This is a good point. I do have a firewall on the server blocking all external ports on the DB server. Tomcat is connect through localhost so I thought this would be ok. Maybe its not.
I will try disabling the firewall and the memory realm and see what happens. Thanks, Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 ----- Original Message ----- From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org> Sent: Friday, February 11, 2005 12:21 AM Subject: RE : RE : Security Newbie - Need Help > Could you try MemoryRealm to evict filter mechanisms (like firewall or > router configuration) between your tomcat serve rand your database ? > > As you can see in the servlet specification the security-role element isn't > optional. > <!ELEMENT web-app (icon?, display-name?, description?, > distributable?, context-param*, filter*, filter-mapping*, > listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, > welcome-file-list?, error-page*, taglib*, resourceenv- > ref*, resource-ref*, security-constraint*, login-config?, > security-role*, env-entry*, ejb-ref*, ejb-local-ref*)> > > -----Message d'origine----- > De : Luke [mailto:[EMAIL PROTECTED] > Envoyé : vendredi 11 février 2005 08:18 > À : Tomcat Users List > Objet : Re: RE : Security Newbie - Need Help > > Hi Dennis; > > Where is IMS defined? Otherwise I have specified everything as you > recommended. Yet I still get this error once I hit the page (no login > prompt): > > > HTTP Status 403 - Configuration error: Cannot perform access control without > an authenticated principal > type Status report > message Configuration error: Cannot perform access control without an > authenticated principal > description Access to the specified resource (Configuration error: Cannot > perform access control without an authenticated principal) has been > forbidden. > Apache Tomcat/5.0.28 > > Thanks, > > Luke > > > ----- Original Message ----- > From: "Dennis Payne" <[EMAIL PROTECTED]> > To: <tomcat-user@jakarta.apache.org> > Sent: Thursday, February 10, 2005 11:23 AM > Subject: Re: RE : Security Newbie - Need Help > > > > you will not need a roles table for tomcat... it is only useful to your > own applications that will edit the data. The system only utilizes the the > user-role table and the user-password table (at least for basic > authentication). > > > > Each servlet in the system that is secure is setup this way and has an > associated mapping: > > > > <servlet> > > <servlet-name>EnterAssignment</servlet-name> > > <display-name>EnterAssignment</display-name> > > <description>Enter Assignment</description> > > <servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class> > > <security-role-ref> > > <role-name>IMS</role-name> > > <role-link>IMS</role-link> > > </security-role-ref> > > </servlet> > > ... > > <servlet-mapping> > > <servlet-name>EnterAssignment</servlet-name> > > <url-pattern>/servlet/EnterAssignment</url-pattern> > > </servlet-mapping> > > > > The server.xml contains a reference to the security tables by using the > <Realm> tag placed as shown (there are other ways to do it) and all db > driver jars have been place in the classpath: > > > > <Engine defaultHost="localhost" name="Catalina"> > > <Host appBase="webapps" name="localhost"> > > <Logger className="org.apache.catalina.logger.FileLogger" > prefix="localhost_log." suffix=".txt" timestamp="true" /> > > <Realm className="org.apache.catalina.realm.JDBCRealm" > connectionName="username" connectionPassword="password" > connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname" > driverName="com.mysql.jdbc.Driver" userRoleTable="userrole" > userTable="userpassword" roleNameCol="userrole" userNameCol="userid" > userCredCol="passwordid" /> > > </Host> > > <Logger className="org.apache.catalina.logger.FileLogger" > prefix="catalina_log." suffix=".txt" timestamp="true" /> > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" /> > > </Engine> > > > > Hope this helps.... Enjoy! > > > > >>> [EMAIL PROTECTED] 02-10-2005 08:56 >>> > > Where would the <security-role> be declared? WEB-INF/web.xml? > > > > The tables I have are roles, user_roles and users. When you say wrong role > > table which of the tables I have should be renamed? > > > > Thanks for you help, > > > > Luke > > > > > It seems that you have a wrong role table (roles or user_roles). > > > Have you declare <security-role> element ? > > > > > > -----Message d'origine----- > > > De : Luke [mailto:[EMAIL PROTECTED] > > > Envoyé : jeudi 10 février 2005 16:02 > > > À : Tomcat Users List > > > Objet : Re: Security Newbie - Need Help > > > > > > Hi; > > > > > > Here is the roles table: > > > > > > mysql> select * from roles; > > > +-----------+ > > > | role_name | > > > +-----------+ > > > | admin | > > > +-----------+ > > > 1 row in set (0.02 sec) > > > > > > I noticed I did have a mistake in the realm declaration in my > server.xml. > > > I > > > had the wrong user table name. That is fixed this but still have the > > > problem: > > > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > > driverName="org.gjt.mm.mysql.Driver" > > > > > > > connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas > > > sword" > > > userTable="users" userNameCol="user_name" > > > userCredCol="user_pass" userRoleTable="user_roles" > > > roleNameCol="role_name" /> > > > > > > I also changed my security declaration to have a realm-name in the login > > > config: > > > > > > <!-- security --> > > > <security-constraint> > > > <web-resource-collection> > > > <web-resource-name>fw</web-resource-name> > > > <url-pattern>*.do</url-pattern> > > > <http-method>POST</http-method> > > > <http-method>GET</http-method> > > > </web-resource-collection> > > > <auth-constraint> > > > <role-name>admin</role-name> > > > </auth-constraint> > > > <login-config> > > > <auth-method>BASIC</auth-method> > > > <realm-name>fw</realm-name> > > > </login-config> > > > </security-constraint> > > > > > > The error is (which appears without a login window first allowing me to > > > authenticate): > > > > > > > > > HTTP Status 403 - Configuration error: Cannot perform access control > > > without > > > an authenticated principal > > > type Status report > > > message Configuration error: Cannot perform access control without an > > > authenticated principal > > > description Access to the specified resource (Configuration error: > Cannot > > > perform access control without an authenticated principal) has been > > > forbidden. > > > Apache Tomcat/5.0.28 > > > > > > > > > Thanks, > > > > > > Luke > > > > > > ----- Original Message ----- > > > From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> > > > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org> > > > Sent: Thursday, February 10, 2005 12:27 AM > > > Subject: RE : Security Newbie - Need Help > > > > > > > > >> Hi, > > >> Could you verify that you have declared your admin role in the web.xml > > >> file. > > >> <security-role> > > >> <role-name>admin</role-name> > > >> </security-role> > > >> > > >> -----Message d'origine----- > > >> De : Luke [mailto:[EMAIL PROTECTED] > > >> Envoyé : jeudi 10 février 2005 07:33 > > >> À : Tomcat Users List > > >> Objet : Security Newbie - Need Help > > >> > > >> > > >> Hi; > > >> > > >> I am trying to install a security realm for my application. I am > > >> expecting > > > a > > >> browser login window. But instead I get: > > >> > > >> HTTP Status 403 - Configuration error: Cannot perform access control > > >> without an authenticated principal > > >> type Status report > > >> message Configuration error: Cannot perform access control without an > > >> authenticated principal > > >> description Access to the specified resource (Configuration error: > > >> Cannot > > >> perform access control without an authenticated principal) has been > > >> forbidden. > > >> Apache Tomcat/5.0.28 > > >> > > >> Why I am not getting the login window? > > >> > > >> Here is the web.xml in project root/WEB-INF > > >> > > >> <security-constraint> > > >> <web-resource-collection> > > >> <web-resource-name>fw</web-resource-name> > > >> <url-pattern>*.do</url-pattern> > > >> <http-method>POST</http-method> > > >> </web-resource-collection> > > >> <auth-constraint> > > >> <role-name>admin</role-name> > > >> </auth-constraint> > > >> <login-config> > > >> <auth-method>BASIC</auth-method> > > >> </login-config> > > >> </security-constraint> > > >> > > >> > > >> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > >> driverName="org.gjt.mm.mysql.Driver" > > >> > > >> > > > > connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor > > >> d=password" > > >> userTable="applicationusers" userNameCol="user_name" > > >> userCredCol="user_pass" userRoleTable="user_roles" > > >> roleNameCol="role_name" /> > > >> > > >> The table structure was created using the following sql: > > >> > > >> create table users ( > > >> user_name varchar(15) not null primary key, > > >> user_pass varchar(15) not null > > >> > > >> ); > > >> > > >> create table user_roles ( > > >> user_name varchar(15) not null, > > >> role_name varchar(15) not null, > > >> primary key (user_name, role_name) > > >> ); > > >> > > >> How can I trouble shoot this? The log doesn't show anything. Any tips > > > would > > >> be great. > > >> > > >> Thanks, > > >> > > >> Luke > > >> > > >> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]