----- Original Message ----- > From: Jerry Malcolm <2ndgenfi...@gmail.com> > To: Tomcat Users List <users@tomcat.apache.org> > Cc: > Sent: Thursday, January 26, 2012 2:58 PM > Subject: Re: connection autoReconnect? > >T hanks to all for the assistance. I'll try adding those parameters. But > I'm always a bit nervous about possibly just band-aiding a problem that I > don't really understand. > > Regarding the defensive coding approach, this error often occurs on the sql > query by the internal TC security authentication code that looks up ids and > passwords for login. I don't own that code. I would think any required > defensive code would be already present in base TC code, yet it's failing > there as well. Basically, if I could figure out how to defend against this > in my code, there's still nothing I can do, coding-wise, to defend against > it in a security auth call to sql, right?
How are you doing authentication? Using a straight JDBCRealm for authentication and authorization really creates a lot of problems. From the document at: http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html The JDBC Realm uses a single db connection. This requires that realm based authentication be synchronized, i.e. only one authentication can be done at a time. This could be a bottleneck for applications with high volumes of realm based authentications. Also if people don't authenticate for a time, then the database's idle timeout will disconnect the database and no one will be able to log in. What you need is a DataSourceRealm. This provides the capabilities of a database pool along with the Realm interface for authentication and authorization. The information on how to set this up is scattered across several documents. Fortunately, there's a Wiki page available: http://wiki.apache.org/tomcat/TomcatDataSourceRealms It's based on Tomcat 6, so you should check the particulars against Tomcat 7 before blindly copying configuration components. . . . . just my two cents. /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
