Re: Pros and cons of readonly UserDatabase (tomcat-users.xml)

2009-01-08 Thread Richard Eggert 
The MemoryUserDatabaseMBean will write to tomcat-users.xml if its
"save" method is invoked via JMX.


Rich


On Thu, Jan 8, 2009 at 5:11 AM, Kees Jan Koster  wrote:
> Dear Petr,
>
>> any comment on this subject? The question is related to OpenSolaris
>> package
>> (*) where we have all files owned by root and tomcat is executed with
>> dedicated user credentials.
>>
>> Currently tomcat-user.xml and conf directory is owned by tomcat user but
>> it
>> makes some noise in our package auditing.
>>
>> The question is what is limitation of setting user database as readonly
>> (in
>> server.xml) for Tomcat 6.0.18 and having tomcat-user.xml and conf
>> directory
>> owned by root.
>
>
> Does tomcat-users.xml ever have to be written from Tomcat? I routinely run
> with tomcat-users.xml as read-only and it is no problem for me. I don't
> actually use that mechanism at all.
> --
> Kees Jan
>
> http://java-monitor.com/forum/
> kjkos...@kjkoster.org
> 06-51838192
>
> Human beings make life so interesting. Do you know that in a universe so
> full of wonders,
> they have managed to invent boredom. Quite astonishing... -- Terry Pratchett
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-- 
Rich

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

MemoryUserDatabaseMBean Broken in Tomcat 6?

2009-01-07 Thread Richard Eggert 
It appears that MemoryUserDatabaseMBean is broken in Tomcat 6 (and
probably earlier versions of Tomcat, though I haven't tried them).

I've been playing around with the Tomcat's support for the MX4J
HttpAdaptor as described at
http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html , and tried
using the MemoryUserDatabaseMBean
(Users:type=UserDatabase,database=UserDatabase) to edit my
tomcat-users.xml file on the fly without restarting Tomcat.  Some of
its operations sort of work (notably, "save" appears to work properly,
and "createGroup", "createUser", and "createRole" do appear to create
groups, users, and roles, respectively), but for the most part, the
MBean appears to be horribly broken.

When I call one of the "create" operations, the role, group, or user
does get created (at least, they show up in tomcat-users.xml after I
call "save"), but no corresponding RoleMBean, GroupMBean, or UserMBean
is registered, so there's no way to assign roles and groups to users
after they are created (and a user with no roles is fairly useless).

According to their descriptions, the "find" operations are supposed to
return MBean names, but instead they return the XML snippets that
appear in tomcat-users.xml.

The "remove" operations don't work at all.  For example, when I try to
invoke "removeUser", I get the error "Cannot find method removeUser
with this signature."

I couldn't find any mention of this in the Tomcat 6 bug database.
Should I submit a bug report?

-- 
Rich

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org