Jonathan, This is edited for compactness. Comments mostly inline.
----- Original Message ----- > From: Jonathan Rosenberg <j...@tabbysplace.org> > To: Tomcat Users List <users@tomcat.apache.org> > Cc: > Sent: Wednesday, February 8, 2012 10:23 AM > Subject: Re: Why am I Getting org.apache.catalina.realm.JDBCRealm getPassword > SEVERE: Exception performing authentication? > > On Wed, Feb 8, 2012 at 1:08 PM, Konstantin Kolinko > <knst.koli...@gmail.com> wrote: >> 2012/2/8 Jonathan Rosenberg <j...@tabbysplace.org>: >>> Vital statistics: >>> >>> Apache Tomcat/7.0.22 1.6.0_22-b04 Sun Microsystems Inc. > Linux >>> >>> 1) Using org.apache.catalina.realm.UserDatabaseRealm for >>> authentication to Manager app. No pooling. >>> 2) Running a Grails app that is using CAS authentication on remote >>> server. Using dbcp pooling. >>> 3) App & Tomcat auth use different DBs App's DB is remote, > Tomcat is >>> using local DB server. >>> 4) App is in testing & lightly used during the day. Works fine. >>> 5) App sits idle over night. >>> >>> If I access my app first thing in the morning, I get the following >>> >>> Feb 8, 2012 9:09:58 AM org.apache.catalina.realm.JDBCRealm getPassword >> >> JDBCRealm does not use pooling. (The recommended alternative that uses >> pooling is DataSourceRealm). >> >> It does not match your configuration description above, so I am >> confused. Maybe you can inspect your configuration more closely and >> find where this realm comes from. > > Good point. I have the following Realms in server.xml: > > <Realm className="org.apache.catalina.realm.LockOutRealm"> > <Realm className="org.apache.catalina.realm.JDBCRealm" > debug="99" > driverName="com.mysql.jdbc.Driver" > connectionURL="jdbc:mysql://localhost/Tomcat?user=baba&password=booey" > userTable="users" userNameCol="username" > userCredCol="password" > userRoleTable="user_roles" roleNameCol="rolename"/> This indicates that you're using a JDBCRealm. There are lots of problems with this which are mentioned in the documentation. It's synchronous - only one connection is providing this information. This may not be a problem if your application is not heavily used. Then again, it may. It's subject to whatever timeouts your database (MySQL) enforces for idle connections. This is why the connection is closed overnight. For MySQL, autoReconnect=true is problematic, and has been commented on in both this mailing list and on the MySQL forums. In short, do not depend on autoReconnect. Also, from what I just skimmed on the Tomcat site, debug is no longer a valid attribute (maybe from Tomcat 5.0?). >>> To me this looks like a DB timeout issue to be solved by pooling. But >>> here's where I'm confused: And you are correct, this needs to be solved by pooling. You need to be using a DataSourceRealm rather than a JDBCRealm for this. The documentation is a little scattered the last time I checked, but I did write up a consolidated version on the Wiki. Check the following link: http://wiki.apache.org/tomcat/TomcatDataSourceRealms You'll need to change the validationQuery on the Resource definition from the example since it's different for different databases. >>> 1) I'm trying to authenticate via CAS. Tomcat authentication > should >>> not be an issue. Why is Tomcat trying to authenticate? You have a JDBCRealm which makes a connection to a MySQL database. Are you using this for authentication / authorization? If so, see above on how to move to a DataSourceRealm. If not, why do you have this Realm in your configuration? >>> 2) After this exception, my app gets repeated connection failures >>> complaining about closed DB connections. But I am using dbcp pooling, >>> which I;ve done many times without problems. I feel as is this is >>> related to the Tomcat auth failure. >>> 3) I have to reload the app to make things start working. Stale connections get terminated by the database. autoReconnect would solve this, but it really doesn't. Busy sites slow down because there's only one connection providing the information. . . . . just my two cents. /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
