Re: RE : Security Newbie - Need Help
Not to prolong, I would think if this was the case of misplaced element, the DTD for the web.xml would make the Digester throw an exception because it does not conform. --- Luke [EMAIL PROTECTED] wrote: Hello; I finally got this. It turned out I had my: login-config auth-methodBASIC/auth-method /login-config Inside my security-constraint instead of being in the web-app. Once I moved this to the correct place in the document. Everything worked fine. Thanks to all that posted advice. Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 - Original Message - From: Luke [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 9:05 PM Subject: Re: RE : Security Newbie - Need Help Hi; I can't get the memory realm to work either. I am still getting the error below without a login prompt: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.27 This has to be something with my application, WEB-INF, server.xml. How should I proceed to trouble shoot? Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 12:21 AM Subject: RE : RE : Security Newbie - Need Help Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ? As you can see in the servlet specification the security-role element isn't optional. !ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*) -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoy�: vendredi 11 f�rier 2005 08:18 �: Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid
Re: RE : Security Newbie - Need Help
You are right. A lot of changes were made to my configuration based on advice I recieved on the forum. There could be several things that fixed my problem. The main thing is I know how to set it up now :-) Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 - Original Message - From: sven morales [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, February 12, 2005 10:28 AM Subject: Re: RE : Security Newbie - Need Help Not to prolong, I would think if this was the case of misplaced element, the DTD for the web.xml would make the Digester throw an exception because it does not conform. --- Luke [EMAIL PROTECTED] wrote: Hello; I finally got this. It turned out I had my: login-config auth-methodBASIC/auth-method /login-config Inside my security-constraint instead of being in the web-app. Once I moved this to the correct place in the document. Everything worked fine. Thanks to all that posted advice. Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 - Original Message - From: Luke [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 9:05 PM Subject: Re: RE : Security Newbie - Need Help Hi; I can't get the memory realm to work either. I am still getting the error below without a login prompt: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.27 This has to be something with my application, WEB-INF, server.xml. How should I proceed to trouble shoot? Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 12:21 AM Subject: RE : RE : Security Newbie - Need Help Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ? As you can see in the servlet specification the security-role element isn't optional. !ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*) -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoy�: vendredi 11 f�rier 2005 08:18 �: Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security
RE : RE : Security Newbie - Need Help
Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ? As you can see in the servlet specification the security-role element isn't optional. !ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*) -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : vendredi 11 février 2005 08:18 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate
Re: RE : Security Newbie - Need Help
This is a good point. I do have a firewall on the server blocking all external ports on the DB server. Tomcat is connect through localhost so I thought this would be ok. Maybe its not. I will try disabling the firewall and the memory realm and see what happens. Thanks, Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 12:21 AM Subject: RE : RE : Security Newbie - Need Help Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ? As you can see in the servlet specification the security-role element isn't optional. !ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*) -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : vendredi 11 février 2005 08:18 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password
Re: RE : Security Newbie - Need Help
IMS is the system name... we chose that as the role name. You will need to use your role name and role link in its place. When a role is defined on a servlet it is secure. When it is not it is not secure (usually). In the realm setting, make sure you have replaced the text username and passwordid for you username and password into your database and that the address or URI reference to the databse is correct with the appropriate database name. The text I sent was a working example from my system... The only piece that you shuld really pay attendion to is the Realm reference. You need to make sure it is setup for your system with the proper names. You may need to play with it a bit. We are running Tomcat 5.0.28 [EMAIL PROTECTED] 02-11-2005 00:18 Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first
Re: RE : Security Newbie - Need Help
Hi; I can't get the memory realm to work either. I am still getting the error below without a login prompt: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.27 This has to be something with my application, WEB-INF, server.xml. How should I proceed to trouble shoot? Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 12:21 AM Subject: RE : RE : Security Newbie - Need Help Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ? As you can see in the servlet specification the security-role element isn't optional. !ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*) -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : vendredi 11 février 2005 08:18 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name
Re: RE : Security Newbie - Need Help
Hello; I finally got this. It turned out I had my: login-config auth-methodBASIC/auth-method /login-config Inside my security-constraint instead of being in the web-app. Once I moved this to the correct place in the document. Everything worked fine. Thanks to all that posted advice. Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 - Original Message - From: Luke [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 9:05 PM Subject: Re: RE : Security Newbie - Need Help Hi; I can't get the memory realm to work either. I am still getting the error below without a login prompt: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.27 This has to be something with my application, WEB-INF, server.xml. How should I proceed to trouble shoot? Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Friday, February 11, 2005 12:21 AM Subject: RE : RE : Security Newbie - Need Help Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ? As you can see in the servlet specification the security-role element isn't optional. !ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*) -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : vendredi 11 février 2005 08:18 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles
RE : Security Newbie - Need Help
Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security Newbie - Need Help
Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Security Newbie - Need Help
It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : Security Newbie - Need Help
Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL
RE : RE : Security Newbie - Need Help
-Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE : RE : RE : Security Newbie - Need Help
Sorry, i understand what you mean. Your role table seems ok. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 17:40 À : 'Tomcat Users List' Objet : RE : RE : Security Newbie - Need Help -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED
Re: RE : Security Newbie - Need Help
you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration
Re: RE : RE : RE : Security Newbie - Need Help
No I think you are right. I have user_roles in the server.xml realm and the table in tomcatusers is called roles. Is there a correct naming (user_roles vs roles)? Concerning the security-role is this required when using a JDBCRealm? Thanks, Luke Sorry, i understand what you mean. Your role table seems ok. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 17:40 À : 'Tomcat Users List' Objet : RE : RE : Security Newbie - Need Help -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15
Re: RE : Security Newbie - Need Help
Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml