-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert,
On 3/8/2010 1:31 PM, Robert Jacobson wrote:
> I managed to figure out a way to do it using a jdbc resource and
> sql:query and sql:update tags in a couple JSP files.
Yuck :(
> Well, the code works wonderfully when I don't have any security
> constraints on the application. However, when I try adding security
> constraints (using the same security constraints as the ROOT app), it
> stops working! To be more specific, Tomcat requires me to login to
> access the app, but the sql stuff no longer works. I reduced the problem
> code down to a simple SQL query which works w/o security constraints,
> but fails when I implement constraints.
[snip]
> However, when I add security constraints, it instead prints only (literally):
>
> ${row.user_name} ${row.user_pass}
> And that's it!
>
> I imagine I'm doing something wrong (well, I'm sure there's multiple
> things...) -- can someone please clue me in? I obviously do not want
> people accessing the /changepass application w/o logging in first. (BTW,
> I can post the changepass code if someone cares, but it doesn't seem
> relevant here...)
>
> I'm not sure if it's relevant, but I'm using a different JDBC
> Resource for server authentication and for changepass. Obviously they
> are both accessing the same database, but I wanted to make sure that
> the login process used a read-only account, and /changepass using a
> different account with UPDATE privs. The authentication resource is
> in the GlobalNamingResources, while the /changepass resource is
> defined in the webapp's context.xml.
Did you mean "jdbc/changepass"?
> <sql:setDataSource dataSource="jdbc/chngpass" />
Typo ("jdbc/chngpass")?
Does the DataSource get set correctly? Any way to check that?
> <sql:query var="qryAsmts" >
> SELECT * FROM users
> </sql:query>
>
> <c:forEach var="row" items="${qryAsmts.rows}">
> <tr>
> <td>${row.user_name}</td>
> <td>${row.user_pass}</td>
> </tr>
> </c:forEach>
That all looks good to me. Check the documentation for <sql:query>: what
does it say if no results are returned and you call qryAsmts.getRows()?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuWiAcACgkQ9CaO5/Lv0PCYogCfbPzyzmCRKHdDEtlbjiPvHjZR
13IAoK8Z6CsTBrs+Ua7f/QPwkRDZNHsJ
=AoyZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
