(see below for message context)
Ok, I've decided on using Http Basic authentication for my web service,
and successfully configured tomcat to authenticate against the
tomcat-users.xml file to the point where I can access a valid principal.
But now I've got another problem.. :-)
I tried accessing the userDatabase which represents the memoryrealm, and
got the below exception. I don't understand this as according to the API
doc MemoryUserDatabase is an implementation of UserDatabase, and this is
confirmed by looking at the source code for MemoryUserDatabase, which
*does* implement that interface!
I'm stumped, does anyone know why this might be happening? Or am I doing
something the wrong way...
//code to get tomcat UserDatabase, copied from
ManagerServlet.roles(PrintWriter) from tomcat manager application.
Context ic = new InitialContext();
UserDatabase userdb = (UserDatabase )ic.lookup("java:comp/env/users");
// <- this line causes ClassCastException
SEVERE: Fault occurred!
java.lang.ClassCastException:
org.apache.catalina.users.MemoryUserDatabase cannot be cast to
org.apache.catalina.UserDatabase
at
myapp.service.webservice.ImageServiceImpl.EnumerateLOV(ImageServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
// stack trace elided...
at
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
// stack trace elided...
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286)
at java.lang.Thread.run(Thread.java:619)
//my context.xml
<Context path="/myapp">
<!-- get access to the tomcat-users.xml database -->
<ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
</Context>
Matthew Kerle wrote:
Hi all
I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java
1.6.0_01, and we need to authenticate access by client applications
coming in over SOAP. We're looking at using the tomcat-users.xml file
to store user/pwd/role data until the customers Single Sign-On service
is ready (which will be when pigs fly, if it keeps going as it has).
The application will be deployed internally so we don't need any SSL
or digest authentication, we're looking at simple HTTP BASIC or SOAP
headers for the client to pass through their auth details. The
complication is that we want to allow default access as well as
authenticated access, and authenticate against the tomcat-users file.
eg - un-authenticated clients can still access the web service url,
but get a public role, and authenticated clients get a privileged role.
I'm thinking we might be able to do part of that with the following
tomcat-users.xml config by having an empty user declaration:
<tomcat-users>c
<role rolename="privileged"/>
<user name="" password="" roles="PUBLIC" />
<user name="priv_user1" password="tomcat" roles="privileged" />
</tomcat-users>
The question is how to authenticate against the tomcat-user database?
I've read the tomcat docs on memory realm:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm,
and I want to expose the org.apache.catalina.UserDatabase class to the
web service context via a <ResourceLink...>. I'd like to be able to
authenticate users without having to add a <security-constraint> to my
web.xml, so that unauthenticated clients can still connect.
Am I on the right track? Or is there a much easier way than what I'm
trying to do...
thanks!
--
Matthew Kerle
IT Consultant
Canberra, Australia
Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
