JDBC Authentication

2003-01-21 Thread Ed Robbins

Ok, bear with me.  This is my first attempt at configuring Tomcat for
any type of authentication.  I've configured a host with a JDBCRealm to
use a Sybase database for authentication.  I added a security
constraint, login-config and  a security role, however when I point my
browser to the URL, I don't see that little password box I'm so anxious
to see.  The relavant config snippets are below, anyone who can put me
on the path to enlightenment would be deemed a most knowledgeable and
esteemed person  in my eyes :-)


Ed



Context className=org.apache.catalina.core.StandardContext
cachingAllowed=true
charsetMapperClass=org.apache.catalina.util.CharsetMapper
cookies=true crossContext=true debug=2
docBase=/home/httpd/htdocs/erobbins/robbinsapps/IpnDownload
mapperClass=org.apache.catalina.core.StandardContextMapper
path=/IpnDownload privileged=false reloadable=true
swallowOutput=false useNaming=false
wrapperClass=org.apache.catalina.core.StandardWrapper

Realm className=org.apache.catalina.realm.JDBCRealm
connectionName=xxx connectionPassword=xxx
connectionURL=jdbc:sybase:Tds:xx:1234 debug=2
driverName=com.sybase.jdbc2.jdbc.SybDriver roleNameCol=role_name
userCredCol=user_pass userNameCol=user_name
userRoleTable=user_roles userTable=user_names validate=true/
  
  security-constraint
web-resource-collection
  web-resource-nameIpnDownload/web-resource-name
  descriptionDownload location for Ipn web
apps/description
  url-pattern/IpnDownload/*/url-pattern
  url-pattern*/url-pattern
/web-resource-collection
auth-constraint
descriptionThese are the roles who have
access/description
role-namedownload/role-name
/auth-constraint
  /security-constraint
  login-config
auth-methodBASIC/auth-method
  /login-config
  security-role
descriptionDownload role/description
role-namedownload/role-name
  /security-role
/Context






--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]




JDBC authentication

2003-01-21 Thread Ed Robbins
Ok, bear with me.  This is my first attempt at configuring Tomcat for
any type of authentication.  I've configured a host with a JDBCRealm to
use a Sybase database for authentication.  I added a security
constraint, login-config and  a security role, however when I point my
browser to the URL, I don't see that little password box I'm so anxious
to see.  The relavant config snippets are below, anyone who can put me
on the path to enlightenment would be deemed a most knowledgeable and
esteemed person  in my eyes :-)


Ed



Context className=org.apache.catalina.core.StandardContext
cachingAllowed=true
charsetMapperClass=org.apache.catalina.util.CharsetMapper
cookies=true crossContext=true debug=2
docBase=/home/httpd/htdocs/erobbins/robbinsapps/IpnDownload
mapperClass=org.apache.catalina.core.StandardContextMapper
path=/IpnDownload privileged=false reloadable=true
swallowOutput=false useNaming=false
wrapperClass=org.apache.catalina.core.StandardWrapper

Realm className=org.apache.catalina.realm.JDBCRealm
connectionName=xxx connectionPassword=xxx
connectionURL=jdbc:sybase:Tds:xx:1234 debug=2
driverName=com.sybase.jdbc2.jdbc.SybDriver roleNameCol=role_name
userCredCol=user_pass userNameCol=user_name
userRoleTable=user_roles userTable=user_names validate=true/
  
  security-constraint
web-resource-collection
  web-resource-nameIpnDownload/web-resource-name
  descriptionDownload location for Ipn web
apps/description
  url-pattern/IpnDownload/*/url-pattern
  url-pattern*/url-pattern
/web-resource-collection
auth-constraint
descriptionThese are the roles who have
access/description
role-namedownload/role-name
/auth-constraint
  /security-constraint
  login-config
auth-methodBASIC/auth-method
  /login-config
  security-role
descriptionDownload role/description
role-namedownload/role-name
  /security-role
/Context




--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]




Re: JDBC authentication

2003-01-21 Thread mwm
I had a look through your config stuff and it looked fairly similar to mine.
(Which is the only one I've configured - though it's form-based.  Oh, and
working.)
I did have a realm-name entry, in login-config I think, but that didn't
look like enough to cause a problem.

One thing has just occurred to me, though:  you seem to have everything in
server.xml?  I've got the realm defined there but my security-constraint /
login-config etc. are all in web.xml.  Might be worth a shot (in the absence
of any other replies)

Mike.


- Original Message -
From: Ed Robbins [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, January 21, 2003 4:25 PM
Subject: JDBC authentication


Ok, bear with me.  This is my first attempt at configuring Tomcat for
any type of authentication.  I've configured a host with a JDBCRealm to
use a Sybase database for authentication.  I added a security
constraint, login-config and  a security role, however when I point my
browser to the URL, I don't see that little password box I'm so anxious
to see.  The relavant config snippets are below, anyone who can put me
on the path to enlightenment would be deemed a most knowledgeable and
esteemed person  in my eyes :-)


Ed



Context className=org.apache.catalina.core.StandardContext
cachingAllowed=true
charsetMapperClass=org.apache.catalina.util.CharsetMapper
cookies=true crossContext=true debug=2
docBase=/home/httpd/htdocs/erobbins/robbinsapps/IpnDownload
mapperClass=org.apache.catalina.core.StandardContextMapper
path=/IpnDownload privileged=false reloadable=true
swallowOutput=false useNaming=false
wrapperClass=org.apache.catalina.core.StandardWrapper

Realm className=org.apache.catalina.realm.JDBCRealm
connectionName=xxx connectionPassword=xxx
connectionURL=jdbc:sybase:Tds:xx:1234 debug=2
driverName=com.sybase.jdbc2.jdbc.SybDriver roleNameCol=role_name
userCredCol=user_pass userNameCol=user_name
userRoleTable=user_roles userTable=user_names validate=true/

  security-constraint
web-resource-collection
  web-resource-nameIpnDownload/web-resource-name
  descriptionDownload location for Ipn web
apps/description
  url-pattern/IpnDownload/*/url-pattern
  url-pattern*/url-pattern
/web-resource-collection
auth-constraint
descriptionThese are the roles who have
access/description
role-namedownload/role-name
/auth-constraint
  /security-constraint
  login-config
auth-methodBASIC/auth-method
  /login-config
  security-role
descriptionDownload role/description
role-namedownload/role-name
  /security-role
/Context




--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]




--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]




Re: JDBC authentication

2003-01-21 Thread Ed Robbins
This was exactly my problem, I moved the security constraint out of the
server.xml file and put it into the web.xml for the web app and it
magically started working:-)  The only problem I have now is that I
can't do a blanket url-mapping like

url-mapping/*/url-mapping

or 

url-mapping/IpnDownload/*/url-mapping

These cause the XML parser to bomb and the web app fails to load, if I
specify url-mapping/*.jsp/url-mapping, all is good with the world. 
However I want to protect everything so I was looking for a shortcut,
which I see references to on the net.

Thanks for the response.  You have been deemed a most knowledgeable and
esteemed person, don't forget to add that to your resume! :-)

Ed

On Tue, 2003-01-21 at 20:00, mwm wrote:
 I had a look through your config stuff and it looked fairly similar to mine.
 (Which is the only one I've configured - though it's form-based.  Oh, and
 working.)
 I did have a realm-name entry, in login-config I think, but that didn't
 look like enough to cause a problem.
 
 One thing has just occurred to me, though:  you seem to have everything in
 server.xml?  I've got the realm defined there but my security-constraint /
 login-config etc. are all in web.xml.  Might be worth a shot (in the absence
 of any other replies)
 
 Mike.
 
 
 - Original Message -
 From: Ed Robbins [EMAIL PROTECTED]
 To: Tomcat Users List [EMAIL PROTECTED]
 Sent: Tuesday, January 21, 2003 4:25 PM
 Subject: JDBC authentication
 
 
 Ok, bear with me.  This is my first attempt at configuring Tomcat for
 any type of authentication.  I've configured a host with a JDBCRealm to
 use a Sybase database for authentication.  I added a security
 constraint, login-config and  a security role, however when I point my
 browser to the URL, I don't see that little password box I'm so anxious
 to see.  The relavant config snippets are below, anyone who can put me
 on the path to enlightenment would be deemed a most knowledgeable and
 esteemed person  in my eyes :-)
 
 
 Ed
 
 
 
 Context className=org.apache.catalina.core.StandardContext
 cachingAllowed=true
 charsetMapperClass=org.apache.catalina.util.CharsetMapper
 cookies=true crossContext=true debug=2
 docBase=/home/httpd/htdocs/erobbins/robbinsapps/IpnDownload
 mapperClass=org.apache.catalina.core.StandardContextMapper
 path=/IpnDownload privileged=false reloadable=true
 swallowOutput=false useNaming=false
 wrapperClass=org.apache.catalina.core.StandardWrapper
 
 Realm className=org.apache.catalina.realm.JDBCRealm
 connectionName=xxx connectionPassword=xxx
 connectionURL=jdbc:sybase:Tds:xx:1234 debug=2
 driverName=com.sybase.jdbc2.jdbc.SybDriver roleNameCol=role_name
 userCredCol=user_pass userNameCol=user_name
 userRoleTable=user_roles userTable=user_names validate=true/
 
   security-constraint
 web-resource-collection
   web-resource-nameIpnDownload/web-resource-name
   descriptionDownload location for Ipn web
 apps/description
   url-pattern/IpnDownload/*/url-pattern
   url-pattern*/url-pattern
 /web-resource-collection
 auth-constraint
 descriptionThese are the roles who have
 access/description
 role-namedownload/role-name
 /auth-constraint
   /security-constraint
   login-config
 auth-methodBASIC/auth-method
   /login-config
   security-role
 descriptionDownload role/description
 role-namedownload/role-name
   /security-role
 /Context
 
 
 
 
 --
 To unsubscribe, e-mail:
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
 mailto:[EMAIL PROTECTED]
 
 
 
 
 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]
-- 
Ed Robbins [EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]




Re: JDBC authentication

2003-01-21 Thread Craig R. McClanahan


On 21 Jan 2003, Ed Robbins wrote:

 Date: 21 Jan 2003 21:49:00 -0500
 From: Ed Robbins [EMAIL PROTECTED]
 Reply-To: Tomcat Users List [EMAIL PROTECTED]
 To: Tomcat Users List [EMAIL PROTECTED]
 Subject: Re: JDBC authentication

 This was exactly my problem, I moved the security constraint out of the
 server.xml file and put it into the web.xml for the web app and it
 magically started working:-)  The only problem I have now is that I
 can't do a blanket url-mapping like

 url-mapping/*/url-mapping

 or

 url-mapping/IpnDownload/*/url-mapping


What's a url-mapping?  The valid element in a web.xml file is
url-pattern, and either of the above would be valid.  But /*.jsp would
not be valid -- you have to use *.jsp instead.

Craig


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]




Re: JDBC authentication

2003-01-21 Thread Ed Robbins
Oops I'm mixing my elements, kinda like mixing my metaphors, I meant
url-pattern.  

Sure enough, I just put the /IpnDownload/* and /* back in and it works
this time.  I must have fat fingered it earlier today.

Thanks.

Ed

On Tue, 2003-01-21 at 22:20, Craig R. McClanahan wrote:
 On 21 Jan 2003, Ed Robbins wrote:
 
  Date: 21 Jan 2003 21:49:00 -0500
  From: Ed Robbins [EMAIL PROTECTED]
  Reply-To: Tomcat Users List [EMAIL PROTECTED]
  To: Tomcat Users List [EMAIL PROTECTED]
  Subject: Re: JDBC authentication
 
  This was exactly my problem, I moved the security constraint out of the
  server.xml file and put it into the web.xml for the web app and it
  magically started working:-)  The only problem I have now is that I
  can't do a blanket url-mapping like
 
  url-mapping/*/url-mapping
 
  or
 
  url-mapping/IpnDownload/*/url-mapping
 
 
 What's a url-mapping?  The valid element in a web.xml file is
 url-pattern, and either of the above would be valid.  But /*.jsp would
 not be valid -- you have to use *.jsp instead.
 
 Craig
 
 
 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]
-- 
Ed Robbins [EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]




Problem with REALM JNDI JDBC AUTHENTICATION

2002-11-09 Thread Massimiliano Fabi
I thank you for your support in advice;
I have a very big problem in my project:
My application on W2K , TOMCAT 4.1 ALPHA , JBUILDER 4 AND JNDI EXTENSION doesn't run 
when acces to resource JDBC to connect db to check authentication via REALM(i use 
j_security_check action form and i access to mysql db for authentication)
error is CANNOT CREATE RESOURCE

I THINK IT'S A CONFIGURATION PROBLEM 
CAN YOU HELP ME PLEASE.


thank you
i can give you other details if it's necessary. thanks again.



Re: JDBC authentication configuration

2002-01-14 Thread David Smith

This may or may not be the full problem, but one glaring error is in the 
connectionURL of your server.xml file.  It should read as follows.  Note the URL for 
making a 
connection to a MySQL database uses an  symbol before 'password' and in XML 
it has to be encoded.  Hope this helps you out.

Realm  className=org.apache.catalina.realm.JDBCRealm
debug=99 
driverName=org.gjt.mm.mysql.Driver
connectionURL=jdbc:mysql://localhost/rmta?user=myuseramp;password=mypasswor
d
userTable=tablename userNameCol=login
userCredCol=password
userRoleTable=rolestable roleNameCol=role /

--David

On Sunday 13 January 2002 08:12 pm, you wrote:
 Hello,

 I am relatively new to servlet/jsp programming, and struggling with JDBC
 authentication.  I have a tiny test application that works fine using form
 authentication against passwords and names in the tomcat-users.xml file.
 However, when I reconfigure the server.xml file for JDBC authentication
 (following the instructions on the Apache/Tomcat site) the server hangs
 during startup.

 My little app is in a folder called /rmta-test.

 Specifically, in the log, the hang comes early on in the startup process,
 right after a line saying:

 Standard Manager [:/rmta-test]: Seeding of random number generator has
 completed.

 Below I have quoted the relavant lines from the server.xml file, and the
 web.xml file for this application.  I don't think this has anything to do
 with the database, as Tomcat seems to hang on startup well before any
 interaction with the database.  However, the database tables are setup
 correctly per the docs, and I can query it manually.  I have also used a
 small stand-alone java program to create a table using the JDBC driver, so
 I know that the driver is installed correctly (in the tomcat library).

 If I simply remove the Realm statement, then Tomcat starts up normally.

 I'm pretty sure I've got something wrong in the configuration, of
 server.xml or web.xml, but i can't figure out what it is.  I would be
 grateful for anyone's help.

 By the way, I'm using Tomcat 4.0.1 on unix.

 Thanks!
 Paul Phillips
 ___

 Here are the lines that I inserted in my server.xml file to try and get
 JDBC authentication going:

 Context path=/rmta-test docBase=rmta-test debug=99
 reloadable=true Realm  className=org.apache.catalina.realm.JDBCRealm
 debug=99 driverName=org.gjt.mm.mysql.Driver

 connectionURL=jdbc:mysql://localhost/rmta?user=myuser;password=mypassword
   userTable=tablename userNameCol=login
 userCredCol=password
   userRoleTable=rolestable roleNameCol=role /
 /Context

 ___

 Here is my web.xml file:

 ?xml version=1.0 encoding=ISO-8859-1?

 !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
 2.3//EN  http://java.sun.com/dtd/web-app_2_3.dtd;

 web-app
 servlet
servlet-nameGreetingServlet/servlet-name
servlet-classfenced.GreetingServlet/servlet-class
 /servlet
 servlet-mapping
servlet-nameGreetingServlet/servlet-name
url-pattern/greeting/url-pattern
 /servlet-mapping
 security-constraint
web-resource-collection
   web-resource-nameEntire Application/web-resource-name
   url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
   role-namethename/role-name
/auth-constraint
 /security-constraint

 login-config
auth-methodFORM/auth-method

form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/error.jsp/form-error-page
/form-login-config
 /login-config
 /web-app





 ___
 Paul Phillips
 Director of Orchestral Activities, Meadows School of the Arts
 Southern Methodist University

 You must sing every note you play, sing even through the rests!
 Arturo Toscanini

 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]




Re: JDBC authentication configuration

2002-01-14 Thread Paul Phillips

Thanks to David!

This fixed my authentication problem!

--On Monday, January 14, 2002 10:22 AM -0500 David Smith [EMAIL PROTECTED] 
wrote:

 This may or may not be the full problem, but one glaring error is in the
 connectionURL of your server.xml file.  It should read as follows.  Note
 the URL for making a  connection to a MySQL database uses an  symbol
 before 'password' and in XML  it has to be encoded.  Hope this helps you
 out.

   connectionURL=jdbc:mysql://localhost/rmta?user=myuseramp;password=mypa
 ssword


I copied the URL directly from the Apache-Jakarta-Tomcat Realm 
Configuration How-To, and it shows only the semicolon following the 
user=username pair.  It doesn't mention the ampersand at all.  Should this 
be changed in the docs (since the example is showing a connection to a 
mysql database)?

Thanks
Paul Phillips

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]




JDBC authentication configuration

2002-01-13 Thread Paul Phillips

Hello,

I am relatively new to servlet/jsp programming, and struggling with JDBC 
authentication.  I have a tiny test application that works fine using form 
authentication against passwords and names in the tomcat-users.xml file. 
However, when I reconfigure the server.xml file for JDBC authentication 
(following the instructions on the Apache/Tomcat site) the server hangs 
during startup.

My little app is in a folder called /rmta-test.

Specifically, in the log, the hang comes early on in the startup process, 
right after a line saying:

Standard Manager [:/rmta-test]: Seeding of random number generator has 
completed.

Below I have quoted the relavant lines from the server.xml file, and the 
web.xml file for this application.  I don't think this has anything to do 
with the database, as Tomcat seems to hang on startup well before any 
interaction with the database.  However, the database tables are setup 
correctly per the docs, and I can query it manually.  I have also used a 
small stand-alone java program to create a table using the JDBC driver, so 
I know that the driver is installed correctly (in the tomcat library).

If I simply remove the Realm statement, then Tomcat starts up normally.

I'm pretty sure I've got something wrong in the configuration, of 
server.xml or web.xml, but i can't figure out what it is.  I would be 
grateful for anyone's help.

By the way, I'm using Tomcat 4.0.1 on unix.

Thanks!
Paul Phillips
___

Here are the lines that I inserted in my server.xml file to try and get 
JDBC authentication going:

Context path=/rmta-test docBase=rmta-test debug=99 reloadable=true
Realm  className=org.apache.catalina.realm.JDBCRealm debug=99
 driverName=org.gjt.mm.mysql.Driver
 
connectionURL=jdbc:mysql://localhost/rmta?user=myuser;password=mypassword
  userTable=tablename userNameCol=login 
userCredCol=password
  userRoleTable=rolestable roleNameCol=role /
/Context

___

Here is my web.xml file:

?xml version=1.0 encoding=ISO-8859-1?

!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
2.3//EN  http://java.sun.com/dtd/web-app_2_3.dtd;

web-app
servlet
   servlet-nameGreetingServlet/servlet-name
   servlet-classfenced.GreetingServlet/servlet-class
/servlet
servlet-mapping
   servlet-nameGreetingServlet/servlet-name
   url-pattern/greeting/url-pattern
/servlet-mapping
security-constraint
   web-resource-collection
  web-resource-nameEntire Application/web-resource-name
  url-pattern/*/url-pattern
   /web-resource-collection
   auth-constraint
  role-namethename/role-name
   /auth-constraint
/security-constraint

login-config
   auth-methodFORM/auth-method

   form-login-config
   form-login-page/login.jsp/form-login-page
   form-error-page/error.jsp/form-error-page
   /form-login-config
/login-config
/web-app





___
Paul Phillips
Director of Orchestral Activities, Meadows School of the Arts
Southern Methodist University

You must sing every note you play, sing even through the rests!
Arturo Toscanini

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]




JDBC Authentication Broken in 3.2.3?

2001-07-17 Thread Michael P. McCutcheon



I've been fighting with the JDBC authentication in 
3.2.2 and 3.2.3 using Windows 2000, MySQL 3.23.39, the mm-mysql 2.0.6 drivers 
and JDK 1.3.1. I just can't get it to work. I get the messages in 
the console:

2001-07-17 15:21:20 - ContextManager: JDBCRealm: 
Starting JDBCRealm, trying to acquire JDBC Driver class and DB 
Connection2001-07-17 15:21:21 - ContextManager: JDBCRealm: JDBCRealm has 
been started succesfully2001-07-17 15:21:22 - PoolTcpConnector: Starting 
HttpConnectionHandler on 802001-07-17 15:21:22 - PoolTcpConnector: Starting 
Ajp12ConnectionHandler on 80072001-07-17 15:21:31 - ContextManager: 
JDBCRealm: The database connection is null or was found to be closed. Trying to 
re-open it.2001-07-17 15:21:31 - ContextManager: JDBCRealm: 
JDBCRealm.authenticate: SELECT user_pass FROM users WHERE user_name = 
?2001-07-17 15:21:31 - ContextManager: JDBCRealm: Authentication successful 
for user michaelm2001-07-17 15:21:31 - ContextManager: JDBCRealm: Auth ok, 
user=michaelm

but it won't take me to the page I want to go 
to...in other words, it says I'm successfully authenticated, but the login 
window just keeps popping up. After 3 tries, I get to the page, but it's 
blank. Same for form login...keep logging in and keep getting sent to the 
error page.

What's up?

When I put a garbage login/pass I see:

2001-07-17 15:24:29 - ContextManager: JDBCRealm: 
Authentication unsuccessful foruser asdf

so I know that it is talking to the database 
correctly.

Here the security part of my web.xml:

security-constraintweb-resource-collection 
web-resource-nameProtected 
Area/web-resource-name 
url-pattern/main/pgMain.html/url-pattern 
http-methodDELETE/http-method 
http-methodGET/http-method 
http-methodPOST/http-method 
http-methodPUT/http-method/web-resource-collectionauth-constraint 
role-nameviewer/role-name/auth-constraint/security-constraint

login-configauth-methodBASIC/auth-methodrealm-nameAdmin/realm-name/login-config
Here is the database stuff:

Welcome to the MySQL monitor. Commands end 
with ; or \g.Your MySQL connection id is 4 to server version: 
3.23.39-nt

Type 'help;' or '\h' for help. Type '\c' to clear 
the buffer.

mysql use testdbDatabase 
changedmysql select * from users;+---+---+| 
user_name | user_pass |+---+---+| michaelm | 
indonesia |+---+---+1 row in set (0.00 
sec)

mysql select * from 
roles;+---+| role_name |+---+| 
viewer |+---+1 row in set (0.04 
sec)

mysql select * from 
user_roles;+---+---+| user_name | role_name 
|+---+---+| michaelm | viewer 
|+---+---+1 row in set (0.04 sec)

mysql


Any clues?

Mike



AW: User login logging (JDBC authentication)

2001-07-06 Thread Reto Badertscher

Hi,

yeah this is more or less OK.
For my application i have a servlet acting as a controller (like a portal) -
all functions are accessed thru the controller, which dispatches the request
to the correct JSP (in your case), for my part i'm using Velocity and
templates.
This controller servlet initializes
- initialize the user session
- the logging system
- messages
- Database pools
- The events the application can handle

For every request to a protected resource (JSP), the controller checks if
the user is identified. If not, the request is dispatched to the login
event. After a successfull login, the login event redirects to the protected
resources (which was saved from the controller before redirecting to the
login JSP.

I'm using a login object in the session context which knows about
- the username
- the language
- preferences
- .

Hope this helps

Reto
-Ursprüngliche Nachricht-
Von: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 6. Juli 2001 07:20
An: '[EMAIL PROTECTED]'
Betreff: RE: User login logging (JDBC authentication)


Hi Reto,
Could you please explain it more clearly
And from your words i got one idea...
please tell me whether it is right way or not...
when ever a user access any JSP or Servlet other that LoginServlet(which is
controller servlet)..
I will check the session for some username 
if it is null then i redirect the request Login.jsp...
Before this i will create a session in LogonServlet and set the username in
the session whenever user is authenticated...

is this OK
-raj-
-Original Message-
From: Reto Badertscher [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 7:53 PM
To: [EMAIL PROTECTED]
Subject: AW: User login logging (JDBC authentication)


Hello,

If you have a controller servlet it can check for authenticated user and if
a user is not logged in you can redirect to your login screen, and after a
successfull login, redirect back to the protected target.
For security reason (accessing a JSP directly without going thru the
controller servlet), every protected resource can check if a user is logged
in.

Reto

-Ursprüngliche Nachricht-
Von: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 5. Juli 2001 15:33
An: '[EMAIL PROTECTED]'
Betreff: RE: User login logging (JDBC authentication)


Hi randy,
I would appreciate  your patience...
I am coming from first...
This is my prblem
I have 10 JSPs under myCon/jsp folder in Tomcat..
One of them is Login.jsp...which does authentication of user...
i check the username and password against data which lies in SQLServer
7.0...
Once the user is authenticated only...I want to give access to remaining
JSPs..
But he/she should not access any JSP unless authenticated by Login.jsp...
This is my problem...
what is your best possible solution
Is it anyway related to Java or Tomcat security?
If yes, how can i achieve it?
Or is there any other way around to achieve it...

Thanks for listening...
-raj-


-Original Message-
From: Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 6:18 PM
To: [EMAIL PROTECTED]
Subject: RE: User login logging (JDBC authentication)



From IIS you can only set the access to Tomcat as a whole, not
individually.  Tomcat controls access to the individual resources (IIS
doesn't know what they are).

You can view (and modify) the username and password in the session,
I think the session field names are j_security_username and
j_security_password, but don't remember right now - you can get a session
object back for a secured user and then iterate over the fields.

Randy

 -Original Message-
 From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 9:11 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: User login logging (JDBC authentication)


 Hi Randy and all,
 if that is the case where can i set username and password
 And one more thing, i am using tomcat with IIS ...can i restrict
 resources(JSPs and Servlets) on
 tomcat from IIS...
 Any help would be appreciated
 -raj-

 -Original Message-
 From: Randy Layman [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 5:32 PM
 To: [EMAIL PROTECTED]
 Subject: RE: User login logging (JDBC authentication)



   What is happening is that Tomcat is using the user's credentials
 (username/password) in the Session to authenticate.  If they
 are not there
 or invalid, then the user is prompted to log in again.

   Randy

  -Original Message-
  From: Mark Muffett [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 05, 2001 8:33 AM
  To: [EMAIL PROTECTED]
  Subject: Re: User login logging (JDBC authentication)
 
 
  Raj and all
 
  I've managed to make the changes (very easy), but of course
  it doesn't work
  exactly as I wanted it (isn't life always like that...)
 
  I've got a database which is filling up fast since a new log
  gets written to
  it every time a user accesses a new page

Re: User login logging (JDBC authentication)

2001-07-05 Thread Mark Muffett

Raj and all

I've managed to make the changes (very easy), but of course it doesn't work
exactly as I wanted it (isn't life always like that...)

I've got a database which is filling up fast since a new log gets written to
it every time a user accesses a new page (probably about 100 times each
session).

Tomcat clearly knows what a session is (since it doesn't ask the user to log
in again for each page) - any idea where it does this?

Thanks for any help.

Mark

- Original Message -
From: Rajehswar V. Rao [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 05, 2001 12:21 PM
Subject: RE: User login logging (JDBC authentication)


 Hi Mark and all,
 I think my situation is also almost same
 I have set of JSPs under my \myContext\jsp...
 I dont want to give access to the users to these JSPs once they have been
 authnticated...
 One of the JSPs authenticate the user
 please do help...
 -raj-

 -Original Message-
 From: Mark Muffett [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, July 04, 2001 1:59 PM
 To: [EMAIL PROTECTED]
 Subject: Re: User login logging (JDBC authentication)


 Sorry! - found it now (in tomcat_modules.jar).

 Mark

 - Original Message -
 From: Mark Muffett [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]; Antony Bowesman [EMAIL PROTECTED]
 Sent: Wednesday, July 04, 2001 8:37 AM
 Subject: Re: User login logging (JDBC authentication)


  Antony
 
  Many thanks for the suggestion, but where can I find this - I've looked
  through the jar files in the common and container directories of
  $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
 
  Any help appreciated.
 
  Thanks
 
  Mark
 
 
  - Original Message -
  From: Antony Bowesman [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Thursday, June 28, 2001 4:58 PM
  Subject: Re: User login logging (JDBC authentication)
 
 
   Mark Muffett wrote:
   
Any ideas how best to log succesful (or unsuccesful) logins via
JDBC authentication.  The big problem is that the user may have
bookmarked any one of a number of protected pages, and it isn't
practical to put code on each of them.
  
   Just change the JDBC realm authenticate() method to log the result of
   the authentication.
  
   Antony
  
 





RE: User login logging (JDBC authentication)

2001-07-05 Thread Randy Layman


What is happening is that Tomcat is using the user's credentials
(username/password) in the Session to authenticate.  If they are not there
or invalid, then the user is prompted to log in again.

Randy

 -Original Message-
 From: Mark Muffett [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 8:33 AM
 To: [EMAIL PROTECTED]
 Subject: Re: User login logging (JDBC authentication)
 
 
 Raj and all
 
 I've managed to make the changes (very easy), but of course 
 it doesn't work
 exactly as I wanted it (isn't life always like that...)
 
 I've got a database which is filling up fast since a new log 
 gets written to
 it every time a user accesses a new page (probably about 100 
 times each
 session).
 
 Tomcat clearly knows what a session is (since it doesn't ask 
 the user to log
 in again for each page) - any idea where it does this?
 
 Thanks for any help.
 
 Mark
 
 - Original Message -
 From: Rajehswar V. Rao [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, July 05, 2001 12:21 PM
 Subject: RE: User login logging (JDBC authentication)
 
 
  Hi Mark and all,
  I think my situation is also almost same
  I have set of JSPs under my \myContext\jsp...
  I dont want to give access to the users to these JSPs once 
 they have been
  authnticated...
  One of the JSPs authenticate the user
  please do help...
  -raj-
 
  -Original Message-
  From: Mark Muffett [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, July 04, 2001 1:59 PM
  To: [EMAIL PROTECTED]
  Subject: Re: User login logging (JDBC authentication)
 
 
  Sorry! - found it now (in tomcat_modules.jar).
 
  Mark
 
  - Original Message -
  From: Mark Muffett [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]; Antony Bowesman 
 [EMAIL PROTECTED]
  Sent: Wednesday, July 04, 2001 8:37 AM
  Subject: Re: User login logging (JDBC authentication)
 
 
   Antony
  
   Many thanks for the suggestion, but where can I find this 
 - I've looked
   through the jar files in the common and container directories of
   $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
  
   Any help appreciated.
  
   Thanks
  
   Mark
  
  
   - Original Message -
   From: Antony Bowesman [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Thursday, June 28, 2001 4:58 PM
   Subject: Re: User login logging (JDBC authentication)
  
  
Mark Muffett wrote:

 Any ideas how best to log succesful (or unsuccesful) 
 logins via
 JDBC authentication.  The big problem is that the 
 user may have
 bookmarked any one of a number of protected pages, 
 and it isn't
 practical to put code on each of them.
   
Just change the JDBC realm authenticate() method to log 
 the result of
the authentication.
   
Antony
   
  
 
 



RE: User login logging (JDBC authentication)

2001-07-05 Thread Rajehswar V. Rao

Hi Randy and all,
if that is the case where can i set username and password
And one more thing, i am using tomcat with IIS ...can i restrict
resources(JSPs and Servlets) on 
tomcat from IIS...
Any help would be appreciated
-raj-

-Original Message-
From: Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 5:32 PM
To: [EMAIL PROTECTED]
Subject: RE: User login logging (JDBC authentication)



What is happening is that Tomcat is using the user's credentials
(username/password) in the Session to authenticate.  If they are not there
or invalid, then the user is prompted to log in again.

Randy

 -Original Message-
 From: Mark Muffett [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 8:33 AM
 To: [EMAIL PROTECTED]
 Subject: Re: User login logging (JDBC authentication)
 
 
 Raj and all
 
 I've managed to make the changes (very easy), but of course 
 it doesn't work
 exactly as I wanted it (isn't life always like that...)
 
 I've got a database which is filling up fast since a new log 
 gets written to
 it every time a user accesses a new page (probably about 100 
 times each
 session).
 
 Tomcat clearly knows what a session is (since it doesn't ask 
 the user to log
 in again for each page) - any idea where it does this?
 
 Thanks for any help.
 
 Mark
 
 - Original Message -
 From: Rajehswar V. Rao [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, July 05, 2001 12:21 PM
 Subject: RE: User login logging (JDBC authentication)
 
 
  Hi Mark and all,
  I think my situation is also almost same
  I have set of JSPs under my \myContext\jsp...
  I dont want to give access to the users to these JSPs once 
 they have been
  authnticated...
  One of the JSPs authenticate the user
  please do help...
  -raj-
 
  -Original Message-
  From: Mark Muffett [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, July 04, 2001 1:59 PM
  To: [EMAIL PROTECTED]
  Subject: Re: User login logging (JDBC authentication)
 
 
  Sorry! - found it now (in tomcat_modules.jar).
 
  Mark
 
  - Original Message -
  From: Mark Muffett [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]; Antony Bowesman 
 [EMAIL PROTECTED]
  Sent: Wednesday, July 04, 2001 8:37 AM
  Subject: Re: User login logging (JDBC authentication)
 
 
   Antony
  
   Many thanks for the suggestion, but where can I find this 
 - I've looked
   through the jar files in the common and container directories of
   $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
  
   Any help appreciated.
  
   Thanks
  
   Mark
  
  
   - Original Message -
   From: Antony Bowesman [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Thursday, June 28, 2001 4:58 PM
   Subject: Re: User login logging (JDBC authentication)
  
  
Mark Muffett wrote:

 Any ideas how best to log succesful (or unsuccesful) 
 logins via
 JDBC authentication.  The big problem is that the 
 user may have
 bookmarked any one of a number of protected pages, 
 and it isn't
 practical to put code on each of them.
   
Just change the JDBC realm authenticate() method to log 
 the result of
the authentication.
   
Antony
   
  
 
 



RE: User login logging (JDBC authentication)

2001-07-05 Thread Rajehswar V. Rao

Hi randy,
I would appreciate  your patience...
I am coming from first...
This is my prblem
I have 10 JSPs under myCon/jsp folder in Tomcat..
One of them is Login.jsp...which does authentication of user...
i check the username and password against data which lies in SQLServer
7.0...
Once the user is authenticated only...I want to give access to remaining
JSPs..
But he/she should not access any JSP unless authenticated by Login.jsp...
This is my problem...
what is your best possible solution
Is it anyway related to Java or Tomcat security?
If yes, how can i achieve it?
Or is there any other way around to achieve it...

Thanks for listening...
-raj-


-Original Message-
From: Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 6:18 PM
To: [EMAIL PROTECTED]
Subject: RE: User login logging (JDBC authentication)



From IIS you can only set the access to Tomcat as a whole, not
individually.  Tomcat controls access to the individual resources (IIS
doesn't know what they are).

You can view (and modify) the username and password in the session,
I think the session field names are j_security_username and
j_security_password, but don't remember right now - you can get a session
object back for a secured user and then iterate over the fields.

Randy

 -Original Message-
 From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 9:11 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: User login logging (JDBC authentication)
 
 
 Hi Randy and all,
 if that is the case where can i set username and password
 And one more thing, i am using tomcat with IIS ...can i restrict
 resources(JSPs and Servlets) on 
 tomcat from IIS...
 Any help would be appreciated
 -raj-
 
 -Original Message-
 From: Randy Layman [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 5:32 PM
 To: [EMAIL PROTECTED]
 Subject: RE: User login logging (JDBC authentication)
 
 
 
   What is happening is that Tomcat is using the user's credentials
 (username/password) in the Session to authenticate.  If they 
 are not there
 or invalid, then the user is prompted to log in again.
 
   Randy
 
  -Original Message-
  From: Mark Muffett [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 05, 2001 8:33 AM
  To: [EMAIL PROTECTED]
  Subject: Re: User login logging (JDBC authentication)
  
  
  Raj and all
  
  I've managed to make the changes (very easy), but of course 
  it doesn't work
  exactly as I wanted it (isn't life always like that...)
  
  I've got a database which is filling up fast since a new log 
  gets written to
  it every time a user accesses a new page (probably about 100 
  times each
  session).
  
  Tomcat clearly knows what a session is (since it doesn't ask 
  the user to log
  in again for each page) - any idea where it does this?
  
  Thanks for any help.
  
  Mark
  
  - Original Message -
  From: Rajehswar V. Rao [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Thursday, July 05, 2001 12:21 PM
  Subject: RE: User login logging (JDBC authentication)
  
  
   Hi Mark and all,
   I think my situation is also almost same
   I have set of JSPs under my \myContext\jsp...
   I dont want to give access to the users to these JSPs once 
  they have been
   authnticated...
   One of the JSPs authenticate the user
   please do help...
   -raj-
  
   -Original Message-
   From: Mark Muffett [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, July 04, 2001 1:59 PM
   To: [EMAIL PROTECTED]
   Subject: Re: User login logging (JDBC authentication)
  
  
   Sorry! - found it now (in tomcat_modules.jar).
  
   Mark
  
   - Original Message -
   From: Mark Muffett [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]; Antony Bowesman 
  [EMAIL PROTECTED]
   Sent: Wednesday, July 04, 2001 8:37 AM
   Subject: Re: User login logging (JDBC authentication)
  
  
Antony
   
Many thanks for the suggestion, but where can I find this 
  - I've looked
through the jar files in the common and container directories of
$TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
   
Any help appreciated.
   
Thanks
   
Mark
   
   
- Original Message -
From: Antony Bowesman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 28, 2001 4:58 PM
Subject: Re: User login logging (JDBC authentication)
   
   
 Mark Muffett wrote:
 
  Any ideas how best to log succesful (or unsuccesful) 
  logins via
  JDBC authentication.  The big problem is that the 
  user may have
  bookmarked any one of a number of protected pages, 
  and it isn't
  practical to put code on each of them.

 Just change the JDBC realm authenticate() method to log 
  the result of
 the authentication.

 Antony

   
  
  
 



RE: User login logging (JDBC authentication)

2001-07-05 Thread Randy Layman


You can use the Realms security infrastructure of Tomcat to achieve
what you are trying to do - you will need to modify your web.xml file, but
its pretty easy.

http://jakarta.apache.org/cvsweb/index.cgi/jakarta-tomcat/src/doc/
is the documentation for Tomcat in the CVS repository.  A quick glance there
shows a howto for the JDBCRealm (authenticating against a database).

Randy

 -Original Message-
 From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 9:33 AM
 To: '[EMAIL PROTECTED]'
 Subject: RE: User login logging (JDBC authentication)
 
 
 Hi randy,
 I would appreciate  your patience...
 I am coming from first...
 This is my prblem
 I have 10 JSPs under myCon/jsp folder in Tomcat..
 One of them is Login.jsp...which does authentication of user...
 i check the username and password against data which lies in SQLServer
 7.0...
 Once the user is authenticated only...I want to give access 
 to remaining
 JSPs..
 But he/she should not access any JSP unless authenticated by 
 Login.jsp...
 This is my problem...
 what is your best possible solution
 Is it anyway related to Java or Tomcat security?
 If yes, how can i achieve it?
 Or is there any other way around to achieve it...
 
 Thanks for listening...
 -raj-
 
 
 -Original Message-
 From: Randy Layman [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, July 05, 2001 6:18 PM
 To: [EMAIL PROTECTED]
 Subject: RE: User login logging (JDBC authentication)
 
 
 
   From IIS you can only set the access to Tomcat as a whole, not
 individually.  Tomcat controls access to the individual resources (IIS
 doesn't know what they are).
 
   You can view (and modify) the username and password in 
 the session,
 I think the session field names are j_security_username and
 j_security_password, but don't remember right now - you can 
 get a session
 object back for a secured user and then iterate over the fields.
 
   Randy
 
  -Original Message-
  From: Rajehswar V. Rao [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 05, 2001 9:11 AM
  To: '[EMAIL PROTECTED]'
  Subject: RE: User login logging (JDBC authentication)
  
  
  Hi Randy and all,
  if that is the case where can i set username and password
  And one more thing, i am using tomcat with IIS ...can i restrict
  resources(JSPs and Servlets) on 
  tomcat from IIS...
  Any help would be appreciated
  -raj-
  
  -Original Message-
  From: Randy Layman [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, July 05, 2001 5:32 PM
  To: [EMAIL PROTECTED]
  Subject: RE: User login logging (JDBC authentication)
  
  
  
  What is happening is that Tomcat is using the user's credentials
  (username/password) in the Session to authenticate.  If they 
  are not there
  or invalid, then the user is prompted to log in again.
  
  Randy
  
   -Original Message-
   From: Mark Muffett [mailto:[EMAIL PROTECTED]]
   Sent: Thursday, July 05, 2001 8:33 AM
   To: [EMAIL PROTECTED]
   Subject: Re: User login logging (JDBC authentication)
   
   
   Raj and all
   
   I've managed to make the changes (very easy), but of course 
   it doesn't work
   exactly as I wanted it (isn't life always like that...)
   
   I've got a database which is filling up fast since a new log 
   gets written to
   it every time a user accesses a new page (probably about 100 
   times each
   session).
   
   Tomcat clearly knows what a session is (since it doesn't ask 
   the user to log
   in again for each page) - any idea where it does this?
   
   Thanks for any help.
   
   Mark
   
   - Original Message -
   From: Rajehswar V. Rao [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Thursday, July 05, 2001 12:21 PM
   Subject: RE: User login logging (JDBC authentication)
   
   
Hi Mark and all,
I think my situation is also almost same
I have set of JSPs under my \myContext\jsp...
I dont want to give access to the users to these JSPs once 
   they have been
authnticated...
One of the JSPs authenticate the user
please do help...
-raj-
   
-Original Message-
From: Mark Muffett [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 04, 2001 1:59 PM
To: [EMAIL PROTECTED]
Subject: Re: User login logging (JDBC authentication)
   
   
Sorry! - found it now (in tomcat_modules.jar).
   
Mark
   
- Original Message -
From: Mark Muffett [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Antony Bowesman 
   [EMAIL PROTECTED]
Sent: Wednesday, July 04, 2001 8:37 AM
Subject: Re: User login logging (JDBC authentication)
   
   
 Antony

 Many thanks for the suggestion, but where can I find this 
   - I've looked
 through the jar files in the common and container 
 directories of
 $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've 
 missed it?

 Any help appreciated.

 Thanks

 Mark


 - Original Message

Re: User login logging (JDBC authentication)

2001-07-04 Thread Mark Muffett

Antony

Many thanks for the suggestion, but where can I find this - I've looked
through the jar files in the common and container directories of
$TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?

Any help appreciated.

Thanks

Mark


- Original Message -
From: Antony Bowesman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 28, 2001 4:58 PM
Subject: Re: User login logging (JDBC authentication)


 Mark Muffett wrote:
 
  Any ideas how best to log succesful (or unsuccesful) logins via
  JDBC authentication.  The big problem is that the user may have
  bookmarked any one of a number of protected pages, and it isn't
  practical to put code on each of them.

 Just change the JDBC realm authenticate() method to log the result of
 the authentication.

 Antony





Re: User login logging (JDBC authentication)

2001-07-04 Thread Mark Muffett

Sorry! - found it now (in tomcat_modules.jar).

Mark

- Original Message - 
From: Mark Muffett [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; Antony Bowesman [EMAIL PROTECTED]
Sent: Wednesday, July 04, 2001 8:37 AM
Subject: Re: User login logging (JDBC authentication)


 Antony
 
 Many thanks for the suggestion, but where can I find this - I've looked
 through the jar files in the common and container directories of
 $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
 
 Any help appreciated.
 
 Thanks
 
 Mark
 
 
 - Original Message -
 From: Antony Bowesman [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, June 28, 2001 4:58 PM
 Subject: Re: User login logging (JDBC authentication)
 
 
  Mark Muffett wrote:
  
   Any ideas how best to log succesful (or unsuccesful) logins via
   JDBC authentication.  The big problem is that the user may have
   bookmarked any one of a number of protected pages, and it isn't
   practical to put code on each of them.
 
  Just change the JDBC realm authenticate() method to log the result of
  the authentication.
 
  Antony
 
 




Re: User login logging (JDBC authentication)

2001-07-04 Thread Antony Bowesman

Mark,

 Antony
 
 Many thanks for the suggestion, but where can I find this - I've looked
 through the jar files in the common and container directories of
 $TOMCAT_HOME/lib, but nothing stands out.  Maybe I've missed it?
 
 Any help appreciated.

Perhaps I should have elucidated a little more...

I'm assuming you have configured JDBCRealm as your interceptor in
conf/server.xml and we are talking about tomcat 3.x.  The JDBCRealm is
part of webserver.jar.  You can either modify the source of
JDBCRealm.java which is (org.apache.tomcat.request.JDBCRealm) to
implement your own specific logging or set the debug level of the
JDBCRealm to 2 or greater.  At least the existing JDBCRealm with tomcat
3.2.2 supports logging success and failures by setting the debug level
to 2 or greater.  If you want to implement your own then modify the
source, rebuild the class and add it to the $TOMCAT_HOME/classes

HTH.
Antony

 - Original Message -
 From: Antony Bowesman [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, June 28, 2001 4:58 PM
 Subject: Re: User login logging (JDBC authentication)
 
  Mark Muffett wrote:
  
   Any ideas how best to log succesful (or unsuccesful) logins via
   JDBC authentication.  The big problem is that the user may have
   bookmarked any one of a number of protected pages, and it isn't
   practical to put code on each of them.
 
  Just change the JDBC realm authenticate() method to log the result of
  the authentication.
 
  Antony
 

-- 
Antony Bowesman
Teamware Group 
[EMAIL PROTECTED]
tel: +358 9 5128 2562
fax: +358 9 5128 2705



User login logging (JDBC authentication)

2001-06-28 Thread Mark Muffett



Any ideas how best to log succesful (or 
unsuccesful) logins via JDBC authentication. The big problem is that the 
user may have bookmarked any one of a number of protected pages, and it isn't 
practical to put code on each of them.

Any help would be appreciated

Mark Muffett


RE: User login logging (JDBC authentication)

2001-06-28 Thread SHeyns



If you store the 
login information in the session object you could simply check that object on 
each of your pages (or you could include a page at the top of your pages which 
does this check) and redirect them back to the login page if the check 
fails

  -Original Message-From: Mark Muffett 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, June 28, 2001 5:54 
  AMTo: [EMAIL PROTECTED]Subject: User login 
  logging (JDBC authentication)
  Any ideas how best to log succesful (or 
  unsuccesful) logins via JDBC authentication. The big problem is that the 
  user may have bookmarked any one of a number of protected pages, and it isn't 
  practical to put code on each of them.
  
  Any help would be appreciated
  
  Mark 
Muffett


Re: User login logging (JDBC authentication)

2001-06-28 Thread Antony Bowesman

Mark Muffett wrote:
 
 Any ideas how best to log succesful (or unsuccesful) logins via
 JDBC authentication.  The big problem is that the user may have 
 bookmarked any one of a number of protected pages, and it isn't
 practical to put code on each of them.

Just change the JDBC realm authenticate() method to log the result of
the authentication.

Antony