On Aug 30, 2013, at 12:13 PM, Francesco Viscomi <fvisc...@gmail.com> wrote:
> Hi, > > I've a tomcat-users.xml file in which user Francesco should can access to > http://localhost:8080/manager: > > I also have a server.xml that in the tag <GlobalNamingResources> has > declared 2 resource, one is for accessing to http://localhost:8080/manager > and the other is for accessing via JDBC to a protected area in my > application. > > Also I nested in the <host> tag the realm. > > I've attached both tomcat_user.xml and server.xml at the and of this mail. > When I try to start tomcat, with startup.bat I get the following error: > > ---------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ------- > > GRAVE: Failed to load keystore type JKS with path C:\Documents and > Settings\francesco/.keystore due to C:\Documents and > Settings\francesco\.keystore (Impossibile trovare il file specificato) > > java.io.FileNotFoundException: C:\Documents and Settings\francesco\.keystore > (Impossibile trovare il file specificato) > > at java.io.FileInputStream.open(Native Method) This is saying that the default keystore could not be loaded. It's trying to load the default keystore because you've not specified on in your HTTPS connector. You'll either want to create a default keystore or set "keystoreFile" on the <Connector /> tag. https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support > > but the server starts the same. > > When I try to access http://localhost:8080/manager with user: francesco and > passwd: francesco > > I cannot access to the manager, I'm asking where I made a mistake. See below. > > Thanks really much > > Francesco > > Italy > > Tomcat_user.xml > > <?xml version='1.0' encoding='utf-8'?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one or more > contributor license agreements. See the NOTICE file distributed with > this work for additional information regarding copyright ownership. > The ASF licenses this file to You under the Apache License, Version 2.0 > (the "License"); you may not use this file except in compliance with > the License. You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, software > distributed under the License is distributed on an "AS IS" BASIS, > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > See the License for the specific language governing permissions and > limitations under the License. > --> > <tomcat-users> > <!-- > NOTE: By default, no user is included in the "manager-gui" role required > to operate the "/manager/html" web application. If you wish to use this > app, > you must define such a user - the username and password are arbitrary. > --> > <!-- > NOTE: The sample user and role entries below are wrapped in a comment > and thus are ignored when reading this file. Do not forget to remove > <!.. ..> that surrounds them. > --> > > <role rolename="tomcat"/> > <role rolename="role1"/> > <role rolename="AdminRole"/> > <role rolename="UserRole"/> > <user username="admin" password="adminpw1" role="AdminRole"/> > <user username="user" password="userpw01" role="UserRole"/> > <user username="tomcat" password="tomcat" roles="tomcat"/> > <user username="both" password="tomcat" roles="tomcat,role1"/> > <user username="role1" password="tomcat" roles="role1"/> > <user password="francesco" roles="manager-script,manager-gui,admin" > username="francesco"/> > </tomcat-users> > > Server.xml: > > <?xml version='1.0' encoding='utf-8'?> > <Server port="8005" shutdown="SHUTDOWN"> > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > <Listener className="org.apache.catalina.core.JasperListener" /> > <Listener > className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> > <Listener > className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> > <GlobalNamingResources> > <Resource name="jdbc/PoolConnessioni" auth="Container" > type="javax.sql.DataSource" > maxActive="100" maxIdle="30" maxWait="10000" > username="utentedb" password="utentedb" > driverClassName="com.mysql.jdbc.Driver" > > url="jdbc:mysql://localhost:3306/timesheet?zeroDateTimeBehavior=convertToNul > l"/> > > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > </GlobalNamingResources> > <Service name="Catalina"> > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> This is the connector causing the Keystore Error above. > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > <Engine name="Catalina" defaultHost="localhost"> This Realm is defined at the Engine level. It will be inherited by all Host and Contexts. > <Realm className="org.apache.catalina.realm.LockOutRealm"> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> > </Realm> > <Host name="localhost" appBase="webapps" > unpackWARs="true" autoDeploy="true"> This Realm is defined at the Host level. This will be inherited by all Contexts in this Host. It is overriding the Realm defined at the Engine level. > <Realm className="org.apache.catalina.realm.DataSourceRealm" > dataSourceName="jdbc/PoolConnessioni" > userTable="users" userNameCol="user_name" userCredCol="user_pass" > userRoleTable="user_roles" roleNameCol="role_name"/> This may not be working as you expect. You can only have one Realm active, so this realm, defined at the Host level, is actually overriding the realm you specified at the Engine level. Meaning that you'd need to have user "francesco:francesco" defined in your database, not in tomcat-users.xml. As a test, try removing this <Realm/> tag. The Realm tag specified at the Engine level should be inherited and you should be able to login with "francesco:francesco". Dan > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="localhost_access_log." suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" /> > </Host> > </Engine> > </Service> > </Server> > > > > ============================================================================ > ============================================================================ > = > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
