Basic HTTP Authorization and JDBCRealm

2001-04-12 Thread Ricardo Gladwell 

Dear All,

I'm using JDBCRealm on Tomcat through IIS 5.0 on Windows 2000 to
authenticate users for my companies Intranet. I managed to configure my
server to authenticate user via HTTP basic authorization. However, when I
attempt to log into my web application I receive the following errors in my
jvm.stderr.log file:

2001-04-12 12:54:33 - ContextManager: JDBCRealm: JDBCRealm.authenticate:
SELECT Password FROM People WHERE UserName = ?
2001-04-12 12:54:34 - ContextManager: JDBCRealm: Authentication unsuccessful
for user null

With a bit a research it would appear that the JDBCRealm interceptor is not
reading the HTTP Authorization header properly. The authenticate( String,
Hashtable ) method is being passed a null value for the username, or the
authenticate( Request, Response ) is not receiving the headers. Perhaps IIS
or the ISAPI redirector are stripping this header when it passes the request
onto Tomcat?

If anyone could tell me what I'm doing wrong or where the problem is likely
to lie, I would be most grateful as this conundrum is eating up days of my
time. Here is the configuration for my server.xml file (the SimpleRealm
interceptor is commented out):

RequestInterceptor
className="org.apache.tomcat.request.JDBCRealm"
debug="99"

driverName="sun.jdbc.odbc.JdbcOdbcDriver"

connectionURL="jdbc:odbc:Intranet"
connectionName="user"
connectionPassword="pass"

userTable="People"
userNameCol="UserName"
userCredCol="Password"

userRoleTable="Roles"
roleNameCol="RoleName"
/

Here is the configuration from the web.xml for my web application:

security-constraint

web-resource-collection
web-resource-nameIntranet/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection

auth-constraint
role-nameIntranetUser/role-name
/auth-constraint

/security-constraint

login-config
auth-methodBASIC/auth-method
realm-nameUBQT Media Intranet/realm-name
/login-config

TIA...

--
Ricardo Gladwell
UBQT Media PLC, Windsor
Mobile: (07779) 841 444

RE: Basic HTTP Authorization and JDBCRealm

2001-04-12 Thread Ignacio J. Ortega 

This is a problem of the AJP12 connector, well really not a problem,
it's suppoused that when Tomcat is used behind any Web server ( IIS in
your case ) the BASIC auth headers are honored by the HTTP Server itself
not Tomcat, Tomcat ( in cooperation with ISAPI filter ) tries retrieve
this info from HTTP Server and in the IIS case this is a big problem, as
the BASIC config on IIS is connected to the NT auth in the OS so
everybody that tries to use IIS Basic auth have this problem...a Sad
problem..

3.3 can help you :) , this problem is resolved by adding a new (
undocumented until today :) attribute to AJP12connector ,
"tomcatAuthentication" when this attribute is true , Tomcat tries to do
BASIC auth by itself without reliying on HTTPServer capacities thus
making you happier ...

Hope this helps..

Saludos ,
Ignacio J. Ortega


 -Mensaje original-
 De: Ricardo Gladwell [mailto:[EMAIL PROTECTED]]
 Enviado el: jueves 12 de abril de 2001 14:09
 Para: Tomcat Users
 Asunto: Basic HTTP Authorization and JDBCRealm
 
 
 Dear All,
 
 I'm using JDBCRealm on Tomcat through IIS 5.0 on Windows 2000 to
 authenticate users for my companies Intranet. I managed to 
 configure my
 server to authenticate user via HTTP basic authorization. 
 However, when I
 attempt to log into my web application I receive the 
 following errors in my
 jvm.stderr.log file:
 
 2001-04-12 12:54:33 - ContextManager: JDBCRealm: 
 JDBCRealm.authenticate:
 SELECT Password FROM People WHERE UserName = ?
 2001-04-12 12:54:34 - ContextManager: JDBCRealm: 
 Authentication unsuccessful
 for user null
 
 With a bit a research it would appear that the JDBCRealm 
 interceptor is not
 reading the HTTP Authorization header properly. The 
 authenticate( String,
 Hashtable ) method is being passed a null value for the 
 username, or the
 authenticate( Request, Response ) is not receiving the 
 headers. Perhaps IIS
 or the ISAPI redirector are stripping this header when it 
 passes the request
 onto Tomcat?
 
 If anyone could tell me what I'm doing wrong or where the 
 problem is likely
 to lie, I would be most grateful as this conundrum is eating 
 up days of my
 time. Here is the configuration for my server.xml file (the 
 SimpleRealm
 interceptor is commented out):
 
 RequestInterceptor
 className="org.apache.tomcat.request.JDBCRealm"
 debug="99"
 
   driverName="sun.jdbc.odbc.JdbcOdbcDriver"
 
   connectionURL="jdbc:odbc:Intranet"
   connectionName="user"
   connectionPassword="pass"
 
   userTable="People"
   userNameCol="UserName"
   userCredCol="Password"
 
   userRoleTable="Roles"
   roleNameCol="RoleName"
   /
 
 Here is the configuration from the web.xml for my web application:
 
   security-constraint
 
   web-resource-collection
   web-resource-nameIntranet/web-resource-name
   url-pattern/*/url-pattern
   /web-resource-collection
 
   auth-constraint
   role-nameIntranetUser/role-name
   /auth-constraint
 
   /security-constraint
 
   login-config
   auth-methodBASIC/auth-method
   realm-nameUBQT Media Intranet/realm-name
   /login-config
 
 TIA...
 
 --
 Ricardo Gladwell
 UBQT Media PLC, Windsor
 Mobile: (07779) 841 444