Andrew, anyone please correct me if I'm wrong, but I'm afraid you've got at least two problems here:
1. As far as I know it is not possible to define a Realm outside of server.xml. If you do not have access to that file, I see no way you can use container managed security, which is a prerequisite for form based authentication (or rather the other way around: form based authentication is just one way to use container managed security). 2. Here I'm even more unsure, but I think I read somewhere that the container managed security of tomcat is starting to work _outside_ of your context (only then should single sign on be possible, which it is with tomcat). Then you would definitely need your drivers somewhere where the server can see them, i.e. $CATALINA_HOME/common/lib. Some good news, though: Besides this, you should be able to use your database. If you try to establish a connection only inside your context, the driver in your WEB-INF/lib directory should be enough. As a last resort you could implement some application managed security, although this is quite a nuisance (as I can tell). Greetings Andreas Mohrig -----Original Message----- From: Andrew Murphy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:58 PM To: [EMAIL PROTECTED] Subject: JDBCRealm configuration and JBDC Driver classpath I am trying to configure form based authentication using a JDBCRealm. I do not have access to the $CATALINA_HOME/common/endorsed folder or server.xml file as my webapp is hosted in a shared environment by an ISP. Therefore I have created a Context configuration xml file fragment to provide the required Realm implementation settings/attributes for Tomcat to load from my root folder at start-up. The problem I am experiencing is that because I am not permitted to access the $CATALINA_HOME/common/endorsed folder I am unable to put the Driver jar (mysql-connector-java-3.0.7-stable-bin.jar) in the container classpath. Attempts to get the container to detect the Driver in the Context classpath (/WEB-INF/lib) of my webapp have proved futile (or so it seems). As a result Tomcat does not recognize the login form action 'j_security_check' when the form is posted, presumably because the driver required to look-up user credentials was not loaded/located in the first place. Can anyone advise of a work-around, or let me know if I have overlooked something, or am I simply snookered...? Thanks Andrew Murphy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]