I think your problem is that /* does not match on the end of the URL you are requesting. I know this is kind of screwy, I've had LOTS of fun with Tomcat Realms :) "/*" will match for "/test/*" (since you are within the "test" application) not the root of the server. Try just "*" in the auth config or put a index.html in the /test/ dir and try "/test/index.html" and see if you then get the auth dialog. Then you'll know if that's the problem.
-----Original Message----- From: Paul [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:06 PM To: Tomcat Users List Subject: Re: JDBC Realm problems in case no one noticed and it matters, web.xml has following typo in it, where resource is spelled "ressource": > > <web-ressource-collection> > > <web-ressource-name>test</web-ressource-name> ----- Original Message ----- From: "Adam Hardy" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, September 23, 2003 12:39 PM Subject: Re: JDBC Realm problems > Your config looks OK. Are you getting any errors logged when you try > to log on? > > On 09/23/2003 04:43 PM Laurent Perez wrote: > > Hello > > > > I am trying to protect a webapp I wrote using a JDBCRealm, but it > > doesn't seem to work as expected. I am using Tomcat 4.1.27, and > > Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib. > > > > My realm is described as follows, in $tomcat/conf/server.xml : > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > driverName="org.postgresql.Driver" > > digest="md5" > > connectionURL="jdbc:postgresql://127.0.0.1/mydb" > > connectionName="mylogin" connectionPassword="mypass" > > userTable="pg_shadow" userNameCol="usename" userCredCol="passwd" > > userRoleTable="named_roles" roleNameCol="role" /> > > > > When I start Tomcat, I can see it connecting and idling to mydb, so > > JDBC driver works. Also 'mylogin' has read access on named_roles. > > > > My webapp is called 'test' and located within $tomcat/webapps/, its > > WEB-INF/web.xml is as follows : > > > > <?xml version="1.0" encoding="ISO-8859-1"?> > > > > <!DOCTYPE web-app > > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" > > "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"> > > > > <web-app> > > <security-constraint> > > <web-ressource-collection> > > <web-ressource-name>test</web-ressource-name> > > <url-pattern>/*</url-pattern> > > </web-ressource-collection> > > <auth-constraint> > > <role-name>myrole</role-name> > > </auth-constraint> > > </security-constraint> > > <login-config> > > <auth-method>BASIC</auth-method> > > <realm-name>test</realm-name> > > </login-config> > > <security-role> > > <role-name>myrole</role-name> > > </security-role> > > </web-app> > > > > The 'myrole' role is defined in my named_roles table, and I have > > several users under that role. I did add <security-role> tags > > because Tomcat would warn me about 'myrole' not being within > > <security-role> tags on startup. > > > > Now when I am trying to access http://localhost:8080/test, no > > authentication window pops up, I can access it freely, which > > shouldn't be correct (?). When I look at logs, I can see : > > 2003-09-23 14:14:52 ContextConfig[/test]: Configured an > > authenticator for method BASIC 2003-09-23 14:14:52 > > StandardManager[/test]: Seeding random number generator class > > java.security.SecureRandom 2003-09-23 14:14:52 > > StandardManager[/test]: Seeding of random number generator has been > > completed > > > > If BASIC auth method is activated, why isn't my browser showing up > > an auth window ? :-/ > > > > Also I know Postgres doesn't store md5 password files like > > md5_func(password), but instead md5_func(password+login), will it > > cause problems with Tomcat's digest=md5 behaviour ? > > > > Thanks for any help > > > > Laurent Perez > > > > > > > > -------------------------------------------------------------------- > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > -- > struts 1.1 + tomcat 4.1.27 + java 1.4.2 > Linux 2.4.20 RH9 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]