RE: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
Thanks marco, However, can I also set this datasource for the Engine element ? (I thought I read something about a bug, although I'm not quite sure). Then, after I specified this new datasource in the either context or engine element, how do i confiugre the UserDatabase in the JNDI lookup ? For example: GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true/ !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3/ !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/build_jplanner connectionName=*** connectionPassword=** userTable=JT_USER userNameCol=LOGINNAME userCredCol=PASSWORD userRoleTable=JT_GROUP roleNameCol=NAME/ Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ /Host /Engine /Service How does the GlobalNamingResources relate to the REALM specified in the engine element ? Can someone tell me if the UserBase as specified in the GlobalNamingResources is being used by for the JSP security stuff ? (for example the /webapps/jsp-examples/security/protected/login.jsp) T.i.a, Leonard -Original Message- From: Marco Pöhler [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 10:45 AM To: Tomcat Users List Subject: AW: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms Hi Leonard, this works for me: Context path= docBase=/home/user1/trustedfeed debug=0 ResourceLink name=jdbc/db global=jdbc/db type=javax.sql.DataSource / Realm className=org.apache.catalina.realm.DataSourceRealm debug=99 dataSourceName=jdbc/db userTable=users userNameCol=username userCredCol=password userRoleTable=roles roleNameCol=rolename/ /Context Of course, you have to define the jdbc/db Datasource in the GlobalNamingResources, too. hth Marco --- http://www.optik-preisvergleich.de http://www.kontaktlinsen-preisvergleich.de -Ursprüngliche Nachricht- Von: Leonard Wolters [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 23. März 2004 09:22 An: [EMAIL PROTECTED] Betreff: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms Hi, I've got a question concerning the different REALM available for Tomcat 5.x. The main (basic) question is that I want to secure my context annex websites / jsp pages. I have some experience with JAAS (JBOSS) and was investigating the possibility to use / implement JAAS for Tomcat. After some efforts I stopped since I to noticed it would take me to much pain ;-( (I needed to create to much source code hence it would take me to much time). Then I investigated the JDBC Realm and was trying to use this for securing my website. The question: Tomcat 5 delivers a pre-installed security JSP example (/jsp-examples/security/protected) which (as stated in the documentation) only works with the MemoryRealm. Well, I want this to work with the JDBCRealm (or even my own implementation) as well. Does anyone can provide me some configurations of how to achieve this ? Basically, I think I need to change the default JNDI UserBase (MemoryRealm) with my own
RE: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
Hi, How does the GlobalNamingResources relate to the REALM specified in the engine element ? Can someone tell me if the UserBase as specified in the GlobalNamingResources is being used by for the JSP security stuff ? (for example the /webapps/jsp-examples/security/protected/login.jsp) In my thoughts, a realm in the context (or engine) overwrites the global realm. So if you have defined a security-constraint in your localhost-applicaions web.xml the user and roles used there for access control are taken from the database. The memory-realm /tomcat-users.xml won't be used. The security-constraints in the web.xml looks like: security-constraint display-nameAdmin Authentication/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint /security-constraint hth. Marco --- http://www.druckerpatronen--preisvergleich.de http://www.tintenpatronen-preisvergleich.de -Ursprüngliche Nachricht- Von: Leonard Wolters [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 23. März 2004 11:21 An: Tomcat Users List Betreff: RE: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms Thanks marco, However, can I also set this datasource for the Engine element ? (I thought I read something about a bug, although I'm not quite sure). Then, after I specified this new datasource in the either context or engine element, how do i confiugre the UserDatabase in the JNDI lookup ? For example: GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true/ !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3/ !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/build_jplanner connectionName=*** connectionPassword=** userTable=JT_USER userNameCol=LOGINNAME userCredCol=PASSWORD userRoleTable=JT_GROUP roleNameCol=NAME/ Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ /Host /Engine /Service How does the GlobalNamingResources relate to the REALM specified in the engine element ? Can someone tell me if the UserBase as specified in the GlobalNamingResources is being used by for the JSP security stuff ? (for example the /webapps/jsp-examples/security/protected/login.jsp) T.i.a, Leonard -Original Message- From: Marco Pöhler [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 10:45 AM To: Tomcat Users List Subject: AW: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms Hi Leonard, this works for me: Context path= docBase=/home/user1/trustedfeed debug=0 ResourceLink name=jdbc/db global=jdbc/db type=javax.sql.DataSource / Realm className=org.apache.catalina.realm.DataSourceRealm debug=99 dataSourceName=jdbc/db userTable=users userNameCol
Re: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
Leonard, I went the other way. I wrote a login module for tomcat's JAAS implementation and recently found it relatively easy to adapt it to JBoss. However I see you're going down the JDBC route. Adam On 03/23/2004 09:22 AM Leonard Wolters wrote: Hi, I've got a question concerning the different REALM available for Tomcat 5.x. The main (basic) question is that I want to secure my context annex websites / jsp pages. I have some experience with JAAS (JBOSS) and was investigating the possibility to use / implement JAAS for Tomcat. After some efforts I stopped since I to noticed it would take me to much pain ;-( (I needed to create to much source code hence it would take me to much time). Then I investigated the JDBC Realm and was trying to use this for securing my website. The question: Tomcat 5 delivers a pre-installed security JSP example (/jsp-examples/security/protected) which (as stated in the documentation) only works with the MemoryRealm. Well, I want this to work with the JDBCRealm (or even my own implementation) as well. Does anyone can provide me some configurations of how to achieve this ? Basically, I think I need to change the default JNDI UserBase (MemoryRealm) with my own one (JDBCRealm for example). However, is this the only thing I need to do ? If so, please provide me a server.xml configuration T.i.a, Leonard Leonard Wolters JTeam B.V. E: [EMAIL PROTECTED] T: +31(0)20 486 20 36 M: +31(0)6 24 111 401 F: +31(0)8 48 370 000 W: www.jteam.nl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]