same problem here - still don't know how to solve it :(
vVolf
> -----Oryginalna wiadomooeæ-----
> Od: Mike Slinn [mailto:[EMAIL PROTECTED]]
> Wys³ano: 2 marca 2001 18:59
> Do: [EMAIL PROTECTED]
> Temat: JDBC Realm not triggering
>
>
> I feel like I sailed off the edge of the known universe,
> because there isn't
> much documentation for form-based authentication using JDBC realms (at
> least, none that I could find, beyond the short
> JDBCRealm.howto included in
> the TomCat docs).
>
> I am using Windows NT Server 4sp6 with JDK1.3 and Tomcat 3.2.1.
>
> I made the following changes to server.xml:
>
> <!-- <RequestInterceptor
> className="org.apache.tomcat.request.SimpleRealm"
> debug="0" /> -->
> <RequestInterceptor className="org.apache.tomcat.request.JDBCRealm"
> debug="99"
> driverName="org.gjt.mm.mysql.Driver"
> connectionURL="jdbc:mysql://blahblah.com:3306/database"
> connectionName="secret"
> connectionPassword="secret"
> userTable="Users" userNameCol="userId" userCredCol="userPassword"
> userRoleTable="UserPriv" roleNameCol="privLevel" />
>
> The database tables exist, exactly as shown in
> <RequestInterceptor>, since
> mySql is case-sensitive w.r.t. table names.
>
> Here is a piece of my web.xml:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>developer</web-resource-name>
> <url-pattern>/pwAdmin/*</url-pattern>
> <url-pattern>/pwModerator/*</url-pattern>
> <url-pattern>/pwNormal/*</url-pattern>
> <url-pattern>/pwPortal/*</url-pattern>
> <url-pattern>/pwTest/*</url-pattern>
> <http-method>get</http-method>
> <http-method>post</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>developer</role-name>
> </auth-constraint>
>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>JDBC</realm-name>
> <form-login-config>
> <form-login-page>/index.html</form-login-page>
> <form-error-page>/register.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <role-name>developer</role-name>
> </security-role>
>
>
> Here is the authentication form:
> <form method="POST" action="j_security_check">
> Login id: <input type="text" name="j_username" size="8"
> class=formStyle><br>
> Password: <input type="password" name="j_password" size="8"
> class=formStyle><br>
> <input type="submit" value=" Log In " name="LogIn"
> class=formStyle>
> </form>
>
>
> When I press the submit button, I get the following error:
> HTTP 404 - File not found
> The url reported is http://localhost:8080/j_security_check
>
> Somehow the form action is not being picked up by the TomCat security
> mechanism. What have I missed?
>
> A few more questions:
> - If I omit <transport-guarantee>, does it default to NONE?
> - Is it possible to use * for <http-method> to specify that all HTTP
> methods are to be subject to security?
> - I would like to use a numeric column in the database to
> store the user
> authentication level, rather than a text string. Can the
> JDBC realm be set
> up to work this way?
> - I found very little documentation regarding form-based
> authentication
> using JDBC realms. Can you point me to some more?
>
> ... thanks
> Mike
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
