Benutzername [{0}] konnte auf Grund einer fehlerhaften
Anmeldung NICHT authentifiziert werden
jaasRealm.loginContextCreated=JAAS LoginContext für Benutzername [{0}] erzeugt
-jdbcRealm.authenticateFailure=Benutzername [{0}] konnte NICHT authentifiziert
werden
-jdbcRealm.authenticateSuccess=Benutzername [{0}] konnte erfolgreich
authentifiziert werden
-
jndiRealm.authenticateFailure=Benutzername [{0}] konnte NICHT authentifiziert
werden
jndiRealm.authenticateSuccess=Benutzername [{0}] konnte erfolgreich
authentifiziert werden
diff --git a/java/org/apache/catalina/realm/LocalStrings_es.properties
b/java/org/apache/catalina/realm/LocalStrings_es.properties
index 49e521e..c915fee 100644
--- a/java/org/apache/catalina/realm/LocalStrings_es.properties
+++ b/java/org/apache/catalina/realm/LocalStrings_es.properties
@@ -46,13 +46,6 @@ jaasRealm.unexpectedError=Error inesperado
jaasRealm.userPrincipalFailure=No se ha hallado usuario Principal
jaasRealm.userPrincipalSuccess=El Principal [{0}] es una clase válida de
usuario. La vamos a usar como usuario Principal.
-jdbcRealm.authenticateFailure=El usuario [{0}] NO ha sido autentificado
correctamente
-jdbcRealm.authenticateSuccess=El usuario [{0}] ha sido autentificado
correctamente
-jdbcRealm.close=Excepción al cerrar la conexión a la base de datos
-jdbcRealm.exception=Excepción al realizar la autentificación
-jdbcRealm.open=Excepción abriendo la conexión a la base de datos
-jdbcRealm.open.invalidurl=El conductor [{0}] no soporta la url [{1}]
-
jndiRealm.authenticateFailure=Autentificación fallida para el usuario [{0}]
jndiRealm.authenticateSuccess=Autentificación correcta para el usuario [{0}]
jndiRealm.close=Excepción al cerrar la conexión al servidor de directorio
diff --git a/java/org/apache/catalina/realm/LocalStrings_fr.properties
b/java/org/apache/catalina/realm/LocalStrings_fr.properties
index f3f2382..854c9bd 100644
--- a/java/org/apache/catalina/realm/LocalStrings_fr.properties
+++ b/java/org/apache/catalina/realm/LocalStrings_fr.properties
@@ -60,13 +60,6 @@ jaasRealm.unexpectedError=Erreur inattendue
jaasRealm.userPrincipalFailure=Aucun principal valide trouvé
jaasRealm.userPrincipalSuccess=Le principal [{0}] est une classe utilisateur
valide, elle sera utilisée comme principal de l''utilisateur
-jdbcRealm.authenticateFailure=le nom d''utilisateur [{0}] N''A PAS été
authentifié
-jdbcRealm.authenticateSuccess=le nom d''utilisateur [{0}] a été authentifié
avec succès
-jdbcRealm.close=Exception lors de la fermeture de la connexion à la base de
données
-jdbcRealm.exception=Exception pendant le traitement de l'authentification
-jdbcRealm.open=Exception lors de l'ouverture de la base de données
-jdbcRealm.open.invalidurl=Le pilote [{0}] ne supporte pas l''URL [{1}]
-
jndiRealm.authenticateFailure=Le nom d''utilisateur [{0}] N''A PAS été
authentifié
jndiRealm.authenticateSuccess=Le nom d''utilisateur [{0}] a été authentifié
avec succès
jndiRealm.cipherSuites=La suite de chiffres [{0}] a été activée pour la
connection TLS
diff --git a/java/org/apache/catalina/realm/LocalStrings_ja.properties
b/java/org/apache/catalina/realm/LocalStrings_ja.properties
index 1e306cd..0d55feb 100644
--- a/java/org/apache/catalina/realm/LocalStrings_ja.properties
+++ b/java/org/apache/catalina/realm/LocalStrings_ja.properties
@@ -60,13 +60,6 @@ jaasRealm.unexpectedError=予期せぬエラー
jaasRealm.userPrincipalFailure=有効なユーザープリンシパルが見つかりません。
jaasRealm.userPrincipalSuccess=プリンシパル[{0}]は有効なユーザークラスです。 これをユーザープリンシパルとして使用します。
-jdbcRealm.authenticateFailure=ユーザ名 [{0}] は認証に失敗しました
-jdbcRealm.authenticateSuccess=ユーザ名 [{0}] は認証に成功しました
-jdbcRealm.close=データベース接続クローズ中の例外です
-jdbcRealm.exception=認証実行中の例外です
-jdbcRealm.open=データベース接続オープン中に例外が発生しました
-jdbcRealm.open.invalidurl=ドライバー [{0}] は url [{1}] に対応していません。
-
jndiRealm.authenticateFailure=ユーザ名 [{0}] は認証に失敗しました
jndiRealm.authenticateSuccess=ユーザ名 [{0}] は認証に成功しました
jndiRealm.cipherSuites=TLS 接続で暗号スイート [{0}] を有効化しました。
diff --git a/java/org/apache/catalina/realm/LocalStrings_ko.properties
b/java/org/apache/catalina/realm/LocalStrings_ko.properties
index a3cfcc2..8946f62 100644
--- a/java/org/apache/catalina/realm/LocalStrings_ko.properties
+++ b/java/org/apache/catalina/realm/LocalStrings_ko.properties
@@ -60,13 +60,6 @@ jaasRealm.unexpectedError=예기치 않은 오류
jaasRealm.userPrincipalFailure=유효한 사용자 Principal을 찾을 수 없습니다.
jaasRealm.userPrincipalSuccess=Principal [{0}]은(는) 유효한 사용자 클래스입니다. 이를 사용자
Principal로 사용하겠습니다.
-jdbcRealm.authenticateFailure=사용자명 [{0}]이(가) 성공적으로 인증되지 못했습니다.
-jdbcRealm.authenticateSuccess=사용자명 [{0}]이(가) 성공적으로 인증되었습니다.
-jdbcRealm.close=데이터베이스 연결을 닫는 중 예외 발생
-jdbcRealm.exception=인증 처리 수행 중 예외 발생
-jdbcRealm.open=데이터베이스 연결을 여는 중 예외 발생
-jdbcRealm.open.invalidurl=드라이버 [{0}]은(는) URL [{1}]을(를) 지원하지 않습니다.
-
jndiRealm.authenticateFailure=사용자명 [{0}]이(가) 성공적으로 인증되지 못했습니다.
jndiRealm.authenticateSuccess=사용자명 [{0}]이(가) 성공적으로 인증되었습니다.
jndiRealm.cipherSuites=이 tls 연결을 위한 cipher suite들로서, [{0}]을(를) 사용 가능하게 합니다.
diff --git a/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties
b/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties
index 36c5f22..f3d0b80 100644
--- a/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties
+++ b/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties
@@ -59,13 +59,6 @@ jaasRealm.unexpectedError=意外错误
jaasRealm.userPrincipalFailure=未发现有效的用户Principal
jaasRealm.userPrincipalSuccess=主体[{0}]是有效的用户类。我们将其用作用户主体。
-jdbcRealm.authenticateFailure=用户名称[{0}]未校验成功
-jdbcRealm.authenticateSuccess=用户名[{0}]已成功通过身份验证
-jdbcRealm.close=关闭数据库连接异常
-jdbcRealm.exception=执行身份验证时发生异常
-jdbcRealm.open=打开数据库连接时发生异常
-jdbcRealm.open.invalidurl=驱动程序[{0}]不支持url[{1}]。
-
jndiRealm.authenticateFailure=用户名[{0}]没有成功认证
jndiRealm.authenticateSuccess=用户名[{0}]成功认证
jndiRealm.cipherSuites=启用 [{0}] 作为 TLS 连接的加密套件。
diff --git a/java/org/apache/catalina/realm/mbeans-descriptors.xml
b/java/org/apache/catalina/realm/mbeans-descriptors.xml
index a75a66d..b2aa2c9 100644
--- a/java/org/apache/catalina/realm/mbeans-descriptors.xml
+++ b/java/org/apache/catalina/realm/mbeans-descriptors.xml
@@ -138,77 +138,6 @@
</mbean>
- <mbean name="JDBCRealm"
- description="Implementation of Realm that works with any JDBC
supported database"
- domain="Catalina"
- group="Realm"
- type="org.apache.catalina.realm.JDBCRealm">
-
- <attribute name="allRolesMode"
- description="The all roles mode."
- type="java.lang.String"/>
-
- <attribute name="className"
- description="Fully qualified class name of the managed object"
- type="java.lang.String"
- writeable="false"/>
-
- <attribute name="connectionName"
- description="The connection username to use when trying to connect
to the database"
- type="java.lang.String"/>
-
- <attribute name="connectionPassword"
- description="The connection password to use when trying to connect
to the database"
- type="java.lang.String"/>
-
- <attribute name="connectionURL"
- description="The connection URL to use when trying to connect to the
database"
- type="java.lang.String"/>
-
- <attribute name="driverName"
- description="The JDBC driver to use"
- type="java.lang.String"/>
-
- <attribute name="roleNameCol"
- description="The column in the user role table that names a role"
- type="java.lang.String"/>
-
- <attribute name="realmPath"
- description="The realm path"
- type="java.lang.String"/>
-
- <attribute name="stateName"
- description="The name of the LifecycleState that this component is
currently in"
- type="java.lang.String"
- writeable="false"/>
-
- <attribute name="userCredCol"
- description="The column in the user table that holds the user's
credentials"
- type="java.lang.String"/>
-
- <attribute name="userNameCol"
- description="The column in the user table that holds the user's
username"
- type="java.lang.String"/>
-
- <attribute name="userRoleTable"
- description="The table that holds the relation between user's and
roles"
- type="java.lang.String"/>
-
- <attribute name="userTable"
- description="The table that holds user data"
- type="java.lang.String"/>
-
- <attribute name="validate"
- description="The 'validate certificate chains' flag."
- type="boolean"/>
-
-
- <operation name="start" description="Start" impact="ACTION"
returnType="void" />
- <operation name="stop" description="Stop" impact="ACTION"
returnType="void" />
- <operation name="init" description="Init" impact="ACTION"
returnType="void" />
- <operation name="destroy" description="Destroy" impact="ACTION"
returnType="void" />
- </mbean>
-
<mbean name="JNDIRealm"
description="Implementation of Realm that works with a directory
server accessed via the Java Naming and Directory Interface (JNDI) APIs"
domain="Catalina"
diff --git a/res/findbugs/filter-false-positives.xml
b/res/findbugs/filter-false-positives.xml
index 6d25bbd..322e1c8 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -345,10 +345,7 @@
</Match>
<Match>
<!-- SQL construction is safe since it is from trusted config -->
- <Or>
- <Class name="org.apache.catalina.realm.DataSourceRealm" />
- <Class name="org.apache.catalina.realm.JDBCRealm" />
- </Or>
+ <Class name="org.apache.catalina.realm.DataSourceRealm" />
<Or>
<Method name="credentials" />
<Method name="getPassword" />
@@ -358,20 +355,6 @@
<Bug pattern="SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING" />
</Match>
<Match>
- <Class name="org.apache.catalina.realm.JDBCRealm" />
- <Field name="containerLog" />
- <Bug code="IS" />
- </Match>
- <Match>
- <!-- Sync is protecting preparedRoles, not these fields -->
- <Class name="org.apache.catalina.realm.JDBCRealm" />
- <Or>
- <Field name="roleNameCol" />
- <Field name="userRoleTable" />
- </Or>
- <Bug pattern="IS2_INCONSISTENT_SYNC " />
- </Match>
- <Match>
<!-- roles will be initialized in addAttributeValues -->
<Class name="org.apache.catalina.realm.JNDIRealm" />
<Or>
diff --git a/webapps/docs/config/realm.xml b/webapps/docs/config/realm.xml
index 08e4480..444070a 100644
--- a/webapps/docs/config/realm.xml
+++ b/webapps/docs/config/realm.xml
@@ -1055,132 +1055,6 @@
</subsection>
- <subsection name="JDBC Database Realm - org.apache.catalina.realm.JDBCRealm">
-
- <p><strong>The JDBC Database Realm has been deprecated and will be removed
- in Tomcat 10 onwards. Use the DataSourceRealm instead.</strong></p>
-
- <p>The <strong>JDBC Database Realm</strong> connects Tomcat to
- a relational database, accessed through an appropriate JDBC driver,
- to perform lookups of usernames, passwords, and their associated
- roles. Because the lookup is done each time that it is required,
- changes to the database will be immediately reflected in the
- information used to authenticate new logins.</p>
-
- <p>Note: The <strong>JDBC Database Realm</strong> uses a single connection
- to the database with synchronisation to prevenbt concurrent usage. It is
not
- recommended for production usage. Use the DataSource Realm instaead.</p>
-
- <p>A rich set of additional attributes lets you configure the required
- connection to the underlying database, as well as the table and
- column names used to retrieve the required information:</p>
-
- <attributes>
-
- <attribute name="allRolesMode" required="false">
- <p>This attribute controls how the special role name <code>*</code> is
- handled when processing authorization constraints in web.xml. By
- default, the specification compliant value of <code>strict</code> is
- used which means that the user must be assigned one of the roles
defined
- in web.xml. The alternative values are <code>authOnly</code> which
means
- that the user must be authenticated but no check is made for assigned
- roles and <code>strictAuthOnly</code> which means that the user must be
- authenticated and no check will be made for assigned roles unless roles
- are defined in web.xml in which case the user must be assigned at least
- one of those roles.</p>
- <p>When this attribute has the value of <code>authOnly</code> or
- <code>strictAuthOnly</code>, the <strong>roleNameCol</strong> and
- <strong>userRoleTable</strong> attributes become optional. If those two
- attributes are omitted, the user's roles will not be loaded by this
- Realm.</p>
- </attribute>
-
- <attribute name="connectionName" required="true">
- <p>The database username to use when establishing the JDBC
- connection.</p>
- </attribute>
-
- <attribute name="connectionPassword" required="true">
- <p>The database password to use when establishing the JDBC
- connection.</p>
- </attribute>
-
- <attribute name="connectionURL" required="true">
- <p>The connection URL to be passed to the JDBC driver when
- establishing a database connection.</p>
- </attribute>
-
- <attribute name="driverName" required="true">
- <p>Fully qualified Java class name of the JDBC driver to be
- used to connect to the authentication database.</p>
- </attribute>
-
- <attribute name="roleNameCol" required="false">
- <p>Name of the column, in the "user roles" table, which contains
- a role name assigned to the corresponding user.</p>
- <p>This attribute is <strong>required</strong> in majority of
- configurations. See <strong>allRolesMode</strong> attribute for
- a rare case when it can be omitted.</p>
- </attribute>
-
- <attribute name="stripRealmForGss" required="false">
- <p>When processing users authenticated via the GSS-API, this attribute
- controls if any "@..." is removed from the end of the user
- name. If not specified, the default is <code>true</code>.</p>
- </attribute>
-
- <attribute name="transportGuaranteeRedirectStatus" required="false">
- <p>The HTTP status code to use when the container needs to issue an
HTTP
- redirect to meet the requirements of a configured transport
- guarantee. The provided status code is not validated. If not
- specified, the default value of <code>302</code> is used.</p>
- </attribute>
-
- <attribute name="userCredCol" required="true">
- <p>Name of the column, in the "users" table, which contains
- the user's credentials (i.e. password). If a
- <code>CredentialHandler</code> is specified, this component
- will assume that the passwords have been encoded with the
- specified algorithm. Otherwise, they will be assumed to be
- in clear text.</p>
- </attribute>
-
- <attribute name="userNameCol" required="true">
- <p>Name of the column, in the "users" and "user roles" table,
- that contains the user's username.</p>
- </attribute>
-
- <attribute name="userRoleTable" required="false">
- <p>Name of the "user roles" table, which must contain columns
- named by the <code>userNameCol</code> and <code>roleNameCol</code>
- attributes.</p>
- <p>This attribute is <strong>required</strong> in majority of
- configurations. See <strong>allRolesMode</strong> attribute for
- a rare case when it can be omitted.</p>
- </attribute>
-
- <attribute name="userTable" required="true">
- <p>Name of the "users" table, which must contain columns named
- by the <code>userNameCol</code> and <code>userCredCol</code>
- attributes.</p>
- </attribute>
-
- <attribute name="X509UsernameRetrieverClassName" required="false">
- <p>When using X509 client certificates, this specifies the class name
- that will be used to retrieve the user name from the certificate.
- The class must implement the
- <code>org.apache.catalina.realm.X509UsernameRetriever</code>
- interface. The default is to use the certificate's SubjectDN
- as the username.</p>
- </attribute>
- </attributes>
-
- <p>See the <a href="../realm-howto.html">Container-Managed Security
Guide</a> for more
- information on setting up container managed security using the
- JDBC Database Realm component.</p>
-
- </subsection>
-
</section>
diff --git a/webapps/docs/manager-howto.xml b/webapps/docs/manager-howto.xml
index 351e89b..61be235 100644
--- a/webapps/docs/manager-howto.xml
+++ b/webapps/docs/manager-howto.xml
@@ -181,7 +181,7 @@ Exactly how the usernames/passwords are configured depends
on which
add the <strong>manager-script</strong> role to the comma-delimited
<code>roles</code> attribute for one or more existing users, and/or
create new users with that assigned role.</li>
-<li><em>DataSourceRealm</em> or <em>JDBCRealm</em>
+<li><em>DataSourceRealm</em>
— Your user and role information is stored in
a database accessed via JDBC. Add the <strong>manager-script</strong> role
to one or more existing users, and/or create one or more new users
diff --git a/webapps/docs/realm-howto.xml b/webapps/docs/realm-howto.xml
index adad6aa..1cd8567 100644
--- a/webapps/docs/realm-howto.xml
+++ b/webapps/docs/realm-howto.xml
@@ -84,8 +84,6 @@ can be implemented by "plug in" components to establish this
connection.
Six standard plug-ins are provided, supporting connections to various
sources of authentication information:</p>
<ul>
-<li><a href="#JDBCRealm">JDBCRealm</a> - Accesses authentication information
- stored in a relational database, accessed via a JDBC driver.</li>
<li><a href="#DataSourceRealm">DataSourceRealm</a> - Accesses authentication
information stored in a relational database, accessed via a named JNDI
JDBC DataSource.</li>
@@ -1111,117 +1109,6 @@ functionality to a UserDatabase Realm.</p>
</subsection>
-<subsection name="JDBCRealm">
-
-<h5>Introduction</h5>
-
-<p><strong>The JDBC Database Realm has been deprecated and will be removed
-in Tomcat 10 onwards. Use the DataSourceRealm instead.</strong></p>
-
-<p><strong>JDBCRealm</strong> is an implementation of the Tomcat
-<code>Realm</code> interface that looks up users in a relational database
-accessed via a JDBC driver. There is substantial configuration flexibility
-that lets you adapt to existing table and column names, as long as your
-database structure conforms to the following requirements:</p>
-<ul>
-<li>There must be a table, referenced below as the <em>users</em> table,
- that contains one row for every valid user that this <code>Realm</code>
- should recognize.</li>
-<li>The <em>users</em> table must contain at least two columns (it may
- contain more if your existing applications required it):
- <ul>
- <li>Username to be recognized by Tomcat when the user logs in.</li>
- <li>Password to be recognized by Tomcat when the user logs in.
- This value may in cleartext or digested - see below for more
- information.</li>
- </ul></li>
-<li>There must be a table, referenced below as the <em>user roles</em> table,
- that contains one row for every valid role that is assigned to a
- particular user. It is legal for a user to have zero, one, or more than
- one valid role.</li>
-<li>The <em>user roles</em> table must contain at least two columns (it may
- contain more if your existing applications required it):
- <ul>
- <li>Username to be recognized by Tomcat (same value as is specified
- in the <em>users</em> table).</li>
- <li>Role name of a valid role associated with this user.</li>
- </ul></li>
-</ul>
-
-<h5>Quick Start</h5>
-
-<p>To set up Tomcat to use JDBCRealm, you will need to follow these steps:</p>
-<ol>
-<li>If you have not yet done so, create tables and columns in your database
- that conform to the requirements described above.</li>
-<li>Configure a database username and password for use by Tomcat, that has
- at least read only access to the tables described above. (Tomcat will
- never attempt to write to these tables.)</li>
-<li>Place a copy of the JDBC driver you will be using inside the
- <code>$CATALINA_HOME/lib</code> directory.
- Note that <strong>only</strong> JAR files are recognized!</li>
-<li>Set up a <code><Realm></code> element, as described below, in your
- <code>$CATALINA_BASE/conf/server.xml</code> file.</li>
-<li>Restart Tomcat if it is already running.</li>
-</ol>
-
-<h5>Realm Element Attributes</h5>
-
-<p>To configure JDBCRealm, you will create a <code><Realm></code>
-element and nest it in your <code>$CATALINA_BASE/conf/server.xml</code> file,
-as described <a href="#Configuring_a_Realm">above</a>. The attributes for the
-JDBCRealm are defined in the <a href="config/realm.html">Realm</a>
configuration
-documentation.</p>
-
-<h5>Example</h5>
-
-<p>An example SQL script to create the needed tables might look something
-like this (adapt the syntax as required for your particular database):</p>
-<source>create table users (
- user_name varchar(15) not null primary key,
- user_pass varchar(15) not null
-);
-
-create table user_roles (
- user_name varchar(15) not null,
- role_name varchar(15) not null,
- primary key (user_name, role_name)
-);</source>
-
-<p>Example <code>Realm</code> elements are included (commented out) in the
-default <code>$CATALINA_BASE/conf/server.xml</code> file. Here's an example
-for using a MySQL database called "authority", configured with the tables
-described above, and accessed with username "dbuser" and password "dbpass":</p>
-<source><![CDATA[<Realm className="org.apache.catalina.realm.JDBCRealm"
- driverName="org.gjt.mm.mysql.Driver"
-
connectionURL="jdbc:mysql://localhost/authority?user=dbuser&password=dbpass"
- userTable="users" userNameCol="user_name" userCredCol="user_pass"
- userRoleTable="user_roles" roleNameCol="role_name"/>]]></source>
-
-<h5>Additional Notes</h5>
-
-<p>JDBCRealm operates according to the following rules:</p>
-<ul>
-<li>When a user attempts to access a protected resource for the first time,
- Tomcat will call the <code>authenticate()</code> method of this
- <code>Realm</code>. Thus, any changes you have made to the database
- directly (new users, changed passwords or roles, etc.) will be immediately
- reflected.</li>
-<li>Once a user has been authenticated, the user (and his or her associated
- roles) are cached within Tomcat for the duration of the user's login.
- (For FORM-based authentication, that means until the session times out or
- is invalidated; for BASIC authentication, that means until the user
- closes their browser). The cached user is <strong>not</strong> saved and
- restored across sessions serialisations. Any changes to the database
- information for an already authenticated user will <strong>not</strong> be
- reflected until the next time that user logs on again.</li>
-<li>Administering the information in the <em>users</em> and <em>user roles</em>
- table is the responsibility of your own applications. Tomcat does not
- provide any built-in capabilities to maintain users and roles.</li>
-</ul>
-
-</subsection>
-
</section>
</body>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 0eddda6..34c62da 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -440,10 +440,6 @@
<p>The MemoryRealm is not intended for production use as any changes to
tomcat-users.xml require a restart of Tomcat to take effect.</p>
- <p>The JDBCRealm is not recommended for production use as it is single
- threaded for all authentication and authorization options. Use the
- DataSourceRealm instead.</p>
-
<p>The UserDatabaseRealm is not intended for large-scale installations.
It
is intended for small-scale, relatively static environments.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
