RE: Connecting to a Database
Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not. Thanks. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Monday, March 29, 2010 5:38 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
I only added that valve because I did not want just anyone to be able to type http://mydomain.com/manager/html and get the Tomcat manager login challenge. That valve should not have any effect on your DataSourceRealm. You should probably post the data Chuck asked for. Where is the Realm for the manager app defined? Where is the Realm for your webapp defined? Post your server.xml so we can see it. Did you remove the Realm in server.xml? Have you made any changes to the global conf/context.xml? -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, March 30, 2010 9:20 AM To: 'Tomcat Users List' Subject: RE: Connecting to a Database Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not. Thanks. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Monday, March 29, 2010 5:38 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received
RE: Connecting to a Database
Right -- ok, that's good. And I will do so (post the data Chuck asked for). -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Tuesday, March 30, 2010 11:34 AM To: 'Tomcat Users List' Subject: RE: Connecting to a Database I only added that valve because I did not want just anyone to be able to type http://mydomain.com/manager/html and get the Tomcat manager login challenge. That valve should not have any effect on your DataSourceRealm. You should probably post the data Chuck asked for. Where is the Realm for the manager app defined? Where is the Realm for your webapp defined? Post your server.xml so we can see it. Did you remove the Realm in server.xml? Have you made any changes to the global conf/context.xml? -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, March 30, 2010 9:20 AM To: 'Tomcat Users List' Subject: RE: Connecting to a Database Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not. Thanks. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Monday, March 29, 2010 5:38 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide
RE: Connecting to a Database
And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database And after doing this Doing which? now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Where is the Realm for the manager app defined? Where is the Realm for your webapp defined? Reference to the tomcat-users.xml file? This sentence no verb. I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. Did you remove the Realm in server.xml? (You shouldn't, if you want the manager app to use it.) Have you made any changes to the global conf/context.xml? Post your server.xml so we can see it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
Thanks, Chuck. I'll take a look again at this to see what else I might have overlooked! -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 4:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connecting to a Database
On 24/03/2010 15:56, Caldarale, Charles R wrote: From: Pid [mailto:p...@pidster.com] Subject: Re: Connecting to a Database If you define the datasource as a global resource, you can define the Realm in server.xml (before or inside the Host), but then you need a resource link in the context.xml to make the global resource available to the app. Are you sure about that? TheResourceLink is necessary when the app is accessing the data source, but in this case, it's not the app, it's Tomcat, doing the authentication lookups. I don't think theResourceLink is necessary, but the rest is definitely needed. Yes, I meant that if the OP needed the data source in the application for some other purpose that a resource link would be required. Probably could have been phrased better. p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
Chris, I meant to reply to this yesterday. I can digest a password and use that digested password in the tomcat-users.xml I added an md5 attribute to the user database realm in server.xml and storing the digested password in tomcat-users.xml is working. Is it not supposed to? Based on that I assumed I could digest other passwords as well. Leo -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, March 24, 2010 12:47 PM To: Tomcat Users List Subject: Re: Connecting to a Database -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote: I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database. Do I need to leave the password of javadude in the Resource in clear text, or can it be a digested version of javadude in clear text in the Resource element? You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection? The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the authstore database. Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9 =uX5k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connecting to a Database
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/25/2010 10:50 AM, Leo Donahue - PLANDEVX wrote: I can digest a password and use that digested password in the tomcat-users.xml Sorry, I was thinking server.xml for the DataSource setup: you cannot use the database's password in a hashed format. The users' passwords can (and should) be hashed for authentication. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkurnrQACgkQ9CaO5/Lv0PCbbQCgpodTTsD/b1jx24kzGAwUolhD zqAAmwQirCQ0Ixu0DxZIXV3JyFKeeOyj =ny0f -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
No, not sure. That is what I was confused about. JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource I think what was throwing me off was seeing examples of the tomcat-users in both the realm-howto and in the jndi-resources-howto I'm attempting container managed security using SQL Server. It looks like I need both a DataSourceRealm and a JDBC DataSource? Assuming I have the correct tables in the database named authstore, does this look right? ** in server.xml ** Realm className=com.microsoft.sqlserver.jdbc.SQLServerDriver dataSourceName=jdbc/authority userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ ** in META-INF/context.xml of specific webapp ** resource-ref descriptionDB Connection/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref ** also in META-INF/context.xml file? ** Resource name=jdbc/authority auth=Container type=javax.sql.DataSource username=javauser password=javadude driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://localhost;database=authstore/ -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, March 23, 2010 3:22 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Subject: Connecting to a Database Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm Are you sure? A Realm is used for authentication only, not for a webapp that accesses a database. Do you perhaps mean Resource? JDBCRealm or JNDI DataSourceRealm? If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connecting to a Database
On 24/03/2010 15:43, Leo Donahue - PLANDEVX wrote: No, not sure. That is what I was confused about. JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource I think what was throwing me off was seeing examples of the tomcat-users in both the realm-howto and in the jndi-resources-howto I'm attempting container managed security using SQL Server. It looks like I need both a DataSourceRealm and a JDBC DataSource? Assuming I have the correct tables in the database named authstore, does this look right? Nope. If you define the DataSource in the app's context.xml, you need to define the realm there too, or it won't have access to the datasource. If you define the datasource as a global resource, you can define the Realm in server.xml (before or inside the Host), but then you need a resource link in the context.xml to make the global resource available to the app. ResourceLink global=jdbc/GlobalName name=jdbc/LocalName type=javax.sql.DataSource/ p ** in server.xml ** Realm className=com.microsoft.sqlserver.jdbc.SQLServerDriver dataSourceName=jdbc/authority userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ ** in META-INF/context.xml of specific webapp ** resource-ref descriptionDB Connection/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref ** also in META-INF/context.xml file? ** Resource name=jdbc/authority auth=Container type=javax.sql.DataSource username=javauser password=javadude driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://localhost;database=authstore/ -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, March 23, 2010 3:22 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Subject: Connecting to a Database Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm Are you sure? ARealm is used for authentication only, not for a webapp that accesses a database. Do you perhaps meanResource? JDBCRealm or JNDI DataSourceRealm? If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connecting to a Database
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 11:43 AM, Leo Donahue - PLANDEVX wrote: No, not sure. That is what I was confused about. JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource A Realm is something Tomcat uses for authentication. A DataSource is an object which hands out database connections. The use of JDBC vs. JNDI is really just about how the connections are obtained: JDBCRealm manages its own JDBC connection (and is heavily synchronized, as Mark mentions: don't use it). DataSourceRealm uses a DataSource obtained via JNDI and configured via a Resource element. There is no JDBCDataSource that I know of. Recommended setup (IMHO): configure everything in META-INF/context.xml and use DataSourceRealm. No need to configure anything in server.xml and no need to configure anything at the OS level (as Mark mentioned, that's ODBC). Assuming I have the correct tables in the database named authstore, does this look right? ** in server.xml ** Realm className=com.microsoft.sqlserver.jdbc.SQLServerDriver className should be org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/authority userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ Ok. ** in META-INF/context.xml of specific webapp ** resource-ref descriptionDB Connection/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref This is actually stuff for web.xml, though it is not required if you have your Resource defined in META-INF/context.xml. ** also in META-INF/context.xml file? ** Resource name=jdbc/authority auth=Container type=javax.sql.DataSource username=javauser password=javadude driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://localhost;database=authstore/ Looks good to me. Make sure your JDBC driver JAR file is in CATALINA_BASE/lib and nowhere else. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqNfkACgkQ9CaO5/Lv0PAgQwCgt7UySAU4hOcZzw4oGFlEqeqM l3EAoJt8ySaQRmKKwVZbS8NytPs8HfqZ =ou3q -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
From: Pid [mailto:p...@pidster.com] Subject: Re: Connecting to a Database If you define the datasource as a global resource, you can define the Realm in server.xml (before or inside the Host), but then you need a resource link in the context.xml to make the global resource available to the app. Are you sure about that? The ResourceLink is necessary when the app is accessing the data source, but in this case, it's not the app, it's Tomcat, doing the authentication lookups. I don't think the ResourceLink is necessary, but the rest is definitely needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
Thanks everyone. I understand this better. I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Do I need to leave the password of javadude in the Resource in clear text, or can it be a digested version of javadude in clear text in the Resource element? The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the authstore database. Leo -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, March 24, 2010 8:56 AM To: Tomcat Users List Subject: Re: Connecting to a Database -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 11:43 AM, Leo Donahue - PLANDEVX wrote: No, not sure. That is what I was confused about. JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource A Realm is something Tomcat uses for authentication. A DataSource is an object which hands out database connections. The use of JDBC vs. JNDI is really just about how the connections are obtained: JDBCRealm manages its own JDBC connection (and is heavily synchronized, as Mark mentions: don't use it). DataSourceRealm uses a DataSource obtained via JNDI and configured via a Resource element. There is no JDBCDataSource that I know of. Recommended setup (IMHO): configure everything in META-INF/context.xml and use DataSourceRealm. No need to configure anything in server.xml and no need to configure anything at the OS level (as Mark mentioned, that's ODBC). Assuming I have the correct tables in the database named authstore, does this look right? ** in server.xml ** Realm className=com.microsoft.sqlserver.jdbc.SQLServerDriver className should be org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/authority userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ Ok. ** in META-INF/context.xml of specific webapp ** resource-ref descriptionDB Connection/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref This is actually stuff for web.xml, though it is not required if you have your Resource defined in META-INF/context.xml. ** also in META-INF/context.xml file? ** Resource name=jdbc/authority auth=Container type=javax.sql.DataSource username=javauser password=javadude driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://localhost;database=authstore/ Looks good to me. Make sure your JDBC driver JAR file is in CATALINA_BASE/lib and nowhere else. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqNfkACgkQ9CaO5/Lv0PAgQwCgt7UySAU4hOcZzw4oGFlEqeqM l3EAoJt8ySaQRmKKwVZbS8NytPs8HfqZ =ou3q -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connecting to a Database
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote: I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database. Do I need to leave the password of javadude in the Resource in clear text, or can it be a digested version of javadude in clear text in the Resource element? You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection? The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the authstore database. Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9 =uX5k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
Chris, In my realm, you're saying that the digest attribute is how the password is stored in the database? Not how it is entered/translated when the user logs in. I'm using this to generate a MD5 hash of the password = password: java -classpath C:\apache-tomcat-6.0.24\lib\catalina.jar;C:\apache-tomcat-6.0.24\bin\tomcat-juli.jar org.apache.catalina.realm.RealmBase -a md5 password I don't understand why I can't authenticate with what I have. When I login and supply a username and password, I get the 401 error page. This user does have the webservicereader role. And the user's password is the same value in the database as in the dos window when I create a password of password. Page 144 of the servlet 2.5 spec speaks to the login-config Element. It doesn't list the values for realm-name, is DataSourceRealm valid? I've tried using DIGEST instead of BASIC for the auth-method, but that change doesn't make a difference, so I must have something else wrong? The only thing I haven't tried is changing the names of the tables to the names listed in the Tomcat docs. Maybe I can't use different table names for users and roles? I do have SSL enabled and I have another webapp working with Active Directory authentication - BASIC over HTTPS. This experiment is an extension of the SSL question I posted a few weeks ago. That is probably why the web.xml looks very similar. ** META-INF/context.xml: Context antiJARLocking=true path=/sample2 privileged=true !-- This Realm uses a DataSourceRealm -- Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/SecurityStore userTable=SECURITYSTORE_USERS userNameCol=USERNAME userCredCol=MD5PASSWORD userRoleTable=SECURITYSTORE_ROLES roleNameCol=ROLENAME digest=MD5/ resource-ref descriptionDB Connection/description res-ref-namejdbc/SecurityStore/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref Resource name=jdbc/SecurityStore auth=Container type=javax.sql.DataSource username=username password=password driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://servername;database=databasename/ /Context ** web.xml: !-- SECURITY CONSTRAINT -- security-constraint web-resource-collection web-resource-namesamplewebapp2/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namewebservicereader/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint !-- LOGIN CONFIGURATION-- login-config auth-methodBASIC/auth-method realm-nameDataSourceRealm/realm-name /login-config !-- Security roles referenced by this web application -- security-role role-namewebservicereader/role-name /security-role -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, March 24, 2010 12:47 PM To: Tomcat Users List Subject: Re: Connecting to a Database -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote: I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database. Do I need to leave the password of javadude in the Resource in clear text, or can it be a digested version of javadude in clear text in the Resource element? You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection? The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the authstore database. Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9 =uX5k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr
RE: Connecting to a Database
Good Evening Leo- i would suggest using the Digest class (over command line calculation of Password) http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#Digested%20Passwords HTH Martin Gainty __ Relayers are requested to not disrupt or alter this transmission. From: leodona...@mail.maricopa.gov To: users@tomcat.apache.org Date: Wed, 24 Mar 2010 10:28:52 -0700 Subject: RE: Connecting to a Database Thanks everyone. I understand this better. I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Do I need to leave the password of javadude in the Resource in clear text, or can it be a digested version of javadude in clear text in the Resource element? The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the authstore database. Leo -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, March 24, 2010 8:56 AM To: Tomcat Users List Subject: Re: Connecting to a Database -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 11:43 AM, Leo Donahue - PLANDEVX wrote: No, not sure. That is what I was confused about. JDBC Realm, vs JNDI DataSourceRealm, vs JDBC DataSource A Realm is something Tomcat uses for authentication. A DataSource is an object which hands out database connections. The use of JDBC vs. JNDI is really just about how the connections are obtained: JDBCRealm manages its own JDBC connection (and is heavily synchronized, as Mark mentions: don't use it). DataSourceRealm uses a DataSource obtained via JNDI and configured via a Resource element. There is no JDBCDataSource that I know of. Recommended setup (IMHO): configure everything in META-INF/context.xml and use DataSourceRealm. No need to configure anything in server.xml and no need to configure anything at the OS level (as Mark mentioned, that's ODBC). Assuming I have the correct tables in the database named authstore, does this look right? ** in server.xml ** Realm className=com.microsoft.sqlserver.jdbc.SQLServerDriver className should be org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/authority userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ Ok. ** in META-INF/context.xml of specific webapp ** resource-ref descriptionDB Connection/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref This is actually stuff for web.xml, though it is not required if you have your Resource defined in META-INF/context.xml. ** also in META-INF/context.xml file? ** Resource name=jdbc/authority auth=Container type=javax.sql.DataSource username=javauser password=javadude driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://localhost;database=authstore/ Looks good to me. Make sure your JDBC driver JAR file is in CATALINA_BASE/lib and nowhere else. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqNfkACgkQ9CaO5/Lv0PAgQwCgt7UySAU4hOcZzw4oGFlEqeqM l3EAoJt8ySaQRmKKwVZbS8NytPs8HfqZ =ou3q -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_1
RE: Connecting to a Database
** SOLVED ** 1. It would have helped had I added the localDataSource=true to the Realm, since I was using the realm in META-INF/context.xml 2. It would have helped if I had paid attention to the actual table name I was using for the userRoleTable. The table should have been SECURITYSTORE_USERS_ROLES I don't know how many times I looked at that and ignored it. I feel about as stupid as possible. Leo -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Wednesday, March 24, 2010 2:56 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database Chris, In my realm, you're saying that the digest attribute is how the password is stored in the database? Not how it is entered/translated when the user logs in. I'm using this to generate a MD5 hash of the password = password: java -classpath C:\apache-tomcat-6.0.24\lib\catalina.jar;C:\apache-tomcat-6.0.24\bin\tomcat-juli.jar org.apache.catalina.realm.RealmBase -a md5 password I don't understand why I can't authenticate with what I have. When I login and supply a username and password, I get the 401 error page. This user does have the webservicereader role. And the user's password is the same value in the database as in the dos window when I create a password of password. Page 144 of the servlet 2.5 spec speaks to the login-config Element. It doesn't list the values for realm-name, is DataSourceRealm valid? I've tried using DIGEST instead of BASIC for the auth-method, but that change doesn't make a difference, so I must have something else wrong? The only thing I haven't tried is changing the names of the tables to the names listed in the Tomcat docs. Maybe I can't use different table names for users and roles? I do have SSL enabled and I have another webapp working with Active Directory authentication - BASIC over HTTPS. This experiment is an extension of the SSL question I posted a few weeks ago. That is probably why the web.xml looks very similar. ** META-INF/context.xml: Context antiJARLocking=true path=/sample2 privileged=true !-- This Realm uses a DataSourceRealm -- Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/SecurityStore userTable=SECURITYSTORE_USERS userNameCol=USERNAME userCredCol=MD5PASSWORD userRoleTable=SECURITYSTORE_ROLES roleNameCol=ROLENAME digest=MD5/ resource-ref descriptionDB Connection/description res-ref-namejdbc/SecurityStore/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref Resource name=jdbc/SecurityStore auth=Container type=javax.sql.DataSource username=username password=password driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver url=jdbc:sqlserver://servername;database=databasename/ /Context ** web.xml: !-- SECURITY CONSTRAINT -- security-constraint web-resource-collection web-resource-namesamplewebapp2/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namewebservicereader/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint !-- LOGIN CONFIGURATION-- login-config auth-methodBASIC/auth-method realm-nameDataSourceRealm/realm-name /login-config !-- Security roles referenced by this web application -- security-role role-namewebservicereader/role-name /security-role -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, March 24, 2010 12:47 PM To: Tomcat Users List Subject: Re: Connecting to a Database -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote: I know you can specify digest for a Realm, but I don't see where I can do that for a Resource. Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database. Do I need to leave the password of javadude in the Resource in clear text, or can it be a digested version of javadude in clear text in the Resource element? You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection? The SQL table of user passwords will be in digest, but I wasn't sure if I could use a digested password as part of the configuration for the account that connects to the authstore database. Nope. Search the archives for that question being asked repeatedly, or just think about
Re: Connecting to a Database
On 23/03/2010 22:16, Leo Donahue - PLANDEVX wrote: Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm and that can be in an Engine, Host or Context element, but most likely in a context element inside the context.xml under META-INF of my specific webapp. What do most people prefer? JDBCRealm or JNDI DataSourceRealm? DataSourceRealm everytime. JDBCRealm uses a single connection and is heavily synchronized as a result. Does the latter require setting up a System DSN datasource in Windows? No. Or am I confusing that with something else? Yes, ODBC. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Subject: Connecting to a Database Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm Are you sure? A Realm is used for authentication only, not for a webapp that accesses a database. Do you perhaps mean Resource? JDBCRealm or JNDI DataSourceRealm? If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org