RE: User authentication using Realms
Hey Frank, No the space seemed to make no difference. I tried it by replacing the space with an underscore and got the same result. Yes, I tested the DSN via my simple Java class and it works fine. The two methods I was talking about are as follows: Class.forName (sun.jdbc.odbc.JdbcOdbcDriver); // Use next two statements to connect directly to Access DB. String dbName = C:/Inetpub/wwwroot/SPID/db1.mdb; String dbConnStr = jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ= + dbName.trim () + ;DriverID=22;READONLY=true}; // OR // Use next statement to connect to Access DB via DSN. String dbURL = jdbc:odbc:Cost History; // dbConnection = DriverManager.getConnection (dbConnStr, , ); dbConnection = DriverManager.getConnection (dbURL, , ); I simply have the first method commented out. Notice the space in the DSN name I use in the class. It works just fine. It works when I use the Simple JSP DSN too. I was hoping for more responses to these questions, but Frank, you seem to be the only one who takes the time to try to help someone out. I have gotten no further in this endeavor. I've read more of the Tomcat documentation, but have found no more insight into how to actually DO it. It does no good to provide a collection of documents if they don't provide the material necessary to help someone USE what they spend so much time describing. It doesn't give me great confidence in these mailing list/newsgroup/bulletin board type venues. I've tried to make use of resources such as this in the past and found them to be next to useless, because I either got no responses, or the few I would receive were of no help at all. What good is it, if it does not help those who use it? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 9:58 AM To: Tomcat Users List Cc: Tomcat Users List Subject: Re: User authentication using Realms Glad to hear you got it working so far! :) Is your DSN name literally Simple JSP? If so, I suggest trying something without a space in it... I have a feeling it might not work with spaces in the name. Note that the exception you are getting is actually coming from Access, it is simply being passed through JDBC. So, as you try and Google for a solution, you can *almost* forget you are working in Java temporarily. Also, does your DSN actually work via the test function in the ODBC manager? I tend to assume you tried that already, but just making sure ;) Actually, it looks like your saying you have a test class that does connect via that DSN, is that correct? If so, ignore this suggestion! :) I notice you say your code can switch between two connection methods... is it possible that somehow it isn't switched to the DSN method and is trying to connect with the path you specified? That makes a little more sense with the exception you are seeing. Ok, that's all the shots in the dark I have right now :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 20, 2005 9:34 am, Gagnon, Joseph M \(US SSA\) said: I've finally (with lots of help) figured out how to do form-based user authentication of a simple test JSP webapp. So far, so good ... it seems to be working. However, the database is a list of roles and users currently defined in conf/tomcat-users.xml. While this worked fine while I was learning how to do this and finally get it up and running, this is definitely not the method I want to use for the real thing. So, I started looking around at some more of the Tomcat documentation and stumbled upon realms. This seems to be the vehicle to allow Tomcat to provide a better method of performing user authentication. The question now is: how do I make use of this? The docs refer to the set of built-in realm types that are available for use, but I don't understand the subtle differences between many of them. There don't seem to be any examples of how to use them. I don't know which ones should be used for different situations. I'm running on a PC with MS Access installed. This is the database (at least for now) that I intend to use. I have successfully accessed information from an Access DB using a Java class to create the connection and execute SQL statements. I've done only a very simple case at this point, just to demonstrate that I can do it successfully. The class actually has two possible methods of connection to the DB, one method defines the actual path to the DB file and a complex (and for the most part, not understood) connection string, the other method defines a URL in the following format: jdbc:odbc:DSN name. The DSN name was set up in the Windows ODBC data source administrator utility. The second method is the one I'm using at this point. I tried setting up a JDBCRealm realm to use an Access DB with two tables, one for user names and passwords, the other for user names and roles
User authentication using Realms
I've finally (with lots of help) figured out how to do form-based user authentication of a simple test JSP webapp. So far, so good ... it seems to be working. However, the database is a list of roles and users currently defined in conf/tomcat-users.xml. While this worked fine while I was learning how to do this and finally get it up and running, this is definitely not the method I want to use for the real thing. So, I started looking around at some more of the Tomcat documentation and stumbled upon realms. This seems to be the vehicle to allow Tomcat to provide a better method of performing user authentication. The question now is: how do I make use of this? The docs refer to the set of built-in realm types that are available for use, but I don't understand the subtle differences between many of them. There don't seem to be any examples of how to use them. I don't know which ones should be used for different situations. I'm running on a PC with MS Access installed. This is the database (at least for now) that I intend to use. I have successfully accessed information from an Access DB using a Java class to create the connection and execute SQL statements. I've done only a very simple case at this point, just to demonstrate that I can do it successfully. The class actually has two possible methods of connection to the DB, one method defines the actual path to the DB file and a complex (and for the most part, not understood) connection string, the other method defines a URL in the following format: jdbc:odbc:DSN name. The DSN name was set up in the Windows ODBC data source administrator utility. The second method is the one I'm using at this point. I tried setting up a JDBCRealm realm to use an Access DB with two tables, one for user names and passwords, the other for user names and roles. I set up another ODBC DSN as described above and placed a reference to that in the realm element. I *think* I followed the directions correctly, but ran into a problem that I don't know how to address. When I restart Tomcat, I'm getting the following error message in the logs (stderr and catalina): Jun 20, 2005 9:06:57 AM org.apache.catalina.realm.JDBCRealm authenticate SEVERE: Exception performing authentication java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6958) at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7115) at sun.jdbc.odbc.JdbcOdbc.SQLDriverConnect(JdbcOdbc.java:3074) at sun.jdbc.odbc.JdbcOdbcConnection.initialize(JdbcOdbcConnection.java:323) at sun.jdbc.odbc.JdbcOdbcDriver.connect(JdbcOdbcDriver.java:174) at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:694) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut henticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:391) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:85 6) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint .java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:534) I don't know what the problem is. What am I not specifying such that it reports back with unknown? Am I using the wrong realm type? Does the method I'm trying to use not work with DSNs? The realm I've defined in my server.xml file is as follows: Realm className=org.apache.catalina.realm.JDBCRealm driverName=sun.jdbc.odbc.JdbcOdbcDriver connectionURL=jdbc:odbc:Simple JSP userTable=users userNameCol=user_name userCredCol=user_password userRoleTable=user_roles roleNameCol=role_name / The connectionURL value (I think) should point to the ODBC DSN name I defined for my simple test DB. The table and field names are correct. By the way, I had previously commented out the following entry in server.xml: Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ I figured
Re: User authentication using Realms
Glad to hear you got it working so far! :) Is your DSN name literally Simple JSP? If so, I suggest trying something without a space in it... I have a feeling it might not work with spaces in the name. Note that the exception you are getting is actually coming from Access, it is simply being passed through JDBC. So, as you try and Google for a solution, you can *almost* forget you are working in Java temporarily. Also, does your DSN actually work via the test function in the ODBC manager? I tend to assume you tried that already, but just making sure ;) Actually, it looks like your saying you have a test class that does connect via that DSN, is that correct? If so, ignore this suggestion! :) I notice you say your code can switch between two connection methods... is it possible that somehow it isn't switched to the DSN method and is trying to connect with the path you specified? That makes a little more sense with the exception you are seeing. Ok, that's all the shots in the dark I have right now :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 20, 2005 9:34 am, Gagnon, Joseph M \(US SSA\) said: I've finally (with lots of help) figured out how to do form-based user authentication of a simple test JSP webapp. So far, so good ... it seems to be working. However, the database is a list of roles and users currently defined in conf/tomcat-users.xml. While this worked fine while I was learning how to do this and finally get it up and running, this is definitely not the method I want to use for the real thing. So, I started looking around at some more of the Tomcat documentation and stumbled upon realms. This seems to be the vehicle to allow Tomcat to provide a better method of performing user authentication. The question now is: how do I make use of this? The docs refer to the set of built-in realm types that are available for use, but I don't understand the subtle differences between many of them. There don't seem to be any examples of how to use them. I don't know which ones should be used for different situations. I'm running on a PC with MS Access installed. This is the database (at least for now) that I intend to use. I have successfully accessed information from an Access DB using a Java class to create the connection and execute SQL statements. I've done only a very simple case at this point, just to demonstrate that I can do it successfully. The class actually has two possible methods of connection to the DB, one method defines the actual path to the DB file and a complex (and for the most part, not understood) connection string, the other method defines a URL in the following format: jdbc:odbc:DSN name. The DSN name was set up in the Windows ODBC data source administrator utility. The second method is the one I'm using at this point. I tried setting up a JDBCRealm realm to use an Access DB with two tables, one for user names and passwords, the other for user names and roles. I set up another ODBC DSN as described above and placed a reference to that in the realm element. I *think* I followed the directions correctly, but ran into a problem that I don't know how to address. When I restart Tomcat, I'm getting the following error message in the logs (stderr and catalina): Jun 20, 2005 9:06:57 AM org.apache.catalina.realm.JDBCRealm authenticate SEVERE: Exception performing authentication java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6958) at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7115) at sun.jdbc.odbc.JdbcOdbc.SQLDriverConnect(JdbcOdbc.java:3074) at sun.jdbc.odbc.JdbcOdbcConnection.initialize(JdbcOdbcConnection.java:323) at sun.jdbc.odbc.JdbcOdbcDriver.connect(JdbcOdbcDriver.java:174) at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:694) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut henticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:391) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:85 6) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java
User Authentication For Download Page
Hi all, I offer download of a file on my site. It sends content using ServletOuputStream. This is the command that I exectly want to constraint with Tomcat's security mechanism (I use JDBC Realm). After user clicks on download, s/he gets forwarded to login. After login the File Download popup apears, they choose location and save it. After the save is performed, instead of going back to download page, it stays on login screen. The exception is java.lang.IllegalStateException: Cannot forward after response has been committed. This kind of makes sense, the page that it forwards to is actually file download. But I do not know how to get arround this problem. I'd like the page that shows to be the one from where user clicked download. If anyone can follow my problem, and has any kind of idea what I could do, could you please help, Regards Damjan _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: User Authentication Problem LDAP
Hi, Thank you for posting your findings. These are very helpful to people searching the archives. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Sandeep N [mailto:[EMAIL PROTECTED] Sent: Sunday, November 07, 2004 11:45 PM To: Tomcat Users List Subject: Re: User Authentication Problem LDAP Hi All, I got my problem solved..The culprit was that I hadn't included the attribute digest with value SHA (SHA because my LDAP directory is storing the password in this format) in the realm directive in server.xml. Also, I had to change role-namecn/role-name to role-name*/role-name in web.xml. Now, the things seems to work without any hassles. Regards, Sandeep On Tue, 02 Nov 2004 12:19:13 +0100, Olivier Jolly [EMAIL PROTECTED] wrote: I'm not a specialist in this but it smells like you're saying that the role name are listedin the attribute 'cn' and that to access your site the connected user should have the role 'cn' hence if you do not have a user with it's cn=cn (attribute cn = value cn), it won't work. Maybe you could either enter real roles to your users in another attribute than cn and adapt your web.xml accordingly or suppress the auth-constraint on the role-name Hope it helps Olivier Sandeep N wrote: Hi, I have a problem trying to authenticate users, whose details are stored in the LDAP directory through Apache Tomcat. The details of the software I am using are as follows : LDAP: OpenLDAP V 2.2.17 Web-Server: Apache-Tomcat V 4.1.30 OS: Suse - Linux The LDAP directory structure is somewhat like this - dc=my-domain,dc=com cn= Manager cn=person1 cn=person2 and so on In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included he following piece of code - Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=Manager,dc=my-domain,dc=com connectionPassword=secret connectionURL=ldap://localhost:389; roleName=cn roleSearch=(uniqueMember={0}) userPassword=userPassword userPattern=cn={0},cn=Manager,dn=my-domain,dn=com / The folder I have to authenticate is param_test and this resides under APACHE-TOMCAT-DIR/webapps. The web.xml file under the param_test folder contains the following piece of code - .. security-constraint web-resource-collection web-resource-nametest/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namecn/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nametest/realm-name /login-config .. I have even copied the jndi.jar, ldap.jar files to APACHE-TOMCAT-DIR/server/lib directory When I try to access the link, http://localhost:8089/param_test, it prompts me for the username and password. When I type in these parameters as per the entries in the LDAP directory, the pop-up reappears and this goes on continously. If I cancel this pop-up, HTTP error 401 is returned. Any guesses where I have gone wrong? Thanks in advance. Regards, Sandeep - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: User Authentication Problem LDAP
Hi All, I got my problem solved..The culprit was that I hadn't included the attribute digest with value SHA (SHA because my LDAP directory is storing the password in this format) in the realm directive in server.xml. Also, I had to change role-namecn/role-name to role-name*/role-name in web.xml. Now, the things seems to work without any hassles. Regards, Sandeep On Tue, 02 Nov 2004 12:19:13 +0100, Olivier Jolly [EMAIL PROTECTED] wrote: I'm not a specialist in this but it smells like you're saying that the role name are listedin the attribute 'cn' and that to access your site the connected user should have the role 'cn' hence if you do not have a user with it's cn=cn (attribute cn = value cn), it won't work. Maybe you could either enter real roles to your users in another attribute than cn and adapt your web.xml accordingly or suppress the auth-constraint on the role-name Hope it helps Olivier Sandeep N wrote: Hi, I have a problem trying to authenticate users, whose details are stored in the LDAP directory through Apache Tomcat. The details of the software I am using are as follows : LDAP: OpenLDAP V 2.2.17 Web-Server: Apache-Tomcat V 4.1.30 OS: Suse - Linux The LDAP directory structure is somewhat like this - dc=my-domain,dc=com cn= Manager cn=person1 cn=person2 and so on In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included he following piece of code - Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=Manager,dc=my-domain,dc=com connectionPassword=secret connectionURL=ldap://localhost:389; roleName=cn roleSearch=(uniqueMember={0}) userPassword=userPassword userPattern=cn={0},cn=Manager,dn=my-domain,dn=com / The folder I have to authenticate is param_test and this resides under APACHE-TOMCAT-DIR/webapps. The web.xml file under the param_test folder contains the following piece of code - .. security-constraint web-resource-collection web-resource-nametest/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namecn/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nametest/realm-name /login-config .. I have even copied the jndi.jar, ldap.jar files to APACHE-TOMCAT-DIR/server/lib directory When I try to access the link, http://localhost:8089/param_test, it prompts me for the username and password. When I type in these parameters as per the entries in the LDAP directory, the pop-up reappears and this goes on continously. If I cancel this pop-up, HTTP error 401 is returned. Any guesses where I have gone wrong? Thanks in advance. Regards, Sandeep - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: User Authentication Problem LDAP
I'm not a specialist in this but it smells like you're saying that the role name are listedin the attribute 'cn' and that to access your site the connected user should have the role 'cn' hence if you do not have a user with it's cn=cn (attribute cn = value cn), it won't work. Maybe you could either enter real roles to your users in another attribute than cn and adapt your web.xml accordingly or suppress the auth-constraint on the role-name Hope it helps Olivier Sandeep N wrote: Hi, I have a problem trying to authenticate users, whose details are stored in the LDAP directory through Apache Tomcat. The details of the software I am using are as follows : LDAP: OpenLDAP V 2.2.17 Web-Server: Apache-Tomcat V 4.1.30 OS: Suse - Linux The LDAP directory structure is somewhat like this - dc=my-domain,dc=com cn= Manager cn=person1 cn=person2 and so on In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included he following piece of code - Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=Manager,dc=my-domain,dc=com connectionPassword=secret connectionURL=ldap://localhost:389; roleName=cn roleSearch=(uniqueMember={0}) userPassword=userPassword userPattern=cn={0},cn=Manager,dn=my-domain,dn=com / The folder I have to authenticate is param_test and this resides under APACHE-TOMCAT-DIR/webapps. The web.xml file under the param_test folder contains the following piece of code - .. security-constraint web-resource-collection web-resource-nametest/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namecn/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nametest/realm-name /login-config .. I have even copied the jndi.jar, ldap.jar files to APACHE-TOMCAT-DIR/server/lib directory When I try to access the link, http://localhost:8089/param_test, it prompts me for the username and password. When I type in these parameters as per the entries in the LDAP directory, the pop-up reappears and this goes on continously. If I cancel this pop-up, HTTP error 401 is returned. Any guesses where I have gone wrong? Thanks in advance. Regards, Sandeep - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
User Authentication Problem LDAP
Hi, I have a problem trying to authenticate users, whose details are stored in the LDAP directory through Apache Tomcat. The details of the software I am using are as follows : LDAP: OpenLDAP V 2.2.17 Web-Server: Apache-Tomcat V 4.1.30 OS: Suse - Linux The LDAP directory structure is somewhat like this - dc=my-domain,dc=com cn= Manager cn=person1 cn=person2 and so on In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included he following piece of code - Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=Manager,dc=my-domain,dc=com connectionPassword=secret connectionURL=ldap://localhost:389; roleName=cn roleSearch=(uniqueMember={0}) userPassword=userPassword userPattern=cn={0},cn=Manager,dn=my-domain,dn=com / The folder I have to authenticate is param_test and this resides under APACHE-TOMCAT-DIR/webapps. The web.xml file under the param_test folder contains the following piece of code - .. security-constraint web-resource-collection web-resource-nametest/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namecn/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nametest/realm-name /login-config .. I have even copied the jndi.jar, ldap.jar files to APACHE-TOMCAT-DIR/server/lib directory When I try to access the link, http://localhost:8089/param_test, it prompts me for the username and password. When I type in these parameters as per the entries in the LDAP directory, the pop-up reappears and this goes on continously. If I cancel this pop-up, HTTP error 401 is returned. Any guesses where I have gone wrong? Thanks in advance. Regards, Sandeep - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : User authentication in multi repositories
Hi, Yes, it's typically the object of the JAAS API. You can configure the JAASRealm and develop your login modules to access multiple LDAP services. You have to think at the rules to use to authenticate sub-group of users in corporate domain and others in other repository. -Message d'origine- De : QM [mailto:[EMAIL PROTECTED] Envoyé : mercredi 29 septembre 2004 23:52 À : Tomcat Users List Objet : Re: User authentication in multi repositories On Wed, Sep 29, 2004 at 01:50:31PM -0300, Ac?cio Furtado Costa wrote: : We would like to know, if it is possible for an application to authenticate : users in multiple LDAP Services. For instance, one sub-group of users will : authenticate on our corporate domain (Active Directory) and another : sub-group (clients, supliers) in other repository (ADAM- Active Directory : Application Mode, NDS, etc). An application, perhaps. ;) Tomcat's JNDI-based Realm, out of the box, likely no. This thread came up a few weeks ago. You can search the archive for details; the highlights boiled down to: sync'ing up your AD setups[1] or writing custom code. [1] = I'm not an AD expert; but I understand one offered solution involved creating some sort of master AD instance that delegated to the others on the backend. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
User authentication in multi repositories
We would like to know, if it is possible for an application to authenticate users in multiple LDAP Services. For instance, one sub-group of users will authenticate on our corporate domain (Active Directory) and another sub-group (clients, supliers) in other repository (ADAM- Active Directory Application Mode, NDS, etc). Can anyone give us a direction to look at, or point us to some information. Thanks Acacio Furtado Costa Magnesita S/A
Re: User authentication in multi repositories
On Wed, Sep 29, 2004 at 01:50:31PM -0300, Ac?cio Furtado Costa wrote: : We would like to know, if it is possible for an application to authenticate : users in multiple LDAP Services. For instance, one sub-group of users will : authenticate on our corporate domain (Active Directory) and another : sub-group (clients, supliers) in other repository (ADAM- Active Directory : Application Mode, NDS, etc). An application, perhaps. ;) Tomcat's JNDI-based Realm, out of the box, likely no. This thread came up a few weeks ago. You can search the archive for details; the highlights boiled down to: sync'ing up your AD setups[1] or writing custom code. [1] = I'm not an AD expert; but I understand one offered solution involved creating some sort of master AD instance that delegated to the others on the backend. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem using Tomcat User Authentication
I am working in JSP/Servlets on Windows XP. I want to use the Tomcat user Authentication in my web application. So using tomcat's JDBC Realm I have stored the username and passwords in the Oracle 9I Database. I want to use authentcation for accessing the different modules. so I have created the main page on which there r links to different modules. Using Security Costraint in the web.xml file I have made the access restricted.so When a user clicks on a link he is asked the user name and password. this works fine but the problem I am facing is that when i come back to the main page and click on some other link the login page is not displayed rather there is eror message that the access to the requested resource is denied is there any way to solve this problem? Tahnx in advance Amit Varshney - Still single? Click here to find the perfect match. http://www.bharatmatrimony.com/cgi-bin/bmclicks1.cgi?141 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SV: Problem using Tomcat User Authentication
I guess you should look at session.invalidate();. BR Soren -Oprindelig meddelelse- Fra: amit varshney [mailto:[EMAIL PROTECTED] Sendt: 24. januar 2004 12:47 Til: [EMAIL PROTECTED] Emne: Problem using Tomcat User Authentication I am working in JSP/Servlets on Windows XP. I want to use the Tomcat user Authentication in my web application. So using tomcat's JDBC Realm I have stored the username and passwords in the Oracle 9I Database. I want to use authentcation for accessing the different modules. so I have created the main page on which there r links to different modules. Using Security Costraint in the web.xml file I have made the access restricted.so When a user clicks on a link he is asked the user name and password. this works fine but the problem I am facing is that when i come back to the main page and click on some other link the login page is not displayed rather there is eror message that the access to the requested resource is denied is there any way to solve this problem? Tahnx in advance Amit Varshney - Still single? Click here to find the perfect match. http://www.bharatmatrimony.com/cgi-bin/bmclicks1.cgi?141 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTP user authentication
Grab the pdf for the servlet-spec that you care about (TC3.3.x := 2.2, TC4.1.x:= 2.3, TC5.x:= 2.4) and look at how to configure the security-constraint element in your web.xml file. It offers something close to Apache's .httpaccess. Of course, the true masochists can set tomcatAuth=false on the connector, and do everything via Apache's .htaccess/.htpasswd :-). Gabor 'Morc' Kormos [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Everybody, Can anyone tell me how could I set up Tomcat (any version) to do the same kind of user authenticate that you can do with Apache's .htaccess/.htpasswd? I tried to find info about it, but the docs seem to focus on the servlet container/JSP and not on static HTML page serving. Thanks, Gabor 'Morc' Kormos. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
HTTP user authentication
Hi Everybody, Can anyone tell me how could I set up Tomcat (any version) to do the same kind of user authenticate that you can do with Apache's .htaccess/.htpasswd? I tried to find info about it, but the docs seem to focus on the servlet container/JSP and not on static HTML page serving. Thanks, Gabor 'Morc' Kormos. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to intercept user authentication
I'm trying to do something that propably somebody did before (or, at least needed to). Currently I'm using tomcat 4.1.16 with Struts 1.0.1 and Velocity Tools for my applications. I configured a BASIC authentication realm, with digested passwords. How can I intercept the process after authentication is made so I can register login date/time in my database. Somebody could point me the direction? Thanx in advance. iran -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How to intercept user authentication
A general approach (at least I use it, but not with Struts or Velocity) is to make sure a session is created for each user who logs on. (One will probably have already been created by Tomcat in handling the basic-authentication - it certainly is using form-based authentication.) Then... 1) Check to see if there's an attribute in the session, called (e.g.) LoggedOn. 2) If there is, don't do anything (because this isn't the first time the user has made an authenticated request). 3) If there isn't, create an attribute with this name and record in the database the fact that this user has logged on. [Note that it's not generally good practice to go storing things in sessions that are still new ( .isNew()) because the browser hasn't necessarily agreed to take part in the session at that stage. But since I think one will have been created by Tomcat I've not bothered considering this...] Like I say, I use this but not with Struts. I have my own controlling servlet that all requests are passed through so I can perform these checks there before the request is processed. My (very basic) understanding of Struts is that it has its own controller servlet, but then you probably don't want to change that. I'll leave it to you to see if there's somewhere else (within the framework) you could use this approach, or to someone else to give you a Struts-specific method. Mike. - Original Message - From: Iran Marcius [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 16, 2002 5:48 PM Subject: How to intercept user authentication I'm trying to do something that propably somebody did before (or, at least needed to). Currently I'm using tomcat 4.1.16 with Struts 1.0.1 and Velocity Tools for my applications. I configured a BASIC authentication realm, with digested passwords. How can I intercept the process after authentication is made so I can register login date/time in my database. Somebody could point me the direction? Thanx in advance. iran -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
User Authentication question
Here my scenario: We have two applications runing on the same server (App A and App B) What we'd like to do is to allow one login prompt but two different role initializations. In other words suppose the user browses the web site and comes upon a page that she needs to authenticate herself for. The sever redirects the user to the login page and upon submission of her credentials she gets auhtenticated by an LDAP serevr and her roles are generated. The application A uses the LDAP to generate roles (groups), while application B uses a database. Wihle I suspect that I need to use SingleSignOn valve to have a unified session accross the contexts I am not quite sure how to do the role assignment. I can see bits of the solution here and there but I can not see the whole picture. I have read the JAAS developer's guide and even came accross JAASRealm class (which I can't find the doc for). I am just not quite sure how to put that info to use. If anyone have a resource that will help me out to the solution I would appreciate your information. Or you might have a clear idea of how to do it, that would be even better :-) Thanks, Alex. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Virtual Hosting /manager with better user authentication
We are currently using Tomcat 4.1.12. We are doing virtual hosting and install the /manager for each virt host. It all looks something like : Host name=www.abc.com debug=0 appBase=/pub/users/abc/www unpackWARs=true autoDeploy=true Logger className=org.apache.catalina.logger.FileLogger prefix=abc_log. suffix=.txt verbosity=4 timestamp=true/ Context path=/manager docBase=/usr/local/etc/tomcat/server/webapps/manager debug=1 reloadable=true crossContext=true privileged=true Logger className=org.apache.catalina.logger.FileLogger prefix=abc-manager_log. suffix=.txt verbosity=4 timestamp=true/ /Context /Host Host name=www.xyz.com debug=0 appBase=/pub/users/xyz/www unpackWARs=true autoDeploy=true Logger className=org.apache.catalina.logger.FileLogger prefix=xyz_log. suffix=.txt verbosity=4 timestamp=true/ Context path=/manager docBase=/usr/local/etc/tomcat/server/webapps/manager debug=1 reloadable=true crossContext=true privileged=true Logger className=org.apache.catalina.logger.FileLogger prefix=xyz-manager_log. suffix=.txt verbosity=4 timestamp=true/ /Context /Host We are using the JDBC realm to authenticate users through mysql and this is working well. The problem is that there does not seem to be a way to limit a user to a particular virtual host. I have looked through the documentation and there is a Valve to restict based on IP address or hostname, but nothing to restict based on the username. ie - www.abc.com/manager/html/list authenticates with abc/123 www.xyz.com/manager/html/list authenticates with xyz/987 but user xyz can also get into www.abc.com/manager/html/list and user abc can also get into www.xyz.com/manager/html/list The way I have solved this is to make a copy of the default manager WAR - ie manager-abc, manager-xyz and point the Context to this unique WAR. Within the web.xml file for this manager WAR, I change both instances of role-namemanager/role-name to a unique role for this user. ie : manager-abc/WEB-INF/web.xml contains role-namemanager-abc/role-name manager-xyz/WEB-INF/web.xml contains role-namemanager-xyz/role-name In the user_roles mysql table, I use this new role instead of manager. This seems to work OK and keeps user xyz out of abc's /manager, but this seems like an awful hack. Is there a better (easier) way of doing this? -- John ___ John Murtari Software Workshop Inc. [EMAIL PROTECTED] 315.695.1301(x-211)TheBook.Com (TM) http://www.thebook.com/ -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
User Authentication + Realms + LDAP
Hello, I am working on a project that uses Tomcat (with JBoss) and Apache Struts. User authentication needs to support a Single Sign On feature which displays a login screen (UserID/Password) if the user is hitting the application directly or it should accept a URL from another application with the same information (encrypted user ID/pwd). I need to authenticate the user against a directory server (iPlanet) and based on the results decide what level of information the user has access to (role based; live data or delayed). I am not sure if I can directly use the JNDI realm implementation or if I will have to extend it (or maybe write a new custom one). The URL from the other application is encrypted and has custom data fields. I have inherited the decryption module from the previous development team. Any advice ? Regards, Gautam Satpathy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
integrate tomcat with IIS (using JK2) and share user authentication information?
Hi! We plan to integrate tomcat with IIS. As I read, we can use JK2. Also we want IIS to do the authentication. However, tomcat servlet session also need the user login information (username...). So is there a way for tomcat to share (or retrieve) the authentication information with IIS? Or thinking the other way around, if we use tomcat to do the authentication, is there a way that we can prevent IIS from loading some document until login has been authenticated by tomcat? Thanks a lot! Alvin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: integrate tomcat with IIS (using JK2) and share user authentication information?
On Thu, Sep 19, 2002 at 02:10:58PM -0400, Alvin Wang wrote: Or thinking the other way around, if we use tomcat to do the authentication, is there a way that we can prevent IIS from loading some document until login has been authenticated by tomcat? Only have the sensitive stuff served up by tomcat. Let IIS do the static and uninteresting stuff only. Matt -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
User authentication Tomcat 3.2.2
I am running Tomcat 3.2.2 on a win2k server as a stand alone web server (part of video conferencing software for administration purposes). I was wondering if there was a way when someone hits the page to have the server prompt for user name and password. In security, for the folder, I removed all except System and Adminstrators, and that didn't work. Would this involve web.xml or server.xml Any help would be great. Thank you, Scott Duffy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Session Tracking / User Authentication
Can anyone point me to a good reference for handling session tracking and user authentication? All I'm trying to do is authenticate a user (form based) and redirect them to the login page if their session times out. It should be pretty simple, but I'm having trouble with it and I can't find any good reference material on the subject. I have JSP Professional (1st Ed.) but the example does not work with Tomcat. Any help appreciated. Thanks, Rick -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RES: Session Tracking / User Authentication
Hi! If you have a welcome-file-list pointing to index.jsp, and your web-app structure is like: /MyWebApp ./index.jsp ./publicResources/ ./index.jsp ./anything.jsp ./secureResources/ ./index.jsp ./myMenu.jsp Then, in /MyWebApp/index.jsp you can have a link to publicResources/ but you cannot have this for secureResources/. Your link shoud be for secureResources/index.jsp and recurity area in web.xml should be cofigured for secureResources/index.jsp. I had several problems with this some time ago, and reported a bug in Bug Database. The jakarta team answered saying that it's a feature by design and will not be fixed. This all works fine in other JSP/Servlet engines (like HP-AS). Atenciosamente, Edson Carlos Ericksson Richter Gerente de Tecnologia ECONET Soluções Web +55 61 326 5115 -Mensagem original- De: Rick Roberts [mailto:[EMAIL PROTECTED]] Enviada em: quarta-feira, 10 de abril de 2002 16:28 Para: Tomcat Users List Assunto: Session Tracking / User Authentication Can anyone point me to a good reference for handling session tracking and user authentication? All I'm trying to do is authenticate a user (form based) and redirect them to the login page if their session times out. It should be pretty simple, but I'm having trouble with it and I can't find any good reference material on the subject. I have JSP Professional (1st Ed.) but the example does not work with Tomcat. Any help appreciated. Thanks, Rick -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.344 / Virus Database: 191 - Release Date: 02/04/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.344 / Virus Database: 191 - Release Date: 02/04/02 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
User authentication
Subject: User authentication From: Hermod Opstvedt [EMAIL PROTECTED] === Hi I have a rather intricate question. In Tomcat you can set up formbased authentication to secure resources with for intance the JDBCRealm, and this works great. Now lets say that you have an index.jsp that also contains the logon form. This index.jsp uses struts-tags to check which role you have and displays different content depending on role - so before you log in it will not display these items. I don't want to protect it, because the page itself should be available to guests (visitors) also. The way I see it it, there is no way of having a user authenticated without trying to access a protected resource, and in this case the resource is the index.jsp. You can not call setRemoteUser() from your index.jsp because it is hidden higher up. Has anyone come across a workaround for this. tia Hermod -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Help with User Authentication in Tomcat 3.3a
Neither of the URL's http://localhost:8080/chi2002/index.html or http://localhost:8080/chi2002 match the /chi2002/demos/* pattern. What happens if you access a JSP page under the demos directory? Cheers, Larry -Original Message- From: Wise, Bowden (CRD) [mailto:[EMAIL PROTECTED]] Sent: Monday, February 18, 2002 5:14 PM To: 'tomcat-user' Subject: Help with User Authentication in Tomcat 3.3a I am tyring to set understand the various user authentication schemes available under Tomcat 3.3. I would like to eventually be able to use JDBCRealm with mysql. I found the instructions on the tomcat site, but so far I have been unsusccessful to get it to work. So I thought I would first try SimpleRealm but even after following the examples provided, I can't get this to work either! I would appreciate any suggestions! I used the example under the JSP files that includes a protected area using form login. I copied almost exactly, for some reason, whenever I reference the protected area in my browser, it never invokes the authentication and pop-up a form. SIMPLE REALM 1) Created a new web app and used ant to distribute to TOMCAT webapps with the following structure chi2002/ /demos /accepts /proofs /rejects Browsing to http://localhost:8080/chi2002/ works great. Below I tried to protect the URL /chi2002/demos/* so if I browse to a file such as http://localhost:8080/chi2002/index.html or http://localhost:8080/chi2002 shouldn't the FORM login pop-up? The FORM never appears and requires a login. So what am I Missing?? 2) web.xml for this app is: !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.2//EN http://java.sun.com/j2ee/dtds/web-app_2_2.dtd; web-app !-- General description of your web application -- display-namechi2002/display-name description CHI2002 DEMO FILES /description servlet servlet-nameXMLTransformServlet/servlet-name description /description servlet-classcom.ge.crd.smg.tg.XMLTransformServlet/servlet-class /servlet servlet-mapping servlet-nameXMLTransformServlet/servlet-name url-pattern/XMLTransformServlet/url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/chi2002/demos/*/url-pattern !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-namechi2002/role-name /auth-constraint /security-constraint !-- Default login configuration uses BASIC authentication -- !-- login-config auth-methodBASIC/auth-method realm-nameExample Basic Authentication Area/realm-name /login-config -- !-- Form-based login is enabled by default. If you wish to try Basic authentication, comment out the login-config section below and uncomment the one above. -- login-config auth-methodFORM/auth-method realm-nameExample Form-Based Authentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config /web-app 3) Created apps-chi2002.xml for Context: ?xml version=1.0 encoding=ISO-8859-1? webapps Context path=/chi2002 docBase=webapps/chi2002 crossContext=false debug=1 reloadable=true SimpleRealm filename=conf/users/chi2002-users.xml / !-- JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authority connectionName=mysql connectionPassword=mysql02 userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / -- /Context /webapps 4) Created conf/users/chi2002-users.xml tomcat-users user name=sigchi password=sigchi roles=chi2002 / /tomcat-users Bowden g GE Global Research Center __ _ G. Bowden Wise mailto:[EMAIL PROTECTED] Information and Decision Technologies GE Global Research
Help with User Authentication in Tomcat 3.3a
I am tyring to set understand the various user authentication schemes available under Tomcat 3.3. I would like to eventually be able to use JDBCRealm with mysql. I found the instructions on the tomcat site, but so far I have been unsusccessful to get it to work. So I thought I would first try SimpleRealm but even after following the examples provided, I can't get this to work either! I would appreciate any suggestions! I used the example under the JSP files that includes a protected area using form login. I copied almost exactly, for some reason, whenever I reference the protected area in my browser, it never invokes the authentication and pop-up a form. SIMPLE REALM 1) Created a new web app and used ant to distribute to TOMCAT webapps with the following structure chi2002/ /demos /accepts /proofs /rejects Browsing to http://localhost:8080/chi2002/ works great. Below I tried to protect the URL /chi2002/demos/* so if I browse to a file such as http://localhost:8080/chi2002/index.html or http://localhost:8080/chi2002 shouldn't the FORM login pop-up? The FORM never appears and requires a login. So what am I Missing?? 2) web.xml for this app is: !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.2//EN http://java.sun.com/j2ee/dtds/web-app_2_2.dtd; web-app !-- General description of your web application -- display-namechi2002/display-name description CHI2002 DEMO FILES /description servlet servlet-nameXMLTransformServlet/servlet-name description /description servlet-classcom.ge.crd.smg.tg.XMLTransformServlet/servlet-class /servlet servlet-mapping servlet-nameXMLTransformServlet/servlet-name url-pattern/XMLTransformServlet/url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/chi2002/demos/*/url-pattern !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-namechi2002/role-name /auth-constraint /security-constraint !-- Default login configuration uses BASIC authentication -- !-- login-config auth-methodBASIC/auth-method realm-nameExample Basic Authentication Area/realm-name /login-config -- !-- Form-based login is enabled by default. If you wish to try Basic authentication, comment out the login-config section below and uncomment the one above. -- login-config auth-methodFORM/auth-method realm-nameExample Form-Based Authentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config /web-app 3) Created apps-chi2002.xml for Context: ?xml version=1.0 encoding=ISO-8859-1? webapps Context path=/chi2002 docBase=webapps/chi2002 crossContext=false debug=1 reloadable=true SimpleRealm filename=conf/users/chi2002-users.xml / !-- JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authority connectionName=mysql connectionPassword=mysql02 userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / -- /Context /webapps 4) Created conf/users/chi2002-users.xml tomcat-users user name=sigchi password=sigchi roles=chi2002 / /tomcat-users Bowden g GE Global Research Center ___ G. Bowden Wise mailto:[EMAIL PROTECTED] Information and Decision Technologies GE Global Research Center Building K1, Room 5B2C PO Box 8| One Research Circle Schenectady, NY 12301 | Niskayuna NY 12309 Fax: 518-387-6104 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
How to develop custom user authentication for Tomcat based onSecurityCheck ?
Hello, We have developed a JSP based application based on tomcat 3.2.3. This application requires different level of administration and requires users to login. We would like to develop a custom authentication module for authenticating users against NIS login/password database. I've already developed a C program which checks if a given login/password is correct but it is not clear how to integrate this C program with tomcat. This C program runs as root (setuid !) and takes the login name and password in input using a pipe and returns true or false if the login/password pair is correct or not. We have had a look at extending the SecurityCheck class but it seems that the SecurityCheck class does not exist anymore in tomcat 3.2.3 ? Has a new class superseded the SecurityCheck class and is there some kind of documentation about this new class ? I would be grateful for any information ! Thanks ! Thierry Mathilde.
Https and user authentication
I have set up tomcat to use https and user authentication. I have ser clientauth to true in server.xml. The server gets the clients certificate , but the page still can not be displayed. I read in the ie help files that when connection to a secure site that site will send the user it's certificate. Is this right and/or how can this be solved? Eirik
User Authentication Apache+mod_ssl+Tomcat 3.2.3
Hello all, I am using the above config and have a JDBC realm set-up using FORM based login. What I want to know is: 1. Is it possible to get the login page to use SSL (https or 443 port) and once the user is validated continue on the standard (http 80 port)? 2. If so, is there any documentation with regards to this? Thanks Asar - Visit our Internet site at http://www.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
Applet - http tunneling - user authentication
Hi tomcatters, Im using user authentication on apache and I would like to make an applet communicate with a servlet through http tunneling. Here is a snippet of the code I use : dataURL = new URL(http,myserver,80,/myservlet?action=connect); connection = dataURL.openConnection(); connection.setUseCaches(false); connection.setRequestProperty(header,value); jTextField1.setText(dataURL.toString()); ObjectInputStream in = new ObjectInputStream(connection.getInputStream()); String value = (String) in.readObject(); jTextField1.setText(Connection established, server says : + value + .); in.close(); When I deactivate the authorization section, it works fine but with it I always got a 401 in access.log Anybody has ever tried to do similar things ? Any help is welcome Regis
Re: user authentication documentation
Dante le Poole wrote: does anyone know of any docs or examples of how to setup form-based user authentication? Try this one: http://e-docs.bea.com/wls/docs60/adminguide/config_web_app.html#webapp-auth Oki
AW: user authentication documentation
Hi, read the servlet-spec 2.3, chapter 12 (security). There it is described. You can download it from: http://java.sun.com/aboutJava/communityprocess/first/jsr053/index.html Regards, Mascha Mascha-Kathinka Kluge ByteCom GmbH Martin-Luther-Str. 5a 97072 Würzburg Tel: +49 (931) 35 45 8-44 Fax: +49 (931) 35 45 8-19 http://www.bytecom.net mailto:[EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: Dante le Poole [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 10. Mai 2001 16:44 An: Tomcat User Betreff: user authentication documentation does anyone know of any docs or examples of how to setup form-based user authentication? I read the info in the userguide but it only explains how to setup the database. I need to know how setup the forms, the web.xml and whatever else is necessary. thanx! Dante le Poole
Problem with user authentication
Title: Problem with user authentication I've got a Tomcat 3.2 running with standard form-based user authentication for my context. It works fine when accessed from within our Intranet. But I get a login-error after authenticating when accessing the site from the web as if I typed in a wrong password. The server is connected directly to our provider. I don't know the exact configuration at our provider's location. They do something like NAT, and letting only specific IP-Adr. + Port# through. In this case its P# 8080 where HTTP-service listens to. What's wrong ? Do we have to grant access to another port ? Thanx 4 your help, Chris additional info : tomcat-users.xml contains user information and web.xml contains : web-resource-collection web-resource-nameProtected Area/web-resource-name description/description url-pattern /servlet/* /url-pattern url-pattern *.dsp /url-pattern http-method GET /http-method http-method DELETE /http-method http-method PUT /http-method http-method POST /http-method /web-resource-collection auth-constraint role-name isupport /role-name /auth-constraint user-data-constraint /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameExample Form-Based Authentication Area/realm-name form-login-config form-login-page/login/login.jsp/form-login-page form-error-page/login/error.jsp/form-error-page /form-login-config /login-config security-role role-nameisupport/role-name /security-role
user authentication documentation
does anyone know of any docs or examples of how to setup form-based user authentication? I read the info in the userguide but it only explains how to setup the database. I need to know how setup the forms, the web.xml and whatever else is necessary. thanx! Dante le Poole
Re: user authentication documentation
I believe there is an example of this in the examples project's web.xml config file On Thursday 10 May 2001 08:43, you wrote: does anyone know of any docs or examples of how to setup form-based user authentication? I read the info in the userguide but it only explains how to setup the database. I need to know how setup the forms, the web.xml and whatever else is necessary. thanx! Dante le Poole
RE: user authentication documentation
When running the example, after submitting the login-form I get a 404, stating that /examples/jsp/security/login/j_security_check can't be found. This is correct, because I can't find a servlet with that name anywhere in the tomcat directory tree. I get the feeling this j_security_check is supposed to be something automatic, not a real servlet, but it isn't working for me. any ideas? Dante ::-Original Message- ::From: [EMAIL PROTECTED] ::[mailto:[EMAIL PROTECTED]]On ::Behalf Of Christian Hargraves ::Sent: Thursday, May 10, 2001 12:36 PM ::To: [EMAIL PROTECTED] ::Subject: Re: user authentication documentation :: :: ::I believe there is an example of this in the examples project's web.xml ::config file :: ::On Thursday 10 May 2001 08:43, you wrote: :: does anyone know of any docs or examples of how to setup form-based user :: authentication? :: :: I read the info in the userguide but it only explains how to setup the :: database. I need to know how setup the forms, the web.xml and whatever else :: is necessary. :: :: thanx! :: :: Dante le Poole ::
Help: database user authentication how-to.
Dear People, I am totally confused on how to proceed with the user authentication in my web application. I will try to state my problem briefly: I have a web application that has FORM security. I need to create a way for users to create an account that gives them access to the web application. Optimally, the user/password/role info should be stored in a database. How can this be done as closely as possible to the servlet/jsp specification? Is there a package written for this somewhere? I found something about JDBC real in the server.xml file, is it what I seek? Note that I also need this to be integrated with the web engine (Apache preferably). I have seen that app servers like weblogics have a user authentication scheme exactly like the one I seek but I want a non-proprietary, low cost solution. Any direction would be much appreciatted since I am really not knowing what to do regarding this matter. Thanks in advance, Christian Rauh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Help: database user authentication how-to.
I've been looking at the code in Tomcat 3.2, there is no JDBCRealm present. Do I need to be looking at Tomcat 4.0? Apologies for the stupid question. fern On Thu, 15 Feb 2001, Christian Rauh wrote: Dear People, I am totally confused on how to proceed with the user authentication in my web application. I will try to state my problem briefly: I have a web application that has FORM security. I need to create a way for users to create an account that gives them access to the web application. Optimally, the user/password/role info should be stored in a database. How can this be done as closely as possible to the servlet/jsp specification? Is there a package written for this somewhere? I found something about JDBC real in the server.xml file, is it what I seek? Note that I also need this to be integrated with the web engine (Apache preferably). I have seen that app servers like weblogic´s have a user authentication scheme exactly like the one I seek but I want a non-proprietary, low cost solution. Any direction would be much appreciatted since I am really not knowing what to do regarding this matter. Thanks in advance, Christian Rauh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Help: database user authentication how-to.
Yes, it was a stupid question. Tomcat 4 does indeed have JDBCRealm. Sorry guys. fern On Thu, 15 Feb 2001, Fernando Padilla wrote: I've been looking at the code in Tomcat 3.2, there is no JDBCRealm present. Do I need to be looking at Tomcat 4.0? Apologies for the stupid question. fern On Thu, 15 Feb 2001, Christian Rauh wrote: Dear People, I am totally confused on how to proceed with the user authentication in my web application. I will try to state my problem briefly: I have a web application that has FORM security. I need to create a way for users to create an account that gives them access to the web application. Optimally, the user/password/role info should be stored in a database. How can this be done as closely as possible to the servlet/jsp specification? Is there a package written for this somewhere? I found something about JDBC real in the server.xml file, is it what I seek? Note that I also need this to be integrated with the web engine (Apache preferably). I have seen that app servers like weblogic´s have a user authentication scheme exactly like the one I seek but I want a non-proprietary, low cost solution. Any direction would be much appreciatted since I am really not knowing what to do regarding this matter. Thanks in advance, Christian Rauh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Help: database user authentication how-to.
JDBCRealm is on versions 3.2 and up and on 4.0 too... Saludos , Ignacio J. Ortega -Mensaje original- De: Fernando Padilla [mailto:[EMAIL PROTECTED]] Enviado el: jueves 15 de febrero de 2001 17:21 Para: [EMAIL PROTECTED] Asunto: Re: Help: database user authentication how-to. I've been looking at the code in Tomcat 3.2, there is no JDBCRealm present. Do I need to be looking at Tomcat 4.0? Apologies for the stupid question. fern On Thu, 15 Feb 2001, Christian Rauh wrote: Dear People, I am totally confused on how to proceed with the user authentication in my web application. I will try to state my problem briefly: I have a web application that has FORM security. I need to create a way for users to create an account that gives them access to the web application. Optimally, the user/password/role info should be stored in a database. How can this be done as closely as possible to the servlet/jsp specification? Is there a package written for this somewhere? I found something about JDBC real in the server.xml file, is it what I seek? Note that I also need this to be integrated with the web engine (Apache preferably). I have seen that app servers like weblogics have a user authentication scheme exactly like the one I seek but I want a non-proprietary, low cost solution. Any direction would be much appreciatted since I am really not knowing what to do regarding this matter. Thanks in advance, Christian Rauh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
User Authentication using the Windows NT Authentication
Hi, I am building a system for the Intranet. We have a NT network. I wanted to know if by any means I can use the username and password that is registered in the NT Server as the mode of authentication for my site built on Tomcat? This is possible with the IIS.But I am not sure how it manages.In the management console there is an option to do that.I am not able to figure out anything with either Apache or Tomcat. Any Ideas?? Rahul Desai Software Engineer Aztec Software Bangalore - India BEGIN:VCARD VERSION:2.1 N:Desai;Rahul;R.M FN:Rahul R.M Desai NICKNAME:Rahul ORG:Aztec Software And Technology Services TITLE:Developer ( Software Engineer ) TEL;WORK;VOICE:+91-80-5522892 / 93 TEL;HOME;VOICE:6610320 TEL;WORK;FAX:+91-80-5521987 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;23, 3rd 'A' cross,=0D=0A18th main, 6th block,=0D=0AKoramangala;Bangalore;K= arnataka;560 095;India LABEL;WORK;ENCODING=QUOTED-PRINTABLE:23, 3rd 'A' cross,=0D=0A18th main, 6th block,=0D=0AKoramangala=0D=0ABangalor= e, Karnataka 560 095=0D=0AIndia ADR;HOME;ENCODING=QUOTED-PRINTABLE:;;#108, "Anagha Apts."=0D=0AII main, Gavipuram Extn.,=0D=0AHanumanthanagar;B= angalore;Karnataka;560019;India LABEL;HOME;ENCODING=QUOTED-PRINTABLE:#108, "Anagha Apts."=0D=0AII main, Gavipuram Extn.,=0D=0AHanumanthanagar=0D= =0ABangalore, Karnataka 560019=0D=0AIndia X-WAB-GENDER:2 URL:http://geocities.com/rrmdesai URL:http://www.aztec.soft.net BDAY:19780324 EMAIL;PREF;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] REV:20010205T095131Z END:VCARD - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: User Authentication using the Windows NT Authentication
Actually, this month's Linux magazine talks about using PAM for user authentication (article on PAM and Samba for Win integration). It basically is aa Apache module that lets you authenticate users against a PDC (I believe), you'll need to look into it as I don't know enough about it to give details. Good luck, Mike -Original Message- From: Rahul Desai To: Tomcat User at Jakarta(Apache) Sent: 2/5/01 1:51 AM Subject: User Authentication using the Windows NT Authentication Hi, I am building a system for the Intranet. We have a NT network. I wanted to know if by any means I can use the username and password that is registered in the NT Server as the mode of authentication for my site built on Tomcat? This is possible with the IIS.But I am not sure how it manages.In the management console there is an option to do that.I am not able to figure out anything with either Apache or Tomcat. Any Ideas?? Rahul Desai Software Engineer Aztec Software Bangalore - India Rahul R.M Desai.vcf ATT121389.txt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
user authentication
hi all please could someone give me hints on using jdbc [specially jdbcRleam] and servlets or JSP for user authentication to lookup user details to create a connection with. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
User Authentication config (Tomcat vs. Apache)
Greetings all, I am having trouble getting authorization to work for a web-app in Tomcat. I would appreciate any advise I can get. Here is my case: I am using Apache 1.3.12 Tomcat 3.2 (I also want 3.1 to work) I have a webapp deployed entirely under Tomcat/webapps/ecims I want user authentication to happen on ANY file, servlet, jsp, etc... in that webapp. This is what I have done, and the effect: I added this to my Tomcat/webapps/ecims/web-inf/web.xml file: security-constraintweb-resource-collectionweb-resource-nameProtected Area/web-resource-nameurl-pattern/*/url-pattern http-methodDELETE/http-methodhttp-methodGET/http-methodhttp-methodPOST/http-methodhttp-methodPUT/http-method/web-resource-collectionauth-constraintrole-nameecims/role-name/auth-constraint/security-constraintlogin-configauth-methodBASIC/auth-methodrealm-nameExample Basic Authentication Area/realm-name/login-config When I hit my index page, I got the Auth dialog from IE. (great! It works...) Then as I browsed through all is well... until I hit an Applet. The Applet loading caused another auth dialog BUT it was a java based dialog. And it continued popping up java dialogs for my auth info. It asks about 6 or 8 times, and it hit about 30-40 urls. ALL of these connections are back to servlets in my webapp (ecims). My only thoughts are... I am using the Java plugin and maybe it is connecting directly to the server instead of using IE. This would explain it not having the previously entered user and password. However it does not explain why I get asked several times for what is the same URL (excluding parameters). I thought I would try using Apache security: I did set it up but it is ignored if I use port 8080 (Tomcat for me). If I use 80 (Apache) then it asks and works for static content of my web-app but any dynamic content fails to load. Thoughts, comments, and pointers are all welcome. Thanks in advance. RA. Russell AllenSr. Software EngineerEmageon(205) 980-9222x605
Using Apache user authentication for pages served by Tomcat
Someone else said they could not get authentication directives defined to Apache to work for pages redirected to Tomcat. I encountered the same problem, but have found a workaround. If you update your server.xml file so that the document root used by Tomcat for a particular context is in the Apache document directory, it seems to work. An example may clarify. On Windows, I have Tomcat in c:\jakarta-tomcat-3.2 and Apache in c:\Apache. Apache's document root is c:\apache\htdocs. I originally had Tomcat context "domino" with a docbase of "webapps/domino", and the following Directory directive in httpd.conf: Directory c:/jakarta-tomcat-3.2/webapps/domino Going to a file in the domino context did not prompt for a userid/password. I then updated Tomcat's server.xml to use a docbase of c:\apache\htdocs\domino (and of course moved the files there) and changed Apaches httpd.conf with the following Directory directive: Directory c:/apache/htdocs/domino Now, when I try to get a file from http://myserver/domino, I get the popup dialog to enter a userid and password.
Problem with user authentication w/ Tomcat v4.0 m4
Hello, [I attempted to look this topic up on the alias archive, but after reading a few unrelated posts (search on "authentication" AND "document contains no data") and then various server not available attempts I gave up and decided to write to the group.] I am trying to test user authentication with Tomcat v4.0 m4. I have a *very* simple configuration: * an index page that links to a view-common page and a view-restricted page * the web.xml security constraint on the view-restricted page are set up as: !-- Restricted Resources -- security-constraint web-resource-collection web-resource-nameRestrictedResources/web-resource-name url-pattern/view-restricted.html/url-pattern http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role descriptionA simple restricted-access user role./description role-nameadmin/role-name /security-role * the server.xml configuration file is using the MemoryRealm * the tomcat-users.xml config. file has three users: tomcat-users user name="tomcat" password="tacmot" roles="tomcat" / user name="user1" password="1resu" roles="admin" / user name="user2" password="2resu" roles="tomcat,admin" / /tomcat-users So, I would expect that when I attempt to access the view-restricted.html page that I get BASIC HTTP user auth. dialog box in my browser (Netscape v4.75) and I do. That's not the weird thing. Everything works as expected when I enter a user that has 'admin' role (e.g. 'user1'), *but* I am getting the following Netscape error when I enter any other user (e.g. 'tomcat'): The document contains no data. Try again later, or contact the server's administrator. This is not what I was expecting. Is this the correct behavior? This is a problem because it (the browser) will not allow me to attempt to link to that page again and re-authenticate. Note: if I miss type a given user's password, then the browser correctly asks me to retry; it is only when I give the correct password for a registered user but not in the corrrect role for the restricted page that I get the above problem. BTW, I have attached a WAR file distribution of this WebApp. Thanks, Bryan +---+--+ | Bryan Basham | "You are not an isolated entity, but | Java Courseware Developer | a unique, irreplaceable part of the | Sun Educational Services | cosmos. Don't forget this. You are | Phone: 1-303-272-8766 (x78766) | an essential piece of the puzzle of | E-mail: [EMAIL PROTECTED] | humanity." | Address: 500 Eldorado Blvd| | MailStop: UBRM05-135 | -- The Art of Living, Epictetus | Broomfield, CO 80021 | (trans. Sharon Lebell) +---+--+ TestAuth1.war
Re: user authentication
Thanx much for the quick response ... may I inquire further please? : For our system, we're managing it all through sessions. When the person logs : in, their login information is checked against a database object. If it : matches, they're logged in. Otherwise, they're asked to provide a correct : login, or bugger off. : : After they're logged in, there is a user object associated with their session : (session.setAttribute( user, "user" )). : : It is through this user object that decides where they can access, and what they : can access. Can to explain this further please - how do you manage the url-user-role matrix in your user object? Further, how do you do a check in a timely fashion for every protected area of your site? I was thinking of developing some sort of all encompassing "white pages" for everyone and every url. When a user logs in, I could grab all data for that user from the white pages and stuff that info into the session. From then on in, for every protected page access, I could validate the URL against the session data and not hit the database. Database updates for new users and roles could be handled elsewhere. In this scenario - I would role my own system. Thanx much - Michelle
user authentication
I've been delving through the Tomcat archives and various guru site out there, trying to piece together a sound approach to handling user authentication and rights access. I've seen some threads and articles on using sessions, some references in the Tomcat archives to JDBCRealm (which I cannot find anything more on), hooking into databases .. etc. I find I am a bit miffed and coming here looking for some suggestions. My site will have static and dynamic pages will contain both protected and unprotected areas in the protected areas, will require logins each user will be assigned a role for the protected area which grants access rights such as read, write, admin - yes, an ACL model Any thoughts on the best approach? Should I use JDBCRealm (an can someone send me the link to docs please?) Should I use the session object to hold a URL to role access hash once a user logs? Should I spin my own (YIKES!)? Experts - do you have any opinions? Much much thanx in advance. Michelle
Re: user authentication
On Mon, 13 Nov 2000, Michelle wrote: I've been delving through the Tomcat archives and various guru site out there, trying to piece together a sound approach to handling user authentication and rights access. I've seen some threads and articles on using sessions, some references in the Tomcat archives to JDBCRealm (which I cannot find anything more on), hooking into databases .. etc. I find I am a bit miffed and coming here looking for some suggestions. My site will have static and dynamic pages will contain both protected and unprotected areas in the protected areas, will require logins each user will be assigned a role for the protected area which grants access rights such as read, write, admin - yes, an ACL model For our system, we're managing it all through sessions. When the person logs in, their login information is checked against a database object. If it matches, they're logged in. Otherwise, they're asked to provide a correct login, or bugger off. After they're logged in, there is a user object associated with their session (session.setAttribute( user, "user" )). It is through this user object that decides where they can access, and what they can access. Any thoughts on the best approach? Should I use JDBCRealm (an can someone send me the link to docs please?) Should I use the session object to hold a URL to role access hash once a user logs? Should I spin my own (YIKES!)? That's what we chose to do. However, we have very specific needs for our project. Perhaps you do not, for yours. Perhaps you just want a UNIX-style ACL system. If that is the case, and you're not overly concerned about passwords flying over the network, you might consider Apache access control files (if you're using Apache), or whatever the similar item is for IIS.) Daniel Lynes eService System Corp.
User authentication based on form parameters
Hi, I have an application that has a single servlet. That servlet receives two mandatory paramenters: Screen and Action (i,e main?scree=useraction=show). I also have an xml file that describes the role that the user needs to be in in order to access the screen: Screen Action Role user new guest user create guest user show user userupdate user user remove admin message new guest message send user message view guest I would like tomcat to verify that the user is authenticated for the specified role based on this table. The role guest does not need authentication. Thanks Hector