Ok i decided to dump this hell and start fresh.
So here I am with stock configurations, it is Tomcat 6.0 + MySQL 5.0.
I login to manager app using MemoryRealm and everything is fine.
I change the global settings in server.xml to use mysql driver and
boom can't login to manager anymore.... So i guess the problem is
somewhere between tomcat and mysql.
MySQL logs indicate the the connector has connected to the database
and quering the right table + fields:
080613 19:40:29 96 Connect [EMAIL PROTECTED] on
96 Query select @@version_comment limit 1
080613 19:40:37 96 Quit
97 Connect [EMAIL PROTECTED] on hamula
080613 19:40:53 97 Query select uid, password, role from users
080613 19:41:05 94 Query SELECT password FROM users WHERE
uid = '[EMAIL PROTECTED]'
94 Query commit
080613 19:41:07 94 Query SELECT password FROM users WHERE
uid = 'test'
94 Query commit
080613 19:43:17 94 Query SELECT password FROM users WHERE
uid = 'test'
94 Query commit
080613 19:44:30 94 Query SELECT password FROM users WHERE
uid = 'test'
94 Query commit
080613 19:44:34 94 Query SELECT password FROM users WHERE
uid = 'test'
94 Query commit
080613 19:46:12 94 Query SELECT password FROM users WHERE
uid = 'test'
94 Query commit
So, clearly seen the connector established a session under root and
the history of all it's queries is from there on.
My server.xml is stock except for the Real part, so here is what I have:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/hamula?user=root&password=skywalker"
digest="MD5"
userTable="users"
userNameCol="uid"
userCredCol="password"
userRoleTable="users"
roleNameCol="role"/>
Which is located inside of the <Engine> tag.
My databe looks as follows:
mysql> select uid, password, role from users;
+------------------------+-----------------------------------------------------+---------------+
| uid | password
| role |
+------------------------+-----------------------------------------------------+---------------+
| [EMAIL PROTECTED] | test
| admin |
| test | 033bd94b1168d7e4f0d644c3c95e35bf | manager |
+------------------------+------------------------------------------------------+---------------+
2 rows in set (0.00 sec)
What's wrong here??
How can I get more details on why and what part of the authentication
is failing??
Thanks
-Assaf
On Fri, Jun 13, 2008 at 4:26 PM, exkor <[EMAIL PROTECTED]> wrote:
> Hi Thanks for the feedback Chuck.
> I've done the changes you've suggested and I still experience the same
> problem.
> The after I login I am brought back to the login page. Basiclly this
> indicated that the login failed, since my error and login pages are
> the same -> index.jsp. I get the following in the access log:
> 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] "GET /hamula/ HTTP/1.1" 200
> 2250 "http://127.0.0.1:8080/manager/html/start?path=/hamula";
> "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14)
> Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css"; "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] "POST
> /hamula/j_security_check HTTP/1.1" 200 2250
> "http://127.0.0.1:8080/hamula/"; "Mozilla/5.0 (Windows; U; Windows NT
> 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css"; "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] "POST
> /hamula/j_security_check HTTP/1.1" 200 2250
> "http://127.0.0.1:8080/hamula/j_security_check"; "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404
> Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css"; "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] "GET /hamula/home.jsp
> HTTP/1.1" 200 2250 "null" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
> en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css"; "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] "POST
> /hamula/j_security_check HTTP/1.1" 200 2250
> "http://127.0.0.1:8080/hamula/home.jsp"; "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css"; "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
>
> The kubrik.jpg was actually removed so I can understand tomcat
> compaining with error 404 about it.
>
> this is what I currently have:
>
> myapps/WEB-INF/web.xml:
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";>
> <web-app>
> <display-name>Hamula</display-name>
> <distributable/>
>
> <welcome-file-list>
> <welcome-file>
> home.jsp
> </welcome-file>
> </welcome-file-list>
>
>
> <resource-ref>
> <description>DB Connection</description>
> <res-ref-name>jdbc/hamula</res-ref-name>
> <res-type>javax.sql.DataSource</res-type>
> <res-auth>Container</res-auth>
> </resource-ref>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Hamula</web-resource-name>
> <description>Pages accessible by registered users</description>
>
> <!-- PAGES ACCESIBLE ONLY BY REGISTERED USERS SHOULD BE
> ADDED HERE -->
> <url-pattern>/home.jsp</url-pattern>
> <url-pattern>/events.jsp</url-pattern>
> <url-pattern>/profile.jsp</url-pattern>
> <url-pattern>/community.jsp</url-pattern>
> <!--
> THIS IS AN EXAMPLE OF A PATTERN TO MATCH MANY PAGES
> <url-pattern>/protected/*.jsp</url-pattern>
> -->
> <!--
> ============================================================= -->
>
>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> <role-name>manager</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/index.jsp</form-login-page>
> <form-error-page>/index.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <description>
> The role that is required to access registered user functions and
> pages
> </description>
> <role-name>admin</role-name>
> <role-name>manager</role-name>
> </security-role>
> </web-app>
>
> myapp/META-INF/context.xml:
> <?xml version="1.0" encoding="UTF-8"?>
> <Context reloadable="true" crossContext="true" debug="99">
>
> <Realm className="org.apache.catalina.realm.MemoryRealm"/>
>
> </Context>
>
> $CATALINA_HOME/conf/server.xml:
> <?xml version='1.0' encoding='utf-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
>
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- JMX Support for the Tomcat server. Documentation at
> /docs/non-existent.html -->
> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one
> or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
> <!--
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
> -->
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- The request dumper valve dumps useful debugging information about
> the request and response data received and sent by Tomcat.
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
> -->
>
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm.
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
>
>
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.gjt.mm.mysql.Driver"
>
> connectionURL="jdbc:mysql://localhost/hamula?user=root&password=skywalker"
> digest="MD5"
> userTable="users"
> userNameCol="uid"
> userCredCol="password"
> userRoleTable="users"
> roleNameCol="role"/> -->
>
> <Realm className="org.apache.catalina.realm.MemoryRealm"
> resourceName="UserDatabase" />
>
>
>
> <!-- Define the default virtual host
> Note: XML Schema validation will not work with Xerces 2.2.
> -->
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html -->
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log." suffix=".txt"
> pattern="combined" resolveHosts="false"/>
>
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
> On Fri, Jun 13, 2008 at 1:32 AM, Caldarale, Charles R
> <[EMAIL PROTECTED]> wrote:
>>> From: exkor [mailto:[EMAIL PROTECTED]
>>> Subject: URL is "null" and HTTP 404 error when using FROM
>>> authentication
>>
>> You have some weirdness in your web.xml and context.xml that should be
>> straightened out before attempting any further analysis.
>>
>>> <servlet>
>>> <servlet-name></servlet-name>
>>> <display-name></display-name>
>>> <servlet-class></servlet-class>
>>> <load-on-startup>0</load-on-startup>
>>> </servlet>
>>
>> I have no idea what should be done with an empty <servlet> declaration, and
>> it's possible Tomcat doesn't either; get rid of it.
>>
>>> <auth-constraint>
>>> <role-name>admin</role-name>
>>> <role-name>manager</role-name>
>>> </auth-constraint>
>> ...
>>> <security-role>
>>> <role-name>admin</role-name>
>>> </security-role>
>>
>> Either you have an extra role listed in <auth-constraint>, or you're missing
>> one under <security-role>; get them in synch.
>>
>>> My context.xml:
>>
>> Where is your context.xml file? It should be in your webapp's META-INF
>> directory. If you've changed the global one in Tomcat's conf directory, put
>> it back the way it was and put your <Context> element in the proper location.
>>
>>> <Context path="/hamula" reloadable="true" crossContext="true"
>>> debug="99">
>>
>> The path attribute is not allowed in a <Context> element in context.xml;
>> remove it.
>>
>>> <Logger className="org.apache.catalina.logger.FileLogger"
>>> prefix="localhost_hamula_log." suffix=".txt"
>>> timestamp="true"/>
>>
>> There is no <Logger> element in Tomcat 6; remove it.
>>
>>> <Resource name="jdbc/hamula"
>>> auth="Container"
>>> type="javax.sql.DataSource"
>>> driverClassName="com.mysql.jdbc.Driver"
>>> url="jdbc:mysql://localhost:3306/hamula?autoReconnect=true"/>
>>> username="root"
>>> password="skywalker"
>>> digest="MD5"
>>> logAbandoned="true"
>>> removeAbandoned="true"
>>> removeAbandonedTimeout="10"
>>> maxActive="20"
>>> maxIdle="10"
>>> maxWait="-1"/>
>>
>> The above is obviously broken, since you have terminated the <Resource>
>> element twice. Regardless, it seems odd for the <Realm> and the application
>> <Resource> to be using the exact same data base; is that what you really
>> want?
>>
>>> <Realm className="org.apache.catalina.realm.JDBCRealm"
>>
>> Change the <Realm> back to the MemoryRealm for testing with FORM login; once
>> you get that working, then move on to the JDBCRealm. One step at a time.
>>
>> You say you have httpd 2.0 in the mix; don't use it for testing, go straight
>> to Tomcat's http port. Only after that works should you introduce any
>> further complications.
>>
>> All of the above may not to fix your problem, but it will remove some
>> confusion from your situation.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you received
>> this in error, please contact the sender and delete the e-mail and its
>> attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
