2016-04-17 15:26 GMT+03:00 <rich...@xentu.com>: > I posted this same query at stackoverflow a couple of days back, but with no > response, although I've simplified the issue very slightly since then. > > http://stackoverflow.com/questions/36653744/tomcat-7-wrong-realm-being-used > > I have a realm defined in server.xml: > > <Engine name="Catalina" defaultHost="localhost"> > <Host name="localhost" appBase="webapps" unpackWARs="true" > autoDeploy="true" deployIgnore="^welcome.*"> > <Realm className="org.apache.catalina.realm.LockOutRealm" > failureCount="3" lockOutTime="3600"> > <Realm className="org.apache.catalina.realm.JDBCRealm" > driverName="org.postgresql.Driver" > connectionURL = "jdbc:postgresql://localhost:5432/tomcat" > connectionName="tomcat" > connectionPassword="xxxxx" > userTable = "users" > userNameCol="user_name" userCredCol="user_pass" > userRoleTable="user_roles" > roleNameCol="role_name" > /> > </Realm> > </Host> > </Engine> > > and two web applications, both inside the webapps folder on the tomcat > server, with identical security settings in their web.xml files: > > <security-role> > <role-name>test-role</role-name> > </security-role> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Memory Realm</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>test-role</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > </login-config> > > > However, one application uses the JDBCRealm, as I'd expect, while the other > uses conf/tomcat-users.xml. > Looking at the postgresql logs, the second application never even queries > the database. > > I can't see anything different in the two configurations. Without any > declaration of a UserDatabaseRealm I don't > see how any applications would get to look at tomcat-users.xml. > > I'm wondering if anyone here could help me diagnose what's wrong.
1. Full Tomcat version = ? (Per mailinglist rules, http://tomcat.apache.org/lists.html#tomcat-users -> 1.) 2. The problem is odd. I do not remember similar reports. > no META-INF/context.xml The context file can also be in ${catalina.base}/conf/${engineName}/${hostName}/ being a file named ${appName}.xml [1] 3. You can dump effective web.xml by setting logEffectiveWebXml="true" on Context [1] 4. You can copy your misbehaving web application and try to simplify it until you can isolate your issue. 5. You can try debugging [2]. Possible place for a breakpoint: org.apache.catalina.authenticator.AuthenticatorBase#invoke() // Realm realm = this.context.getRealm(); 6. Generally, I do not like JDBCRealm as it uses a single database connection. The recommended alternative is DataSourceRealm [3] [1] http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context [2] https://wiki.apache.org/tomcat/FAQ/Developing#Debugging [3] http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org