I have Tomcat 5.5.4 configured with basic authentication through a
JNDI named JDBC connection pool. The Resource and Realm are specified
in META-INF/context.xml. The resource-ref and security-constraint are
specified in WEB-INF/web.xml (releveant parts included at the end of
this message).
There are 3 users assigned roles in the db (MySQL 4.1.8). Sometimes I
am seeing one or more of these users fail to authenticate, even though
moments before they were able to authenticate. Usually, 1 of the users
can still authenticate but the other 2 cannot (though I have seen all
3 fail). Restarting Tomcat usually fixes the problem (though sometimes
several restarts are required).
I am using IE, Firefox, Java code making HttpUrlConnections, and
Apache Axis code making SOAP requests so I'm pretty sure the issue is
with Tomcat and not with the component making the request. To the best
of my knowledge, when authentication fails, it is failing on the same
Authorization header that was succeeding moments before (from watching
the access logs and packet sniffing).
The problem is inconsistent but frustrating and important for us to
figure out. Has anyone seen this kind of behavior? Does anyone have
any suggestions for how I can isolate the problem further?
thx
--- context.xml ---
<Resource
name="jdbc/mydb"
auth="Container"
type="javax.sql.DataSource"
maxActive="64"
maxIdle="16"
maxWait="10000"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost/MYDB"
username="user"
password="pass"
/>
<Realm
className="org.apache.catalina.realm.DataSourceRealm"
localDataSource="true"
dataSourceName="jdbc/mydb"
userTable="user"
userNameCol="name"
userCredCol="password"
userRoleTable="role"
roleNameCol="rolename"
digest="SHA"
/>
--- web.xml ---
<resource-ref>
<description>my database</description>
<res-ref-name>jdbc/mydb</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authentication</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My Realm</realm-name>
</login-config>
<security-role>
<role-name>myRole</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
