See below. On Mon, 2 Dec 2002, Nathan Pitts wrote:
> Date: Mon, 2 Dec 2002 19:08:42 -0600 > From: Nathan Pitts <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: help! authentication problem > > I have a problem that hopefully someone has seen before -- please help > if you can. I am trying to get Tomcat to do declarative > authentication/auth. using a JDBCRealm (via a Sybase database). I am > using Sybase's Jconnect5.5 driver. It seems like I have followed the > instructions to configure this, but the authentication fails and there > is an exception in my app's logfile that says the following: > > 2002-12-02 18:52:09 Authenticator[/hris]: Security checking request GET > /hris/index.html > 2002-12-02 18:52:09 Authenticator[/hris]: Checking constraint > 'SecurityConstraint[TAHCStaff]' against GET /index.html --> true > 2002-12-02 18:52:09 Authenticator[/hris]: Subject to constraint > SecurityConstraint[TAHCStaff] > 2002-12-02 18:52:09 Authenticator[/hris]: Calling checkUserData() > 2002-12-02 18:52:09 Authenticator[/hris]: User data constraint has no > restrictions > 2002-12-02 18:52:09 Authenticator[/hris]: Calling authenticate() > 2002-12-02 18:52:09 JDBCRealm[/hris]: Username jpitts successfully > authenticated > 2002-12-02 18:52:09 JDBCRealm[/hris]: Exception performing > authentication > com.sybase.jdbc2.jdbc.SybSQLException: Invalid column name 'username'. > > at com.sybase.jdbc2.tds.Tds.processEed(Tds.java:2535) > at com.sybase.jdbc2.tds.Tds.nextResult(Tds.java:1916) > at com.sybase.jdbc2.jdbc.ResultGetter.nextResult(ResultGetter.java:69) > at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:201) > at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:182) > at com.sybase.jdbc2.jdbc.SybStatement.queryLoop(SybStatement.java:1455) > at > com.sybase.jdbc2.jdbc.SybStatement.executeQuery(SybStatement.java:1440) > at > com.sybase.jdbc2.jdbc.SybPreparedStatement.executeQuery(SybPreparedState > ment.java:70) > at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:476) > at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:394) > at > org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicA > uthenticator.java:161) > > The column is called 'username' in the database, however. The > following clips of the server.xml file and web.xml file may give some > insight....??? > Is this column called "username" in *both* the "users" and "roles" tables? The particular query that broke (at line 476 of JDBCRealm) is trying to read from the roles table, while it appears from the log that authenticating the user was successful (meaning the users table is probably ok). > Server.xml > > <Context className="org.apache.catalina.core.StandardContext" > cachingAllowed="false" > charsetMapperClass="org.apache.catalina.util.CharsetMapper" > cookies="true" crossContext="false" debug="99" displayName="Welcome to > HRIS" docBase="/usr/local/tomcat/webapps/hris" > mapperClass="org.apache.catalina.core.StandardContextMapper" > path="/hris" privileged="false" reloadable="true" swallowOutput="false" > useNaming="true" > wrapperClass="org.apache.catalina.core.StandardWrapper"> > <Realm className="org.apache.catalina.realm.JDBCRealm" > connectionName="theuser" > connectionPassword="thepw" > connectionURL="jdbc:sybase:Tds:192.108.17.13:4100/users" > debug="99" driverName="com.sybase.jdbc2.jdbc.SybDriver" > userTable="users" userNameCol="username" userCredCol="password" > userRoleTable="roles" roleNameCol="arole"/> > > <Logger className="org.apache.catalina.logger.FileLogger" debug="99" > directory="logs" prefix="hris_log." > suffix=".txt" timestamp="true" verbosity="99"/> > </Context> > > > Web.xml > > <security-constraint> > <display-name>Web App Access Control -- TAHC Staff</display-name> > <web-resource-collection> > <web-resource-name>TAHCStaff</web-resource-name> > <url-pattern>/index.html</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>tahcstaff</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>JDBCRealm</realm-name> Although this element (confusingly) refers to a "realm", it's only used when you are using BASIC authentication -- this value shows up in the pop-up dialog that the browser shows for you. You can make it say whatever you want. > <form-login-config> > <form-login-page>/login.html</form-login-page> > <form-error-page>/login-error.html</form-error-page> > </form-login-config> You don't need these if you're using BASIC authentication. > </login-config> > > <security-role> > <description>Regular TAHC users</description> > <role-name>tahcstaff</role-name> > </security-role> > Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
