DO NOT REPLY [Bug 35758] - Admin webapp does not save correctly the JDBCRealm XML tag.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35758. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35758 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2005-07-22 15:48 --- Fixed with the type of check you suggested on all JDBCRealm attributes. Thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35682] - more flexible JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35682. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35682 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2005-07-22 16:51 --- Thanks for submitting this patch. However, as we're trying to move away from JDBCRealm in favor of DataSourceRealm, and as this might be addressed by setting up appropriate views in your database, I'm hesitant to apply it to the JDBCRealm. If you strongly feel there's a broad use-case for this, please bring it up on the tomcat-dev mailing list. Thanks. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35745] - Realm JDBCRealm userTable userRoleTable not real parameters?
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35745. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35745 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2005-07-21 23:54 --- Thank you for the compliments, we're glad you like Tomcat. You can inspect the JDBCRealm (and its more recent, more recommended brother, DataSourceRealm) and any class you think is relevant, and you'll find none of these credential columns are hard-coded. I personally have used the JDBCRealm with all sorts of table names and column names, without a problem. Accordingly, I'm closing this issue as invalid. I suggest you use the tomcat-user mailing list for further advice about debugging your situation. I also did add one logging statement to JDBCRealm which will output the credentials query, if you have the class configured for DEBUG-level logging. That'll be in 5.5.10. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35758] New: - Admin webapp does not save correctly the JDBCRealm XML tag.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=35758.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35758
Summary: Admin webapp does not save correctly the JDBCRealm XML
tag.
Product: Tomcat 5
Version: 5.5.9
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Webapps:Administration
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]
Hi,
I have a problem when configuring a JDBCRealm from the admin tool.
I use no digest algorithm, so I leave the digest text field in blank, but the
generated server.xml file includes an oughfull:
digest=
attribute, so Tomcat throws me an exception telling me that it can not find the
required () digest algorithm.
I removed the offending line from server.xml and it works perfectly.
Unfortunatelly, my hosting service only allow me to use the admin app. (As a
workaround, I included the META-INF/context.xml file with the right tags and it
worked ok)
How can I tell from the admin app that don't generate the digest attribute?
I already test it with: No, NO, NONE y null but doesn't work.
I checked the source code and the SaveJDBCRealmAction Action class has the
following code in line 235:
attribute = digest;
mBServer.setAttribute(roname,
new Attribute(digest, rform.getDigest()));
May it be guarded like this?
if ( rform.getDigest() != null !.equals(rform.getDigest().trim()) ) {
attribute = digest;
mBServer.setAttribute(roname,
new Attribute(digest, rform.getDigest()));
}
Thanks in advance
Gabriel
PS: Didn't check it but it may be worth to look at the code of DataSourceRealm
since it may have similar problems.-
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35745] New: - Realm JDBCRealm userTable userRoleTable not real parameters?
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35745. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35745 Summary: Realm JDBCRealm userTable userRoleTable not real parameters? Product: Tomcat 5 Version: 5.0.28 Platform: PC OS/Version: Windows 2000 Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] When implementing container managed security in server.xml using JDBCRealm (and perhaps the JNDI JDBC based realm?) this works Realm className=org.apache.catalina.realm.JDBCRealm debug=99 connectionName=javauser connectionPassword=javadude connectionURL=jdbc:mysql://localhost:3306/trainingdb driverName=com.mysql.jdbc.Driver userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / But this does not Realm className=org.apache.catalina.realm.JDBCRealm debug=99 connectionName=javauser connectionPassword=javadude connectionURL=jdbc:mysql://localhost:3306/trainingdb driverName=com.mysql.jdbc.Driver userTable=MYTABLENAME userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The Tomcat log files were helpful in that they indicated my table name was not found in the database - but it was there. On a hunch I renamed my existing legacy tables (in test) to match your examples and the container managed security worked. It appears the Tomcat implementation has hard-coded these table-name and column-name values somewhere in the j_security_implementation. This of course defeats the whole point of providing these parameters to users in the first place. Note that published authors, aside from your web-site, are touting the flexibility of the Tomcat implementation to reference existing client (legacy) USER and USER-ROLE table names already existing and used by other applications. I spent several days trying to get my existing table names to work without success and I'm not a 'newbie'. I never saw any published examples in books where anyone actually used names aside from the default example, so perhaps this simply has not be tested. It is the only explanation I have for it not working without digging into the Tomcat source code implementation of container managed security. Great product, by the way, really. Tomcat is fantastic - and free -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35682] New: - more flexible JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35682. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35682 Summary: more flexible JDBCRealm Product: Tomcat 5 Version: 5.5.9 Platform: Other OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] The JDBCRealm currently is configured via table names and column names. In our database, this is not flexible enough and we cannot use the JDBCRealm. The proposed enhancement adds new configuration strings to the JDBCRealm to allow it to work with more database schemas. Specifically, you specify and credentialsSQL and rolesSQL configuration string in the Realm fragment in server.xml. With this enhancement, my Realm fragment looks like this: Realm className=org.apache.catalina.realm.JDBCRealm driverName=net.sourceforge.jtds.jdbc.Driver connectionURL=jdbc:jtds:sqlserver://localhost:1433/xxx;SelectMethod=cursor;Use r=xxx;Password=xxx credentialsSQL=SELECT FPassword FROM DAccount WHERE FUsername=? rolesSQL=SELECT DRole.FName FROM DAccount INNER JOIN DAccountToDRole ON DAccount.FId = DAccountToDRole.FAccountId INNER JOIN DRole ON DAccountToDRole.FRoleId = DRole.FId WHERE (DAccount.FUsername = ?) / The code modifications in JDBCRealm.java are minor, the diff -u will be attached. Basically, if the credentialsSQL and rolesSQL are valid (ie non null and not ), then the credentialsSQL and rolesSQL will be used instead of any column/table names provided. -- thanks, Andrew -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35682] - more flexible JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35682. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35682 --- Additional Comments From [EMAIL PROTECTED] 2005-07-11 00:58 --- Created an attachment (id=15642) -- (http://issues.apache.org/bugzilla/attachment.cgi?id=15642action=view) diff -u of the change -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35682] - more flexible JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35682. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35682 --- Additional Comments From [EMAIL PROTECTED] 2005-07-11 00:58 --- Created an attachment (id=15643) -- (http://issues.apache.org/bugzilla/attachment.cgi?id=15643action=view) new JDBCRealm.java -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 35682] - more flexible JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=35682. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=35682 --- Additional Comments From [EMAIL PROTECTED] 2005-07-11 01:00 --- One more thing, probably should'nt have, but the fixes a typo in the work given. -- Andrew -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 09:04 --- No. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34081] - JDBCRealm embeded in Context wont load if driver class isn't global
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34081. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34081 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 09:06 --- As designed. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34081] - JDBCRealm embeded in Context wont load if driver class isn't global
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34081. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34081 --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 16:38 --- (In reply to comment #2) As designed. My question is why is it designed this way? True, this is a container managed realm, but I don't understand the rationalization. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WONTFIX | --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 16:40 --- (In reply to comment #2) No. what!? You mean you don't feel this is a defect? Failures are happening and no clear reason is given, this is clearly a defect. I can fix the darn thing. Why are you closing this as wontfix? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 16:43 --- My answer to feedack please ? is no. I don't see much to clarify here. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 16:44 --- (In reply to comment #4) My answer to feedack please ? is no. I don't see much to clarify here. I understand that part, but why are you closing it as wontfix? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WONTFIX | --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 16:51 --- (In reply to comment #4) My answer to feedack please ? is no. I don't see much to clarify here. root cause exception is discarded. This is a defect in any software. This obscures the reason for the failure and makes it more difficult for the user to resolve it. This needs to be fixed. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 16:54 --- The issue here is that the JDBC realm is a toy realm: it doesn't scale at all, and by definition is not very robust. I would now like to keep it frozen except for actual bugfixes, to avoid any possible regression like the one that was in 5.5.7. I think you should use the data source realm instead. Please do not bother reopening this report, nor your other one. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=34080.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34080
[EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL PROTECTED]
--- Additional Comments From [EMAIL PROTECTED] 2005-03-19 17:24 ---
Ahhh, thank you for that information. That makes more sense. So this reaml is
probably on track for deprecation then? Which realm precisely are you referring
to? My project is still using 5.0.28 and I can't change that until the
Standards Committee gets around to approving 5.5.
Please understand that I'm a quality freak and I have a hard time seeing stuff
like that and letting it go. Also, I jacked around with this for a few hours
before I discovered that I was getting this exception because I didn't install
the jar file globally.
Also, another posible solution, although kinda ugly, is just to throw a new
SQLException(Can't load driver class) { public Throwable getCause() { return
e; } }; That would leave the exception type the same and pass the root cause.
Or if we don't want the anonymous ugly thing, we can at least throw new
SQLException(Can't load driver class: + e.class() + + e.getMessege());
Daniel
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 [EMAIL PROTECTED] changed: What|Removed |Added CC|[EMAIL PROTECTED] | --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 19:20 --- The data source realm is DataSourceRealm. http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html#DataSourceRealm Note that it has a regression in 5.5.7 caused by the addition of digest auth support, so you should be using the realm from either 5.5.4 or 5.5.8. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] New: - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=34080.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34080
Summary: JDBCRealm looses original exception, fabricates
exception type
Product: Tomcat 5
Version: Nightly Build
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]
naughty, naughty programmer ditches the original exception. See line 684 of
current nightly build of org.apache.catalina.realm.JDBCRealm.java
// Instantiate our database driver if necessary
if (driver == null) {
try {
Class clazz = Class.forName(driverName);
driver = (Driver) clazz.newInstance();
} catch (Throwable e) {
throw new SQLException(e.getMessage());
}
}
As you can see, only the message of the exception is retained which is usually
meaningless without knowning the exception it's self. The original stack trace
is also lost. To make matters worse, SQLException doesn't take a rootCause to
show you this because it expects this to come from a DBMS and not a driver class
loading routine.
The issues surrounding this catch Throwable is that Class.forName() can throw
some nasty errors and we dont want a bad JDBC realm configuration to bring down
Tomcat. The possible Throwables from this try block are:
LinkageError
ExceptionInInitializerError
ClassNotFoundException
ClassCastException
Additionally, ExceptionInInitializerError can contain an exception from the
static initializer of the driver class that failed to load, compounding the
original lost exception issue. This presents a diverse array of possible
problems.
I propose we throw a LifeCycleException, but catch it in the start() method. If
I understand the logic correctly, we want to let the app start up if they aren't
using authentication, even though they don't have their realm configured
correctly.
Feedback please?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34080] - JDBCRealm looses original exception, fabricates exception type
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34080 --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 05:41 --- Actually, the open() method is called from several places, looks like it may be better to have a RealmException class or even an internal mechanism or private static innerclass or something. Feedback please? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34081] New: - JDBCRealm embeded in Context wont load if driver class isn't global
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=34081.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34081
Summary: JDBCRealm embeded in Context wont load if driver class
isn't global
Product: Tomcat 5
Version: Nightly Build
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]
When initializing a StandardContext, the JDBCReam doesn't use the Context's
class loader making the driver classes unavailable if they aren't installed
globally (eew). This breaks the ability to use the manager application to
deploy an app that uses a JDBCRealm because the driver class is unknown to the
default loader. This also erodes abstraction between the web application and
the application server and would appear to be a bug rather than a feature
request as in bug 33266
(http://issues.apache.org/bugzilla/show_bug.cgi?id=33266).
This issue was particularly irritating due to bug 34080
(http://issues.apache.org/bugzilla/show_bug.cgi?id=34080) that I just entered
in. Because I didn't have my jdbc driver classes globally installed, I was
getting this for an error (trace from 5.0.28 BTW):
JDBCRealm[]: Exception performing authentication
java.sql.SQLException: oracle.jdbc.driver.OracleDriver
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)
at ... blah blah blah ...
This obviously didn't give me the information that I needed to understand what
the problem was, although I did get a hint.
Consider lines 678 through 686 in the current JDBCRealm.java:
// Instantiate our database driver if necessary
if (driver == null) {
try {
Class clazz = Class.forName(driverName);
driver = (Driver) clazz.newInstance();
} catch (Throwable e) {
throw new SQLException(e.getMessage());
}
}
it would appear that solving this problem would be as simple as changing line
681 to:
Class clazz = container.getLoader() != null
? Class.forName(driverName, container.getLoader())
: Class.forName(driverName);
This would be my 1st time building tomcat, so I'll have to try this this
weekend. Is anybody aware of issues that would occur with having a class that
was loaded by a different loader however? Also, can anybody think of problems
that this could cause for containers other than Contexts (i.e., should we check
if container is a Context before we do this)?
Thanks,
Daniel
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 34081] - JDBCRealm embeded in Context wont load if driver class isn't global
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=34081. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=34081 --- Additional Comments From [EMAIL PROTECTED] 2005-03-19 05:55 --- bah! my newbie-dom is revealed. I put the URLs for the bugs and Bugzilla links them for you... (mental note)... -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 30352] - CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=30352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=30352 [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-11-29 21:02 --- This is now fixed in CVS for TC5.5.x -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 19767] - Digest authentication doesn't work with JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=19767. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=19767 [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED OS/Version||All Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-11-27 19:31 --- Fixed in CVS. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 30352] - CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=30352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=30352 [EMAIL PROTECTED] changed: What|Removed |Added Severity|major |enhancement --- Additional Comments From [EMAIL PROTECTED] 2004-11-18 16:11 --- Changing this to an enhancement request. OP, if you want to work on this, a patch would be gladly welcome. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 31753] - inconsistency in #authenticate(Connection, ...) for JDBCRealm and DataSourceRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=31753. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=31753 inconsistency in #authenticate(Connection, ...) for JDBCRealm and DataSourceRealm [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-10-29 13:32 --- OK, fixed. Thanks for pointing this out. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 31683] - It should be documented that JDBCRealm doesn't support digest authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=31683. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=31683 It should be documented that JDBCRealm doesn't support digest authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-10-29 13:44 --- OK, docs clarified. Thanks for your suggestion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 30352] - CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=30352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=30352 CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm --- Additional Comments From [EMAIL PROTECTED] 2004-10-29 18:24 --- The example URL you give (marc.theaimsgroup.com) has role-name *. If web.xml has inside security-role any role-name other than * then tomcat will give 403 to users in that role. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 31683] - It should be documented that JDBCRealm doesn't support digest authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=31683. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=31683 It should be documented that JDBCRealm doesn't support digest authentication --- Additional Comments From [EMAIL PROTECTED] 2004-10-22 20:40 --- The user database implementation in Tomcat 5.0.29 doesn't seem to work with DIGEST authentication. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 31753] New: - inconsistency in #authenticate(Connection, ...) for JDBCRealm and DataSourceRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31753.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31753
inconsistency in #authenticate(Connection, ...) for JDBCRealm and DataSourceRealm
Summary: inconsistency in #authenticate(Connection, ...) for
JDBCRealm and DataSourceRealm
Product: Tomcat 5
Version: Nightly Build
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
I couldn't help noticing the inconsistency in #authenticate(Connection, String,
String) for JDBCRealm and DataSourceRealm.
- Getting dbCredentials
JDBCRealm:
if (rs.next()) {
dbCredentials = rs.getString(1);
}
DataSourceRealm:
while (rs.next()) {
dbCredentials = rs.getString(1);
}
- Getting roles
JDBCRealm:
while (rs.next()) {
String role = rs.getString(1);
if (null!=role) {
roleList.add(role.trim());
}
}
DataSourceRealm:
while (rs.next()) {
list.add(rs.getString(1).trim());
}
I think the JDBCRealm approach is better in both cases.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 31683] - It should be documented that JDBCRealm doesn't support digest authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=31683. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=31683 It should be documented that JDBCRealm doesn't support digest authentication --- Additional Comments From [EMAIL PROTECTED] 2004-10-13 18:57 --- Care to submit a doc patch? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 31683] New: - It should be documented that JDBCRealm doesn't support digest authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=31683. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=31683 It should be documented that JDBCRealm doesn't support digest authentication Summary: It should be documented that JDBCRealm doesn't support digest authentication Product: Tomcat 5 Version: 5.5.3 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Webapps:Documentation AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The realm documentaion e.g. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/realm.html doesn't mention that JDBCRealm (and DataSourceRealm) currently cannot support DIGEST authentication. There is an old bug report, bug#19767, which analysis the problem in detail: some basic functions which are required for the Digest authentication are not implemented. Based on google search several people were affected by the problem. Moreover, there isn't any kind of error message or log entry which could help, this makes the problem more severe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 30352] - CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=30352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=30352 CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2004-09-15 16:18 --- Did you actually try testing CLIENT-CERT authentication? ;) It works. Check out http://marc.theaimsgroup.com/?l=tomcat-userm=109275632305374w=2 for example. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 30352] - CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=30352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=30352 CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID | --- Additional Comments From [EMAIL PROTECTED] 2004-09-15 17:00 --- Are you, like, totally brain-dead? CLIENT-CERT auth only works with MemoryRealm and (in 5.5.x) UDBRealm. With the other Realms, it's just like the reporter states it is. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 4352] - JDBCRealm does not work with CLIENT-CERT auth-method
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=4352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=4352 JDBCRealm does not work with CLIENT-CERT auth-method [EMAIL PROTECTED] changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2004-09-12 22:08 --- The issue here is a subset of the issues in the duplicate. *** This bug has been marked as a duplicate of 19767 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 19767] - Digest authentication doesn't work with JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=19767. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=19767 Digest authentication doesn't work with JDBCRealm [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] --- Additional Comments From [EMAIL PROTECTED] 2004-09-12 22:08 --- *** Bug 4352 has been marked as a duplicate of this bug. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 30352] New: - CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=30352. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=30352 CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm Summary: CLIENT-CERT auth doesn't work with DataSourceRealm and JDBCRealm Product: Tomcat 5 Version: 5.0.27 Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CLIENT-CERT authentication, as defined in RealmBase, requires working getPrincipal() method. However, DataSourceRealm and JDBCRealm have dummy getPrincipal(), which always returns null, so CLIENT-CERT auth doesn't work with these realms. Why is it like that? Will it be fixed? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 10000] - IOException Broken Pipe when authenticating JDBCRealm MySQL db
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1 IOException Broken Pipe when authenticating JDBCRealm MySQL db [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||LATER --- Additional Comments From [EMAIL PROTECTED] 2004-03-07 07:22 --- Hopefully this can be addressed for 3.3.3. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 26495] - JDBCRealm and DataSourceRealm with case insensitive user names
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26495. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26495 JDBCRealm and DataSourceRealm with case insensitive user names [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2004-02-24 11:56 --- I don't see the point of case insensitive credentials, and seems to contradict most authentication schemes. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 26495] - JDBCRealm and DataSourceRealm with case insensitive user names
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26495. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26495 JDBCRealm and DataSourceRealm with case insensitive user names --- Additional Comments From [EMAIL PROTECTED] 2004-02-24 20:38 --- Well, web-based authentication can't be compared to other authentication schemes IMHO. There are a lot of users who can remember their user names, but not the correct spelling they chose when they registered on the page. The fact is that there are a lot of web pages out there that allow for case insensitive user names (but certainly display the correct spelling after you have been logged in). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 9921] - JDBCRealm doesn't work with more service definition
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9921. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9921 JDBCRealm doesn't work with more service definition [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2004-02-07 14:53 --- This appears to be a configuration exercise. Please use tomcat-user list for assistance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 26494] New: - JDBCRealm and DataSourceRealm with case insensitive user names
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26494. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26494 JDBCRealm and DataSourceRealm with case insensitive user names Summary: JDBCRealm and DataSourceRealm with case insensitive user names Product: Tomcat 4 Version: 4.1.29 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Both the JDBCRealm and the DataSourceRealm don't handle tables with case insensitive user names very well: Users can enter any capitalisation, but request.getRemoteUser() does not normalize the user name to the exact capitalisation stored in the database table. Instead, it returns the (variable) spelling user by the user who just logged on. My proposal is to change JDBCRealm and DataSourceRealm in a way that the Realm implementation reads the user name contained in the database along with the password (SELECT userName, credentials FROM users WHERE userName = ?) and store the retrieved user name in the Credentials object. I could provide patches for Tomcat 4.1 and 5.0, but like to know if this change has got any chance of being accepted. Regards, Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 26495] New: - JDBCRealm and DataSourceRealm with case insensitive user names
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26495. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26495 JDBCRealm and DataSourceRealm with case insensitive user names Summary: JDBCRealm and DataSourceRealm with case insensitive user names Product: Tomcat 5 Version: 5.0.18 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Both the JDBCRealm and the DataSourceRealm don't handle tables with case insensitive user names very well: Users can enter any capitalisation, but request.getRemoteUser() does not normalize the user name to the exact capitalisation stored in the database table. Instead, it returns the (variable) spelling user by the user who just logged on. My proposal is to change JDBCRealm and DataSourceRealm in a way that the Realm implementation reads the user name contained in the database along with the password (SELECT userName, credentials FROM users WHERE userName = ?) and store the retrieved user name in the Credentials object. I could provide patches for Tomcat 4.1 and 5.0, but like to know if this change has got any chance of being accepted. Regards, Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 26431] New: - JDBCRealm not working when mysql timeout is reached
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26431. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26431 JDBCRealm not working when mysql timeout is reached Summary: JDBCRealm not working when mysql timeout is reached Product: Tomcat 4 Version: 4.1.27 Platform: Other OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Database: mysql v. 3.2.3.54. jdbc driver: mysql-connector-java-3.0.9-stable-bin, com.mysql.jdbc.Driver my Realm: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost/db?autoReconnect=true connectionName=username connectionPassword=passwd userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / - - - - - Java gives following error: java.sql.SQLException: Communication link failure - - - - - I am using MySql DB and JDBCRealm for authenticate user. When db's timeout is reached, JDBCRealm refuses to authenticate next user. I have noticed that some tomcat users have had similar problems like i do. Any ideas how to fix this problem? yours, Inkwon Hwang - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 26431] - JDBCRealm not working when mysql timeout is reached
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26431. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26431 JDBCRealm not working when mysql timeout is reached [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2004-01-26 11:52 --- *** This bug has been marked as a duplicate of 11929 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/doc AJPv13.html JDBCRealm-howto.html Tomcat-on-NetWare-HowTo.html mod_jk-howto.html serverxml.html tomcat-security.html tomcat-ssl-howto.html tomcat-ug.html
billbarker2004/01/14 00:22:22 Modified:src/doc AJPv13.html JDBCRealm-howto.html Tomcat-on-NetWare-HowTo.html mod_jk-howto.html serverxml.html tomcat-security.html tomcat-ssl-howto.html tomcat-ug.html Log: Fix '' - gt;. Somebody clearly has way too much time on their hands to bother reporting something like this :) First part of bug #12307 Submitted By: Larry Shatzer [EMAIL PROTECTED] Revision ChangesPath 1.8 +4 -4 jakarta-tomcat/src/doc/AJPv13.html Index: AJPv13.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/AJPv13.html,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- AJPv13.html 29 Sep 2003 07:42:59 - 1.7 +++ AJPv13.html 14 Jan 2004 08:22:21 - 1.8 @@ -76,7 +76,7 @@ request informaton (e.g. HTTP headers, etc) is sent over the connection in a highly condensed form (e.g. common strings are encoded as integers). Details of that format are below in Request Packet Structure. If there is a -body to the request (content-length 0), that is sent in a separate +body to the request (content-length gt; 0), that is sent in a separate packet immediately after. P At this point, the servlet container is presumably ready to start @@ -164,7 +164,7 @@ TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0 BGCOLOR=#FF TR -TD COLSPAN=6BPacket Format (Server-Container)/B/TD +TD COLSPAN=6BPacket Format (Server-gt;Container)/B/TD /TR TR @@ -189,7 +189,7 @@ TABLE BORDER=1 CELLPADDING=2 CELLSPACING=0 BGCOLOR=#FF TR -TD COLSPAN=6BPacket Format (Container-Server)/B/TD +TD COLSPAN=6BPacket Format (Container-gt;Server)/B/TD /TR TR @@ -582,7 +582,7 @@ H2Questions I Have/H2 -P What happens if the request headers max packet size? There is no +P What happens if the request headers gt; max packet size? There is no provision to send a second packet of request headers in case there are more than 8K (I think this is correctly handled for response headers, though I'm not certain). I don't know if there is a way to get more than 8K worth of 1.6 +7 -7 jakarta-tomcat/src/doc/JDBCRealm-howto.html Index: JDBCRealm-howto.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/JDBCRealm-howto.html,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JDBCRealm-howto.html 7 Nov 2001 14:40:00 - 1.5 +++ JDBCRealm-howto.html 14 Jan 2004 08:22:21 - 1.6 @@ -81,7 +81,7 @@ tr td pre -mysql select * from users; +mysqlgt; select * from users; +---+---+ | user_name | user_pass | +---+---+ @@ -92,8 +92,8 @@ +---+---+ 4 rows in set (0.00 sec) -mysql -mysql select * from roles; +mysqlgt; +mysqlgt; select * from roles; ++ | role_name | ++ @@ -102,10 +102,10 @@ ++ 2 rows in set (0.02 sec) -mysql +mysqlgt; -mysql select * from user_roles; +mysqlgt; select * from user_roles; ++---+ | role_name | user_name | ++---+ @@ -116,7 +116,7 @@ ++---+ 4 rows in set (0.00 sec) -mysql +mysqlgt; /pre /td /tr 1.6 +10 -10jakarta-tomcat/src/doc/Tomcat-on-NetWare-HowTo.html Index: Tomcat-on-NetWare-HowTo.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/Tomcat-on-NetWare-HowTo.html,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- Tomcat-on-NetWare-HowTo.html 7 Nov 2002 13:23:32 - 1.5 +++ Tomcat-on-NetWare-HowTo.html 14 Jan 2004 08:22:21 - 1.6 @@ -98,22 +98,22 @@ h2 a NAME=Document Conventions and Assumptions/aDocument Conventions and Assumptions/h2 -lt;tomcat_home is the root directory of Tomcat. By default this is at +lt;tomcat_homegt; is the root directory of Tomcat. By default this is at the root of the SYS: volume (SYS:\jakarta-tomcat-3.3 by default for Tomcat 3.3) but it can be placed anywhere, on any volume. Your installation should have the following sub-directories: ol li -lt;tomcat_home\conf - Where you can place various configuration files/li +lt;tomcat_homegt;\conf - Where you can place various configuration files/li li -lt;tomcat_home\webapps - Contains example applications and is the default +lt;tomcat_homegt;\webapps - Contains example applications and is the default place for adding your applications/li li -lt;tomcat_home\bin - Where you place web server
DO NOT REPLY [Bug 7080] - Interbase JDBCRealm - Bug # 5564 - Have a safe fix.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7080. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7080 Interbase JDBCRealm - Bug # 5564 - Have a safe fix. [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-12-11 22:31 --- This has been fixed in CVS and will be included in the next release. Thanks for the patch. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 25148] New: - JDBCRealm should get the user name from database after login and not use the string given by the user
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25148. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25148 JDBCRealm should get the user name from database after login and not use the string given by the user Summary: JDBCRealm should get the user name from database after login and not use the string given by the user Product: Tomcat 4 Version: 4.1.29 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The user_name column of my users table is case insensitive, so users do not need to remember the case of their name (Am I User or user?). The downside: request.getRemoteUser() always reflects the spelling used to log in, not the spelling contained in the database. In order to get the correct spelling, I have to SELECT user_name FROM users WHERE user_name = ? each time I want to process the user name. My suggestion is to also fetch the user name with the SELECT needed to get the password when logging in. This shouldn't be of much impact, because the SELECT statement is needed anyway, there is just one more column to transfer. JDBCRealm should pass the name stored in the database when queried for the name to return with request.getRemoteUser(). Regards, Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 8091] - JDBCRealm makes Tomcat unusable if the database is unavailable when Tomcat starts
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8091. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8091 JDBCRealm makes Tomcat unusable if the database is unavailable when Tomcat starts [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WONTFIX | --- Additional Comments From [EMAIL PROTECTED] 2003-08-26 00:08 --- Reopened since my reasoning didn't make sense and the patch seems easy enough - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17908] - JDBCRealm getPassword() unimplemented
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17908. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17908 JDBCRealm getPassword() unimplemented [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-25 23:37 --- *** This bug has been marked as a duplicate of 19767 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 19767] - Digest authentication doesn't work with JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19767. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19767 Digest authentication doesn't work with JDBCRealm [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] ||o.in --- Additional Comments From [EMAIL PROTECTED] 2003-08-25 23:37 --- *** Bug 17908 has been marked as a duplicate of this bug. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-25 23:52 --- *** This bug has been marked as a duplicate of 11929 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21190] - JDBCRealm is trying to use closed connections without checking
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21190. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21190 JDBCRealm is trying to use closed connections without checking [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-26 01:07 --- *** This bug has been marked as a duplicate of 11929 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 10361] - JDBCRealm requires restart if JDBC connection fails.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10361. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10361 JDBCRealm requires restart if JDBC connection fails. [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-26 01:14 --- Fixed for tomcat5 - please confirm with HEAD of tomcat 5 (or when 5.0.10 is available). Upon confirmation - will backport to tomcat 4.1 Will not port to tomcat 4.0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 10623] - JDBCRealm lacks one DB commit, preventing sucessfull authentication under certain circunstances
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10623. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10623 JDBCRealm lacks one DB commit, preventing sucessfull authentication under certain circunstances [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-26 01:14 --- Fixed for tomcat5 - please confirm with HEAD of tomcat 5 (or when 5.0.10 is available). Upon confirmation - will backport to tomcat 4.1 Will not port to tomcat 4.0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 8091] - JDBCRealm makes Tomcat unusable if the database is unavailable when Tomcat starts
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8091. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8091 JDBCRealm makes Tomcat unusable if the database is unavailable when Tomcat starts [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-26 01:16 --- Fixed for tomcat5 - please confirm with HEAD of tomcat 5 (or when 5.0.10 is available). Upon confirmation - will backport to tomcat 4.1 Will not port to tomcat 4.0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 8091] - JDBCRealm makes Tomcat unusable if the database is unavailable when Tomcat starts
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8091. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8091 JDBCRealm makes Tomcat unusable if the database is unavailable when Tomcat starts [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2003-08-25 23:51 --- For the interest of security - I am marking as WONTFIX since the unavailability of the Realm could expose a security issue and the safe thing is to not start. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 16144] - NullPointerException in JDBCRealm when password is null
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16144. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16144 NullPointerException in JDBCRealm when password is null [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-07 01:12 --- *** This bug has been marked as a duplicate of 7116 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 15164] - NullPointerException when JDBCRealm not configured properly
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15164. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15164 NullPointerException when JDBCRealm not configured properly [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-07 01:12 --- *** This bug has been marked as a duplicate of 7116 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 19227] - NullPointerException using MS SQL Server driver with JDBCRealm
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19227. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19227 NullPointerException using MS SQL Server driver with JDBCRealm [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-08 17:20 --- This really looks like a dup. *** This bug has been marked as a duplicate of 7116 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 16144] - NullPointerException in JDBCRealm when password is null
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16144. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16144 NullPointerException in JDBCRealm when password is null --- Additional Comments From [EMAIL PROTECTED] 2003-07-18 10:52 --- Created an attachment (id=7369) Fixes NullPointerException in JDBCRealm. NULL password in DB should not be an error. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21472] - JDBCRealm: Auth ok but Not Authorized
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21472. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21472 JDBCRealm: Auth ok but Not Authorized --- Additional Comments From [EMAIL PROTECTED] 2003-07-11 07:40 --- thank you and sorry :-( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21472] New: - JDBCRealm: Auth ok but Not Authorized
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21472. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21472 JDBCRealm: Auth ok but Not Authorized Summary: JDBCRealm: Auth ok but Not Authorized Product: Tomcat 3 Version: 3.3.1 Final Platform: PC OS/Version: Linux Status: NEW Severity: Blocker Priority: Other Component: Config AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Hello, I want to use a JDBCRealm with the admin webapp : in the debug of JDBCRealm it says 'JDBCRealm: Auth ok, user=toto' but the window Authentication required doesn't want to let me enter ... (so I push cancel and I have the message Not Authorized. So this functionnality really works or it is a configuration problem ? My apps-admin.xml : ?xml version=1.0 encoding=ISO-8859-1? webapps Context path=/admin docBase=webapps/admin reloadable=true trusted=true JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/User connectionName=adminTomcat connectionPassword=adminTomcat userTable=user userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name digest=No / /Context /webapps My mysql User base : mysql select * from user; +---+---+ | user_name | user_pass | +---+---+ | toto | passtoto | | titi | passtiti | | tutu | passtutu | +---+---+ 3 rows in set (0.01 sec) mysql select * from role; +--+ | role_name| +--+ | role1| | tomcat | | tomcat_admin | +--+ 3 rows in set (0.00 sec) mysql select * from user_roles; +--+---+ | user_name| role_name | +--+---+ | role1| tutu | | tomcat | tutu | | tomcat_admin | titi | | tomcat_admin | toto | +--+---+ 4 rows in set (0.00 sec) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21472] - JDBCRealm: Auth ok but Not Authorized
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21472. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21472 JDBCRealm: Auth ok but Not Authorized [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-07-11 04:36 --- From what you have posted, you have the user_name and role_name columns swapped. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm and JNDIRealm with CLIENT-CERT patch, please take care
There is an issue with using client certificate authorization with JNDIRealm and JDBCRealm. Problem and solution pathces are available on bugzilla: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831 I would like to contact any Tomcat developer who could take look on these pathches and would put them to CVS. If there are any questions I could explain. --- Marek Mosiewicz http://www.jotel.com.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection --- Additional Comments From [EMAIL PROTECTED] 2003-07-02 00:54 --- In the config for the JDBCRealm you can configure mysql to automatically reconnect by adding the autoReconnect arg to the connect string, here is an example. connectionURL=jdbc:mysql://localhost/realm?autoReconnect=true - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21190] New: - JDBCRealm is trying to use closed connections without checking
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21190. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21190 JDBCRealm is trying to use closed connections without checking Summary: JDBCRealm is trying to use closed connections without checking Product: Tomcat 4 Version: 4.0.6 Final Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] org.apache.catalina.realm.JDBCRealm: 1) Trying to use JDBC connection after it has been closed because of timeout 2) Trying to execute prepared statements (preparedCredentials and preparedRoles in code) on closed connection if the connection has been closed because of timeout In current version if connection to mysql server is closed because of inactivity timeout then next user attempt to login will fail regardless of username and password he has entered. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection [EMAIL PROTECTED] changed: What|Removed |Added Keywords|PatchAvailable | --- Additional Comments From [EMAIL PROTECTED] 2003-06-30 22:49 --- Mmm, I can confirm that my patch doesn't work. But the problem is still in there. I hope somebody can look into this for 4.1.25, because things like /manager hidden behind doesn't JDBCRealm, doesn't work anymore if the database closes the connection after 1 night. Or can somebody check this for 5.0.x? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21207] New: - JDBCRealm not thread safe
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21207. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21207 JDBCRealm not thread safe Summary: JDBCRealm not thread safe Product: Tomcat 4 Version: 4.1.24 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina:Modules AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Shouldn't there be synchronized blocks in JDBCRealm, because we use global PreparedStatements? This (pseudo-)code, will give two resultsets about id2. thread1.statement.setString(1, id1); thread2.statement.setString(1, id2); ResultSet rs = thread1.statement.execute(); ResultSet rs = thread2.statement.execute(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21207] - JDBCRealm not thread safe
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21207. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21207 JDBCRealm not thread safe [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-06-30 23:58 --- All calls go through authenticate(Connection dbConnection, String username, String credentials) which is a synchronized method. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21207] - JDBCRealm not thread safe
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21207. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21207 JDBCRealm not thread safe --- Additional Comments From [EMAIL PROTECTED] 2003-07-01 01:32 --- Oops. I looked over that synchronized statement. Sorry. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21115] New: - JDBCRealm does not work with HTTPS client certificate authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115
JDBCRealm does not work with HTTPS client certificate authentication
Summary: JDBCRealm does not work with HTTPS client certificate
authentication
Product: Tomcat 4
Version: 4.1.24
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Description:
In org.apache.catalina.realm.JDBCRealm, the method protected Principal
getPrincipal(String username), implementing an abstract method inherited from
org.apache.catalina.realm.RealmBase is not properly implemented : it simply
returns null. The consequence is that if any client with a valid HTTPS
certificate tries to connect to a webapp with CLIENT-CERT authorization login,
he will not be identified by the system and get a HTTP402 error (something
telling that his credentials are not sufficient...).
A Solution:
In order to make it work, I simply implemented that method as follows:
protected Principal getPrincipal(String username) {
Principal result = authenticate(username, tomcat);
return result;
}
In the DB, for each client you have to put the full DN of the client
certificate into the 'login' column, and 'tomcat' as password.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 21115] New: - JDBCRealm does not work with HTTPS client certificate authentication
Hello,
You are receiving this message in follow-up to a report
received by the EarthLink Abuse Department. You may have
submitted this report to a number of addresses including but
not limited to [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
or [EMAIL PROTECTED]
Most reports of network abuse sent to this department fall
into a few recognizable categories (spam, cracking, viruses,
etc.). To increase efficiency, our filters scan incoming
reports and attempt to determine the general type of issue
being reported.
We were not able to process your report because it does not
appear to include the information needed for EarthLink Abuse
to begin it's investigation. Evidence to Abuse should always
include the IP address of the offending party and a valid
timestamp, which includes time, date and timezone.
To learn how to report spam so action is taken:
http://spam.abuse.net/userhelp/howtocomplain.shtml
To learn how to locate and interpret e-mail headers in your
e-mail client:
http://support.earthlink.net/support/TUTORIALS/email/mbx_interpret_headers.jsp
Other useful lookup tools:
http://samspade.org/
Once you have included the pertinent information needed,
please resubmit your report, and include this autoresponse.
Your report will then be reprocessed by our filters.
However, you should expect to receive another auto-response
after your resubmission is re-examined, but due to the large
number of reports we receive, please understand that you may
not receive a personal response.
Our policies can be found at the following page:
http://earthlink.net/about/policies/
Thanks,
The EarthLink Abuse Staff
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115
JDBCRealm does not work with HTTPS client certificate authentication
Summary: JDBCRealm does not work with HTTPS client certificate
authentication
Product: Tomcat 4
Version: 4.1.24
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Description:
In org.apache.catalina.realm.JDBCRealm, the method protected Principal
getPrincipal(String username), implementing an abstract method inherited from
org.apache.catalina.realm.RealmBase is not properly implemented : it simply
returns null. The consequence is that if any client with a valid HTTPS
certificate tries to connect to a webapp with CLIENT-CERT authorization login,
he will not be identified by the system and get a HTTP402 error (something
telling that his credentials are not sufficient...).
A Solution:
In order to make it work, I simply implemented that method as follows:
protected Principal getPrincipal(String username) {
Principal result = authenticate(username, tomcat);
return result;
}
In the DB, for each client you have to put the full DN of the client
certificate into the 'login' column, and 'tomcat' as password.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21115] - JDBCRealm does not work with HTTPS client certificate authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115 JDBCRealm does not work with HTTPS client certificate authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-06-26 19:11 --- *** This bug has been marked as a duplicate of 7813 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 21115] - JDBCRealm does not work with HTTPS client certificate authentication
Hello, You are receiving this message in follow-up to a report received by the EarthLink Abuse Department. You may have submitted this report to a number of addresses including but not limited to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], or [EMAIL PROTECTED] Most reports of network abuse sent to this department fall into a few recognizable categories (spam, cracking, viruses, etc.). To increase efficiency, our filters scan incoming reports and attempt to determine the general type of issue being reported. We were not able to process your report because it does not appear to include the information needed for EarthLink Abuse to begin it's investigation. Evidence to Abuse should always include the IP address of the offending party and a valid timestamp, which includes time, date and timezone. To learn how to report spam so action is taken: http://spam.abuse.net/userhelp/howtocomplain.shtml To learn how to locate and interpret e-mail headers in your e-mail client: http://support.earthlink.net/support/TUTORIALS/email/mbx_interpret_headers.jsp Other useful lookup tools: http://samspade.org/ Once you have included the pertinent information needed, please resubmit your report, and include this autoresponse. Your report will then be reprocessed by our filters. However, you should expect to receive another auto-response after your resubmission is re-examined, but due to the large number of reports we receive, please understand that you may not receive a personal response. Our policies can be found at the following page: http://earthlink.net/about/policies/ Thanks, The EarthLink Abuse Staff DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115 JDBCRealm does not work with HTTPS client certificate authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-06-26 19:11 --- *** This bug has been marked as a duplicate of 7813 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21115] - JDBCRealm does not work with HTTPS client certificate authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115 JDBCRealm does not work with HTTPS client certificate authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|DUPLICATE | --- Additional Comments From [EMAIL PROTECTED] 2003-06-26 19:12 --- Reopening to put the right bug# in - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 21115] - JDBCRealm does not work with HTTPS client certificate authentication
Hello, You are receiving this message in follow-up to a report received by the EarthLink Abuse Department. You may have submitted this report to a number of addresses including but not limited to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], or [EMAIL PROTECTED] Most reports of network abuse sent to this department fall into a few recognizable categories (spam, cracking, viruses, etc.). To increase efficiency, our filters scan incoming reports and attempt to determine the general type of issue being reported. We were not able to process your report because it does not appear to include the information needed for EarthLink Abuse to begin it's investigation. Evidence to Abuse should always include the IP address of the offending party and a valid timestamp, which includes time, date and timezone. To learn how to report spam so action is taken: http://spam.abuse.net/userhelp/howtocomplain.shtml To learn how to locate and interpret e-mail headers in your e-mail client: http://support.earthlink.net/support/TUTORIALS/email/mbx_interpret_headers.jsp Other useful lookup tools: http://samspade.org/ Once you have included the pertinent information needed, please resubmit your report, and include this autoresponse. Your report will then be reprocessed by our filters. However, you should expect to receive another auto-response after your resubmission is re-examined, but due to the large number of reports we receive, please understand that you may not receive a personal response. Our policies can be found at the following page: http://earthlink.net/about/policies/ Thanks, The EarthLink Abuse Staff DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115 JDBCRealm does not work with HTTPS client certificate authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|DUPLICATE | --- Additional Comments From [EMAIL PROTECTED] 2003-06-26 19:12 --- Reopening to put the right bug# in - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21115] - JDBCRealm does not work with HTTPS client certificate authentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115 JDBCRealm does not work with HTTPS client certificate authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-06-26 19:12 --- *** This bug has been marked as a duplicate of 7831 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 21115] - JDBCRealm does not work with HTTPS client certificate authentication
Hello, You are receiving this message in follow-up to a report received by the EarthLink Abuse Department. You may have submitted this report to a number of addresses including but not limited to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], or [EMAIL PROTECTED] Most reports of network abuse sent to this department fall into a few recognizable categories (spam, cracking, viruses, etc.). To increase efficiency, our filters scan incoming reports and attempt to determine the general type of issue being reported. We were not able to process your report because it does not appear to include the information needed for EarthLink Abuse to begin it's investigation. Evidence to Abuse should always include the IP address of the offending party and a valid timestamp, which includes time, date and timezone. To learn how to report spam so action is taken: http://spam.abuse.net/userhelp/howtocomplain.shtml To learn how to locate and interpret e-mail headers in your e-mail client: http://support.earthlink.net/support/TUTORIALS/email/mbx_interpret_headers.jsp Other useful lookup tools: http://samspade.org/ Once you have included the pertinent information needed, please resubmit your report, and include this autoresponse. Your report will then be reprocessed by our filters. However, you should expect to receive another auto-response after your resubmission is re-examined, but due to the large number of reports we receive, please understand that you may not receive a personal response. Our policies can be found at the following page: http://earthlink.net/about/policies/ Thanks, The EarthLink Abuse Staff DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21115 JDBCRealm does not work with HTTPS client certificate authentication [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-06-26 19:12 --- *** This bug has been marked as a duplicate of 7831 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection --- Additional Comments From [EMAIL PROTECTED] 2003-06-24 23:14 --- I have tested my patch for a couple of days now and it works very well. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] New: - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection Summary: JDBCRealm looses database connection Product: Tomcat 4 Version: 4.1.24 Platform: All OS/Version: All Status: NEW Severity: Critical Priority: Other Component: Catalina:Modules AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] If JDBCRealm runs for a while it looses its connection. I found a little bug and made a patch. I will attach it here. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection --- Additional Comments From [EMAIL PROTECTED] 2003-06-18 10:10 --- Created an attachment (id=6868) Add isClosed() check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20860] - JDBCRealm looses database connection
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20860 JDBCRealm looses database connection [EMAIL PROTECTED] changed: What|Removed |Added Keywords||PatchAvailable - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi.
You need to add to the web.xml file the following lines:
login-config
auth-methodCLIENT-CERT/auth-method
/login-config
When you try to connect to the protected resource, the navigator will
request a client certificate.
Regards.
--
Hi,
i tried the following:
+ Add the mehtod authenticate(...) to the File JDBCRealm.java
+ build a Tomcat distribution
+ replace the catalina.jar with the new version (on an other machine)
+ add role-namefull DN/role-name to the web.xml
+ insert into table users ('DN','DN')
+ insert into table user_roles ('DN','DN')
Then i try to connect with a browser to the protected ressource and the
browser requests login and password.
Any suggestions?
thanks
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi,
i use already the client-cert method and a suitable security-role.
May i made a mistake during build?
How can be ensured that tomcat make use of the new authenticate method?
thanks
Patrick
jazorin wrote:
Hi.
You need to add to the web.xml file the following lines:
login-config
auth-methodCLIENT-CERT/auth-method
/login-config
When you try to connect to the protected resource, the navigator will
request a client certificate.
Regards.
--
Hi,
i tried the following:
+ Add the mehtod authenticate(...) to the File JDBCRealm.java
+ build a Tomcat distribution
+ replace the catalina.jar with the new version (on an other machine)
+ add role-namefull DN/role-name to the web.xml
+ insert into table users ('DN','DN')
+ insert into table user_roles ('DN','DN')
Then i try to connect with a browser to the protected ressource and the
browser requests login and password.
Any suggestions?
thanks
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi,
i tried the following:
+ Add the mehtod authenticate(...) to the File JDBCRealm.java
+ build a Tomcat distribution
+ replace the catalina.jar with the new version (on an other machine)
+ add role-namefull DN/role-name to the web.xml
+ insert into table users ('DN','DN')
+ insert into table user_roles ('DN','DN')
Then i try to connect with a browser to the protected ressource and the
browser requests login and password.
Any suggestions?
thanks
Patrick
jazorin wrote:
Hi.
You can to implement a JDBCRealm with client certificates modifying the
org.apache.catalina.realm.JDBCRealm class. You need add the public
Principal authenticate(X509Certificate[] cert) method. Inside, you have
to include the following lines:
import java.security.cert.X509Certificate;
Connection dbConnection = null;
try {
// Obtain DN from client certificate.
String dn = cert[0].getSubjectDN().getName();
// Ensure that we have an open database connection
dbConnection = open();
// Acquire a Principal object for this user
Principal principal = authenticate(dbConnection,
dn, dn);
// Release the database connection we just used
release(dbConnection);
// Return the Principal (if any)
return (principal);
} catch (SQLException e) {
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
// Return not authenticated for this request
return (null);
}
In authenticate(dbConnection,dn,dn); - first dn = name of user (login)
and second dn = credentials. These credentials can to be the OU of the
certificate, etc.
With the previous example you have to put in role-name of web.xml the
full DN, and you need to create a user in BD with username = DN full
and credentials = DN full.
Luck!!
-
At 16:44 13/03/2003 +0100, you wrote:
Hello,
is it correct that only Memory- and JNDIRealm can perform the mapping
between the DN included in a certificate and a users role?
Because of the lack of dynamic changes in MemoryRealm, i want to replace
it with a JDBCRealm. Is there any information available how to implement
a JDBCRealm that authenticates users by CLIENT-CERT.
thanks in advance
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm CLIENT-CERT Authentication
Hello, is it correct that only Memory- and JNDIRealm can perform the mapping between the DN included in a certificate and a users role? Because of the lack of dynamic changes in MemoryRealm, i want to replace it with a JDBCRealm. Is there any information available how to implement a JDBCRealm that authenticates users by CLIENT-CERT. thanks in advance Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm CLIENT-CERT Authentication
Hi.
You can to implement a JDBCRealm with client certificates modifying the
org.apache.catalina.realm.JDBCRealm class. You need add the public
Principal authenticate(X509Certificate[] cert) method. Inside, you have
to include the following lines:
import java.security.cert.X509Certificate;
Connection dbConnection = null;
try {
// Obtain DN from client certificate.
String dn = cert[0].getSubjectDN().getName();
// Ensure that we have an open database connection
dbConnection = open();
// Acquire a Principal object for this user
Principal principal = authenticate(dbConnection,
dn, dn);
// Release the database connection we just used
release(dbConnection);
// Return the Principal (if any)
return (principal);
} catch (SQLException e) {
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
// Return not authenticated for this request
return (null);
}
In authenticate(dbConnection,dn,dn); - first dn = name of user (login)
and second dn = credentials. These credentials can to be the OU of the
certificate, etc.
With the previous example you have to put in role-name of web.xml the
full DN, and you need to create a user in BD with username = DN full
and credentials = DN full.
Luck!!
-
At 16:44 13/03/2003 +0100, you wrote:
Hello,
is it correct that only Memory- and JNDIRealm can perform the mapping
between the DN included in a certificate and a users role?
Because of the lack of dynamic changes in MemoryRealm, i want to replace
it with a JDBCRealm. Is there any information available how to implement
a JDBCRealm that authenticates users by CLIENT-CERT.
thanks in advance
Patrick
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17908] New: - JDBCRealm getPassword() unimplemented
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17908. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17908 JDBCRealm getPassword() unimplemented Summary: JDBCRealm getPassword() unimplemented Product: Tomcat 4 Version: 4.1.18 Platform: Other OS/Version: Windows NT/2K Status: NEW Severity: Major Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] I was unable to authenticate using digest authentication scheme. I have unencrypted passwords stored in database. I browsed through the code and found that getPassword()(and getPrincipal) method in JDBCRealm returns null (harcoded). Following is the configuration I am using server.xml: -- Realm className=org.apache.catalina.realm.JDBCRealm debug=99 digest=MD5 driverName=oracle.jdbc.driver.OracleDriver connectionURL=jdbc:oracle:thin:@lohgad:1521:dsoft connectionName=uddhav connectionPassword=uddhav userTable=tab_users userNameCol=user_name userCredCol=user_pass userRoleTable=tab_user_roles roleNameCol=role_name / web.xml: - login-config auth-methodDIGEST/auth-method realm-nameOnJava Application/realm-name /login-config I modified my local copy of JDBCRealm to include implementations of getPassword () and getPrincipal(). These return the correct values now. Was this left unimplemented with a purpose? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns null)
Hi, I am unable to authenticate using digest authentication. I browsed through the code and found that getPassword() method in JDBCRealm returns null (harcoded). I am using the following configuration. Am I missing something somewhere? server.xml: -- Realm className=org.apache.catalina.realm.JDBCRealm debug=99 digest=MD5 driverName=oracle.jdbc.driver.OracleDriver connectionURL=jdbc:oracle:thin:@lohgad:1521:dsoft connectionName=uddhav connectionPassword=uddhav userTable=tab_users userNameCol=user_name userCredCol=user_pass userRoleTable=tab_user_roles roleNameCol=role_name / web.xml: - login-config auth-methodDIGEST/auth-method realm-nameOnJava Application/realm-name /login-config - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns null)
Hi,
I have implemeted the methods getPassword() and getPrincipal() in
JDBCRealm. Digest authentication works for me with these changes. One thing
that still doest work is if I have stored the password in encrypted form in
the database. I have doubts if this will always work in the scenario where
the password has been persisted using say SHA and the web authentication
utilises MD5. Will the responseDigest send by client and the one generated
at the server match?
Following are the chages I have made. I am new to this forum, can somebody
guide me on how these changes can be committed if approved. Thanks.
/**
* Return the password associated with the given principal's user name.
*/
protected String getPassword(String username) {
Connection dbConnection = null;
String dbCredentials = null;
try {
// Ensure that we have an open database connection
dbConnection = open();
// Look up the user's credentials
PreparedStatement stmt = credentials(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
dbCredentials = rs.getString(1).trim();
}
rs.close();
if (dbCredentials == null) {
return (null);
}
// Release the database connection we just used
release(dbConnection);
} catch (SQLException e) {
e.printStackTrace();
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
}
return (dbCredentials);
// return (null); // earlier code
}
/**
* Return the Principal associated with the given user name.
*/
protected Principal getPrincipal(String username) {
Connection dbConnection = null;
GenericPrincipal principal = null;
try {
String credentials = getPassword(username);
// Ensure that we have an open database connection
dbConnection = open();
// Accumulate the user's roles
ArrayList list = new ArrayList();
PreparedStatement stmt = roles(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
list.add(rs.getString(1).trim());
}
rs.close();
dbConnection.commit();
// Create and return a suitable Principal for this user
principal = (new GenericPrincipal(this, username, credentials,
list));
// Release the database connection we just used
release(dbConnection);
} catch (SQLException e) {
e.printStackTrace();
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
}
return (principal);
// return (null); // earlier code
}
- Original Message -
From: Uddhav Shirname [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 7:07 PM
Subject: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns
null)
Hi,
I am unable to authenticate using digest authentication. I browsed
through the code and found that getPassword() method in JDBCRealm returns
null (harcoded). I am using the following configuration. Am I missing
something somewhere?
server.xml:
--
Realm
className=org.apache.catalina.realm.JDBCRealm
debug=99
digest=MD5
driverName=oracle.jdbc.driver.OracleDriver
connectionURL=jdbc:oracle:thin:@lohgad:1521:dsoft
connectionName=uddhav
connectionPassword=uddhav
userTable=tab_users
userNameCol=user_name
userCredCol=user_pass
userRoleTable=tab_user_roles
roleNameCol=role_name /
web.xml:
-
login-config
auth-methodDIGEST/auth-method
realm-nameOnJava Application/realm-name
/login-config
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns null)
Hi,
Does JDBCRealm realm work for DIGEST authentication scheme(I have
passwords stored in cleartext form. JDBCRealm works with BASIC
authenctication scheme though)? I find the corresponding coding partially
implemented. IF it works for for someone, could you please guide me on how
you made it possible.
Thanks,
Uddhav
- Original Message -
From: Uddhav Shirname [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 7:53 PM
Subject: Re: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns
null)
Hi,
I have implemeted the methods getPassword() and getPrincipal() in
JDBCRealm. Digest authentication works for me with these changes. One
thing
that still doest work is if I have stored the password in encrypted form
in
the database. I have doubts if this will always work in the scenario where
the password has been persisted using say SHA and the web authentication
utilises MD5. Will the responseDigest send by client and the one generated
at the server match?
Following are the chages I have made. I am new to this forum, can somebody
guide me on how these changes can be committed if approved. Thanks.
/**
* Return the password associated with the given principal's user
name.
*/
protected String getPassword(String username) {
Connection dbConnection = null;
String dbCredentials = null;
try {
// Ensure that we have an open database connection
dbConnection = open();
// Look up the user's credentials
PreparedStatement stmt = credentials(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
dbCredentials = rs.getString(1).trim();
}
rs.close();
if (dbCredentials == null) {
return (null);
}
// Release the database connection we just used
release(dbConnection);
} catch (SQLException e) {
e.printStackTrace();
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
}
return (dbCredentials);
// return (null); // earlier code
}
/**
* Return the Principal associated with the given user name.
*/
protected Principal getPrincipal(String username) {
Connection dbConnection = null;
GenericPrincipal principal = null;
try {
String credentials = getPassword(username);
// Ensure that we have an open database connection
dbConnection = open();
// Accumulate the user's roles
ArrayList list = new ArrayList();
PreparedStatement stmt = roles(dbConnection, username);
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
list.add(rs.getString(1).trim());
}
rs.close();
dbConnection.commit();
// Create and return a suitable Principal for this user
principal = (new GenericPrincipal(this, username, credentials,
list));
// Release the database connection we just used
release(dbConnection);
} catch (SQLException e) {
e.printStackTrace();
// Log the problem for posterity
log(sm.getString(jdbcRealm.exception), e);
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
}
return (principal);
// return (null); // earlier code
}
- Original Message -
From: Uddhav Shirname [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 7:07 PM
Subject: JDBCRealm getPassword() unimplemented in Tomcat 4.1.18 (returns
null)
Hi,
I am unable to authenticate using digest authentication. I browsed
through the code and found that getPassword() method in JDBCRealm
returns
null (harcoded). I am using the following configuration. Am I missing
something somewhere?
server.xml:
--
Realm
className=org.apache.catalina.realm.JDBCRealm
debug=99
digest=MD5
driverName=oracle.jdbc.driver.OracleDriver
connectionURL=jdbc:oracle:thin:@lohgad:1521:dsoft
connectionName=uddhav
connectionPassword=uddhav
userTable=tab_users
userNameCol=user_name
userCredCol=user_pass
userRoleTable=tab_user_roles
roleNameCol=role_name /
web.xml:
-
login-config
auth-methodDIGEST/auth-method
realm-nameOnJava Application/realm-name
/login-config
DO NOT REPLY [Bug 17504] - JDBCRealm start() opens but does not close connection.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504 JDBCRealm start() opens but does not close connection. [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-03-01 13:54 --- Starting at about version 4.1.18 of Tomcat there is a Realm which can use db connection pooling. The DataSourceRealm can use a JNDI named JDBC DataSource such as a DBCP. Since the DataSourceRealm meets your needs for db connection pooling of a Realm I am marking this as invalid. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17504] - JDBCRealm start() opens but does not close connection.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504 JDBCRealm start() opens but does not close connection. [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-02-28 14:33 --- JDBCRealm synchronizes use of one db connection for all realm authentications. There is no need to close the connection since it is reused. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17504] - JDBCRealm start() opens but does not close connection.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504 JDBCRealm start() opens but does not close connection. [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID | --- Additional Comments From [EMAIL PROTECTED] 2003-02-28 23:04 --- Yes, I understand why it is not a problem in the default implementation, but it is a problem if you are extending this class, in my case, to use a connection pool. To prevent the connection from never being closed or returned to the pool, I have to do some ugly workarounds in the extended class. It seems to me like just closing the connection opened by start() would be an extremely simple change and would have little risk of destabilizing anything. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17504] - JDBCRealm start() opens but does not close connection.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504
JDBCRealm start() opens but does not close connection.
--- Additional Comments From [EMAIL PROTECTED] 2003-03-01 00:47 ---
Ooops. I meant to say call JDBCRealm.release(con) not close. In the standard
JDBCRealm implementation this will not do anything and is harmless, but for
sub-classes this allows us to return the connection to a pool.
So the change is just:
try {
release(open());
} catch (SQLException e) {
throw new LifecycleException(sm.getString(jdbcRealm.open), e);
}
I would be happy to do this change, but it is so trivial that it just seems
easier for a committer to do it.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17504] New: - JDBCRealm start() opens but does not close connection.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17504
JDBCRealm start() opens but does not close connection.
Summary: JDBCRealm start() opens but does not close connection.
Product: Tomcat 4
Version: 4.1.18
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
The start method in JDBCRealm.java opens a connection to make sure that
everyting is ok, but it never closes that connection. This method should call
close(connection).
This is the offending code:
public void start() throws LifecycleException {
// Validate that we can open our connection
try {
open();
} catch (SQLException e) {
throw new LifecycleException(sm.getString(jdbcRealm.open), e);
}
// Perform normal superclass initialization
super.start();
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 16144] New: - NullPointerException in JDBCRealm when password is null
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16144. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16144 NullPointerException in JDBCRealm when password is null Summary: NullPointerException in JDBCRealm when password is null Product: Tomcat 4 Version: 4.1.18 Platform: PC OS/Version: Linux Status: NEW Severity: Minor Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] My setup: Tomcat 4.1.18 running behind Apache 2.0.40.8 (RedHat 8.0). I use SSL on Apache and use CoyoteConnector and mod_jk to connect httpd and tomcat. I use basic authentication on tomcat. I use Oracle 9.2 for my authentication db. This setup works great, except I found one scenario where the JDBCRealm causes a null pointer exception during Basic Authentication: The user's password is password in the database. If the user leaves the password empty in the Basic Authentication Dialog (in IE or Netscape), nothing is returned and the following exception occurs: Ajp13Processor[8090][1] process: invoke java.lang.NullPointerException at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:447) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:394) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:458) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:551) at java.lang.Thread.run(Thread.java:536) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 15164] New: - NullPointerException when JDBCRealm not configured properly
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15164. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15164 NullPointerException when JDBCRealm not configured properly Summary: NullPointerException when JDBCRealm not configured properly Product: Tomcat 4 Version: 4.0.6 Final Platform: All OS/Version: Linux Status: NEW Severity: Minor Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] if you omit the userCredCol attribute from the Realm tag when using JDBCRealm (for example, if you specify it as userCredColumn instead) you end up getting a NullPointerException from JDBCRealm.authenticate (line 389). The misconfiguration does not directly trigger an error. The JDBCRealm issues this SQL query: SELECT null FROM user_table WHERE username_col = ? since this is a valid query, there is no SQLException thrown; but rs.getString (1) returns null instead of the user password column. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
