On 2016-04-17 14:29, Konstantin Kolinko wrote:
2016-04-17 15:26 GMT+03:00 <[email protected]>:
I posted this same query at stackoverflow a couple of days back, but
with no
response, although I've simplified the issue very slightly since then.
http://stackoverflow.com/questions/36653744/tomcat-7-wrong-realm-being-used
I have a realm defined in server.xml:
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true" deployIgnore="^welcome.*">
<Realm className="org.apache.catalina.realm.LockOutRealm"
failureCount="3" lockOutTime="3600">
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.postgresql.Driver"
connectionURL = "jdbc:postgresql://localhost:5432/tomcat"
connectionName="tomcat"
connectionPassword="xxxxx"
userTable = "users"
userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name"
/>
</Realm>
</Host>
</Engine>
and two web applications, both inside the webapps folder on the tomcat
server, with identical security settings in their web.xml files:
<security-role>
<role-name>test-role</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Memory Realm</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>test-role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
However, one application uses the JDBCRealm, as I'd expect, while the
other
uses conf/tomcat-users.xml.
Looking at the postgresql logs, the second application never even
queries
the database.
I can't see anything different in the two configurations. Without any
declaration of a UserDatabaseRealm I don't
see how any applications would get to look at tomcat-users.xml.
I'm wondering if anyone here could help me diagnose what's wrong.
1. Full Tomcat version = ?
(Per mailinglist rules,
http://tomcat.apache.org/lists.html#tomcat-users
-> 1.)
2. The problem is odd. I do not remember similar reports.
no META-INF/context.xml
The context file can also be in
${catalina.base}/conf/${engineName}/${hostName}/
being a file named ${appName}.xml [1]
3. You can dump effective web.xml by setting logEffectiveWebXml="true"
on Context [1]
4. You can copy your misbehaving web application and try to simplify
it until you can isolate your issue.
5. You can try debugging [2].
Possible place for a breakpoint:
org.apache.catalina.authenticator.AuthenticatorBase#invoke()
// Realm realm = this.context.getRealm();
6. Generally, I do not like JDBCRealm as it uses a single database
connection. The recommended alternative is DataSourceRealm [3]
[1]
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Defining_a_context
[2] https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
[3] http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html
Best regards,
Konstantin Kolinko
Thanks for your various pointers Konstantin,
1. Full Tomcat version
Apologies! Apache Tomcat/7.0.55 on Windows Server 2012 R2.
I'd been following your suggestion 4, simplifying to try & isolate the
cause.
Anyway, the problem has now vanished. As far as I know, the only thing I
did differently was to edit the project locally in eclipse & re-upload
the war. Previously, I'd been editing in situ on the Tomcat server &
then restarting the service.
I'm assuming that all Tomcat's configuration is reloaded from scratch on
a service restart, so I don't know why I saw the previous behaviour.
Regards
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]