CSJakharia: Security Realm Authentication

[Chirag]

Configuation
--
Tommat 5.5.2
Windows XP
JDK 1.5

Requirement
--
I have a Security realm Authentication ready for a Web
Application linking to a Database. When the user sign
ups the form then he has to login into the application
through the signup form instead of directly going to
the application.
How can this be done?


Thanks in advance

CSJakharia

 Subscribe to bermudaEmail:  [input]  [input]  Browse Archives at 
groups-beta.google.com 





__ 
Yahoo! Mail 
Stay connected, organized, and protected. Take the tour: 
http://tour.mail.yahoo.com/mailtour.html 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Wierd Realm authentication problem - Tomcat 4.1.30 / Jakarta Stru ts 1.1 / Internet Explorer 5.5+ / Forms Authentication

[Graff, David]

I am having a bit of an intermittent problem with Realm Authentication.

I've got a jdbc realm (backed by hsql) configured for form based
authentication under Tomcat 4.1.30.
My application is developed on Struts 1.1.

The problem I'm running into is that even after entering correct
credentials, I get a 
Not Authorized error.  This happens intermittently for some reason and I
have not been able to determine
what the heck is going on.

Are there any glitches with IE (as I'm suspsecting) that might cause this?
I've exhausted all routes
to try and figure out what is going on here but have not figured out what's
causing the problem nor
why it allows me in after a Ctrl+R.

Any help would be GREATLY appreciated on this.  I've got a time crunch to
figure this out ASAP so
if any of y'all (yes I'm down in the south) have any ideas on this I would
greatly appreciate your input.

Thanks.

RE: Wrong file served after JDBC Realm authentication

[Ariel Valentin]

Pierre,
I experienced a similar problem when using form based authentication and 
secured all requests (/*)
from web.xml
 
   
 My Webapp
 /*
   
   
 user
   
 

As a work around I placed all my images and css in a folder that did not 
require authentication.

Hope that helps.
Mr. Ariel S. Valentin
mailto: [EMAIL PROTECTED]


From: Pierre Sarrazin <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Wrong file served after JDBC Realm authentication
Date: Wed, 16 Jun 2004 23:19:09 -0400
I am trying to use the JDBC realm in my Tomcat web application and
it mostly works, but after logging into the application, Tomcat
sends the application's style.css file to my browser...
I am using Tomcat 5.0.16 on a Fedora Core 2 system.  I have configured
the JDBC realm this way in conf/server.xml:

In my application's web/WEB-INF/web.xml file, there is this:

index.jsp



Document Munger
/*


docmungerUser



   FORM
   Document Munger
   
  /login.jsp
  /login-error.jsp
   



This role includes all users who are allowed to use
(but not administer) the service.

docmungerUser

The web/login.jsp file contains this:
<%@ include file="header.inc" %>

Username:

Password:



<%@ include file="footer.inc" %>
The web/header.inc file contains this:



<%= siteTitle %>



This is where the "style.css" filename comes from.  There is indeed
a web/style.css file.
In the MySQL server, there is a "users" table that contains this:
+---+---+
| user_name | user_pass |
+---+---+
| george| (REMOVED) |
+---+---+
There is also a "user_roles" table:
+---+---+
| user_name | role_name |
+---+---+
| george| docmungerUser |
+---+---+
I use ant to install the application, then I send my browser (Galeon
1.3) to <http://localhost:8080/docmunger/>.  The login form appears.
I enter "george" and the password, and click "Log in".  Then my
browser displays the style.css file...  The location field of the
browser now shows <http://localhost:8080/docmunger/style.css>.
The catalina_log.2004-06-16.txt file says "Username george
successfully authenticated".
If I now ask my browser to go to <http://localhost:8080/docmunger/>
again, then I finally reach the real front page of the application
(index.jsp).
If I remove the  line from web/header.inc and reload the
application, then the problem disappears: I don't see style.css
and I reach index.jsp right after logging in.
I restarted Tomcat just before retrying this entire scenario.
I also see nothing suspicious appear in the logs.
I'm puzzled.  What could cause this behavior, and how does Tomcat
decide to send style.css?
--
Pierre Sarrazin 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_
Get fast, reliable Internet access with MSN 9 Dial-up – now 3 months FREE! 
http://join.msn.click-url.com/go/onm00200361ave/direct/01/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Wrong file served after JDBC Realm authentication

[Pierre Sarrazin]

I am trying to use the JDBC realm in my Tomcat web application and
it mostly works, but after logging into the application, Tomcat
sends the application's style.css file to my browser...

I am using Tomcat 5.0.16 on a Fedora Core 2 system.  I have configured
the JDBC realm this way in conf/server.xml:



In my application's web/WEB-INF/web.xml file, there is this:


index.jsp




Document Munger
/*


docmungerUser




   FORM
   Document Munger
   
  /login.jsp
  /login-error.jsp
   




This role includes all users who are allowed to use
(but not administer) the service.

docmungerUser


The web/login.jsp file contains this:

<%@ include file="header.inc" %>


Username:

Password:




<%@ include file="footer.inc" %>

The web/header.inc file contains this:




<%= siteTitle %>




This is where the "style.css" filename comes from.  There is indeed
a web/style.css file.

In the MySQL server, there is a "users" table that contains this:

+---+---+
| user_name | user_pass |
+---+---+
| george| (REMOVED) |
+---+---+

There is also a "user_roles" table:

+---+---+
| user_name | role_name |
+---+---+
| george| docmungerUser |
+---+---+

I use ant to install the application, then I send my browser (Galeon
1.3) to .  The login form appears.
I enter "george" and the password, and click "Log in".  Then my
browser displays the style.css file...  The location field of the
browser now shows .

The catalina_log.2004-06-16.txt file says "Username george
successfully authenticated".

If I now ask my browser to go to 
again, then I finally reach the real front page of the application
(index.jsp).

If I remove the  line from web/header.inc and reload the
application, then the problem disappears: I don't see style.css
and I reach index.jsp right after logging in.

I restarted Tomcat just before retrying this entire scenario.
I also see nothing suspicious appear in the logs.

I'm puzzled.  What could cause this behavior, and how does Tomcat
decide to send style.css?

-- 
Pierre Sarrazin 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

tomcat using nis for realm authentication

[Andreas Pakulat]

Hi,

I've got a problem with a tomcat 4.1.30. I want a webapp to use a
JNDIRealm for authentication which in turn uses NIS for authenticating
the user. But this doesn't work, I cannot login using correct password
and username. 

server.xml looks like this for the Realm:



where $server and $domain are the NIS Server and the domain for
authentication.

The web.xml of the webapp has this for the authentication:



test
/*


student




BASIC
test


According to the Realm HOWTO and the few Information about NIS over
JDNI this should be correct and it's also not tomcat not finding the
ContextFactory for nis, I tested with a small servlet.

What I'm not sure about are the parameters for the Realm like roleBase
userBase and those. 

Thanks for any hints.

Andreas

-- 
manic-depressive, adj.:
Easy glum, easy glow.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Realm(?) authentication

[Chong Yu Meng]

Frank Schaare wrote:

"Or maybe you just think that my writing sucks"

i´m reading a lot of this stuff but your writing definetly NOT sucks ! 
Is is cool, short and very useful, thank you for posting your link.

Greetings from Germany...

Thanks a lot, Frank !!

I hope it's good enough for another thesis I am writing that has nothing 
at all to do with technology. Which I have to submit really soon !

--
A complex system that works is invariably found to have evolved from a
simple system that works.
++
| Pascal Chong   |
| email: [EMAIL PROTECTED]  |
||
| Please visit my site at : http://cymulacrum.net|
| If you're using my documentation, please read the Terms and|
| and Conditions at http://cymulacrum.net/terms.html |
++


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Realm(?) authentication

[Adam Hardy]

On 04/18/2004 12:22 PM Frank Schaare wrote:
I've written one step by step for this. It's for Tomcat on Linux, but 
I don't think Windows is different at all, at least for the realm 
part. Can't say the same for the installation. You can view it at 
http://www.connecties.com/cymulacrum/tomcat5/c578.html. This is for JDBC 
"Or maybe you just think that my writing sucks"

i´m reading a lot of this stuff but your writing definetly NOT sucks ! 
Is is cool, short and very useful, thank you for posting your link.
You should definitely post this link on the Jakarta wiki.

--
struts 1.2 + tomcat 5.0.19 + java 1.4.2
Linux 2.4.20 Debian
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Realm(?) authentication

[Frank Schaare]

Hi,

I've written one step by step for this. It's for Tomcat on Linux, but I 
don't think Windows is different at all, at least for the realm part. 
Can't say the same for the installation. You can view it at 
http://www.connecties.com/cymulacrum/tomcat5/c578.html. This is for JDBC 
"Or maybe you just think that my writing sucks"

i´m reading a lot of this stuff but your writing definetly NOT sucks ! 
Is is cool, short and very useful, thank you for posting your link.

Greetings from Germany...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Realm(?) authentication

[Chong Yu Meng]

Matthew Bechly wrote:

Hi Tomcat users,

I am a new user and have Tomcat 5.0.19 - windows. I only run one application
which is running well on our intranet. I am thinking of giving external
(outside my firewall) users access. I have configured Tomcat for SSL, no
problems.
As added security, I wanted to authenticate (similar to manager) all Tomcat
users (for any access, root and the webapps). I have read the How to's, and
searched lists to no avail. I think I need to configure an  Realm
setup. I have configured my users for MemoryRealm.
I was hoping somebody could point me in the direction of a 'step by step'
for this. I have been playing around with the config files on and off for a
week without success.
Thanks
Matt
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


 

Hi Matthew !

I've written one step by step for this. It's for Tomcat on Linux, but I 
don't think Windows is different at all, at least for the realm part. 
Can't say the same for the installation. You can view it at 
http://www.connecties.com/cymulacrum/tomcat5/c578.html. This is for JDBC 
realms, meaning that your user information (i.e. username, password) is 
stored inside a database. The database described in the example is 
Firebird (the Open Source branch of Interbase), but I think it should 
work for any database with a JDBC driver -- some tweaking required of 
course.

Hope this helps !

Regards,
pascal chong


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Realm(?) authentication

[Matthew Bechly]

Hi Tomcat users,

I am a new user and have Tomcat 5.0.19 - windows. I only run one application
which is running well on our intranet. I am thinking of giving external
(outside my firewall) users access. I have configured Tomcat for SSL, no
problems.

As added security, I wanted to authenticate (similar to manager) all Tomcat
users (for any access, root and the webapps). I have read the How to's, and
searched lists to no avail. I think I need to configure an  Realm
setup. I have configured my users for MemoryRealm.

I was hoping somebody could point me in the direction of a 'step by step'
for this. I have been playing around with the config files on and off for a
week without success.

Thanks
Matt


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Timeout or log out for Realm authentication

[Joan Jesús Pujol Espinar]

Hello,

Is it possible to set a timeout or manually logout a user that is 
authenticated with a realm?
Because the user is always 'logged' until the navigator is closed.

Cheers,

--
***
Joan Jesús Pujol Espinar
Tècnic de Sistemes
Universitat de Girona
Dpt. Informàtica i Matemàtica Aplicada
Campus Montilivi
17003 - Girona (Spain)
e-mail: [EMAIL PROTECTED]
+34 972 418418 Fax: +34 972 418792
***


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat Realm Authentication + Storing Objects In The Session

[Adam Hardy]

On 03/11/2004 08:56 AM Ronald Wildenberg wrote:
My biggest unknown right now is, because the server handles the
creation of the session, what would it take to make the server grab
a user object from the database and store it in the session after
the user logs in?
Can't you use an HttpSessionListener for this? It is called right 
after a session is created (and when it's destroyed again). I'm not
sure though whether there's enough information in the HttpSession 
object for you to be able to grab something from the database at the
time HttpSessionListener.sessionCreated() is called.
I do it with a filter. Easy to check request.getRemoteUser(), fetch the 
session and check for the user bean.

Adam
--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat Realm Authentication + Storing Objects In The Session

[Ronald Wildenberg]

> My biggest unknown right now is, because the server handles 
> the creation
> of the session, what would it take to make the server grab a 
> user object
> from the database and store it in the session after the user 
> logs in?  
> 


Can't you use an HttpSessionListener for this? It is called right
after a session is created (and when it's destroyed again). I'm
not sure though whether there's enough information in the HttpSession
object for you to be able to grab something from the database at
the time HttpSessionListener.sessionCreated() is called.

Regards,
Ronald.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat Realm Authentication + Storing Objects In The Session

[Shapira, Yoav]

Hi,

>I've run into this in JBoss and ended up making some custom mechanisms
-
>I'm hoping I don't have to do the same here!

You would have to write custom code.

Yoav Shapira



This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat Realm Authentication + Storing Objects In The Session

[Alan Weissman]

Hey Everyone -

 

I have been trying to figure out if Realm authentication is appropriate
for my project or if I need to implement my own.  

 

My biggest unknown right now is, because the server handles the creation
of the session, what would it take to make the server grab a user object
from the database and store it in the session after the user logs in?  

 

I've run into this in JBoss and ended up making some custom mechanisms -
I'm hoping I don't have to do the same here!

 

Thanks,

Alan

 

 

Re: Realm Authentication and Password Change

[Tim Funk]

You could use a Filter. Once authenticated, the filter can check to see if 
the user's password needed changed. If so, you can sendRedirect() or let the 
next filter in the chain do its thing.

-Tim

Shain, Jim wrote:

Goal: Using forms based authentication, a user logs into a site with a valid user ID/password, and is redirected to a page explaining that the password has expired and user must change their password.

What's a good way to reach this goal? I've been working with a custom realm module, so I know when the password needs to be changed, I just can't figure out how to redirect the user to the password change page.
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Realm Authentication and Password Change

[Shain, Jim]

Vincent,
Thanks again. That much I knew. Inside the authenticate method of the custom realm how 
can I gain access to the session? The only passed variables to the authenticate method 
are username and credentials, and I don't see the http request or the session any of 
the base classes.

-Jim

-Original Message-
From: Vincent Aumont [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:57 AM
To: Tomcat Users List
Subject: Re: Realm Authentication and Password Change


session.setAttribute().
Don't forget to remove the attribute from the session when you're done,
Actually, you should use a request attribute in this case.

- Vincent

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Realm Authentication and Password Change

[Vincent Aumont]

session.setAttribute().
Don't forget to remove the attribute from the session when you're done,
Actually, you should use a request attribute in this case.
- Vincent

Shain, Jim wrote:

Vincent,
Thanks! Great solution. How can I set a session variable in a custom realm?
-Original Message-
From: Vincent Aumont [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:24 AM
To: Tomcat Users List
Subject: Re: Realm Authentication and Password Change
A possible solution:
- Your custom realm sets a session attribute to indicate that the password must
be changed.
- You create a filter that checks this attribute and redirect the use to the
password change page if needed.
-Vincent.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Realm Authentication and Password Change

[Shain, Jim]

Vincent,
Thanks! Great solution. How can I set a session variable in a custom realm?

-Original Message-
From: Vincent Aumont [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:24 AM
To: Tomcat Users List
Subject: Re: Realm Authentication and Password Change


A possible solution:
- Your custom realm sets a session attribute to indicate that the password must
be changed.
- You create a filter that checks this attribute and redirect the use to the
password change page if needed.


-Vincent.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Realm Authentication and Password Change

[Vincent Aumont]

A possible solution:
- Your custom realm sets a session attribute to indicate that the password must
be changed.
- You create a filter that checks this attribute and redirect the use to the
password change page if needed.


-Vincent.


> Goal: Using forms based authentication, a user logs into a site with a valid
> user ID/password, and is redirected to a page explaining that the password
> has expired and user must change their password.
> 
> What's a good way to reach this goal? I've been working with a custom realm
> module, so I know when the password needs to be changed, I just can't figure
> out how to redirect the user to the password change page.
> 
> Thanks for any help,
> Jim Shain
> Sr. Architect
> Fidelity Information Services
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Realm Authentication and Password Change

[Shain, Jim]

Goal: Using forms based authentication, a user logs into a site with a valid user 
ID/password, and is redirected to a page explaining that the password has expired and 
user must change their password.

What's a good way to reach this goal? I've been working with a custom realm module, so 
I know when the password needs to be changed, I just can't figure out how to redirect 
the user to the password change page.

Thanks for any help,
Jim Shain
Sr. Architect
Fidelity Information Services

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: basic jdbc realm authentication

[[EMAIL PROTECTED]]

In the basic authentication approach the userid and password
are concatenated with a ':' between them, base64 encoded, then
placed in an HTTP header to send to the server.
Obviously, the server will have trouble differentiating between
the ':' in the username and the one separating the user name
from the password.
In other words, this is an artifact of BASIC authentication.

Later,
G. Wade
Koes, Derrick wrote:

I'm using tomcat 4.1.18 with Microsoft Internet Explorer 6.0 sp1 as the
browser and oracle as the database to which I authenticate users.
 
Oddly, the colon character cannot be used in user names, but can be used in
passwords.  I'm assuming my code is at fault, but I cannot see how.
Perhaps there is something special about the colon character to the
authentication dialog.
 
Thanks for the help.
 
Derrick
 
 
 
This electronic transmission is strictly confidential to Smith & Nephew and
intended solely for the addressee.  It may contain information which is
covered by legal, professional or other privilege.  If you are not the
intended addressee, or someone authorized by the intended addressee to
receive transmissions on behalf of the addressee, you must not retain,
disclose in any form, copy or take any action in reliance on this
transmission.  If you have received this transmission in error, please
notify the sender as soon as possible and destroy this message.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

basic jdbc realm authentication

[Koes, Derrick]

I'm using tomcat 4.1.18 with Microsoft Internet Explorer 6.0 sp1 as the
browser and oracle as the database to which I authenticate users.
 
Oddly, the colon character cannot be used in user names, but can be used in
passwords.  I'm assuming my code is at fault, but I cannot see how.
Perhaps there is something special about the colon character to the
authentication dialog.
 
Thanks for the help.
 
Derrick
 
 
 
This electronic transmission is strictly confidential to Smith & Nephew and
intended solely for the addressee.  It may contain information which is
covered by legal, professional or other privilege.  If you are not the
intended addressee, or someone authorized by the intended addressee to
receive transmissions on behalf of the addressee, you must not retain,
disclose in any form, copy or take any action in reliance on this
transmission.  If you have received this transmission in error, please
notify the sender as soon as possible and destroy this message.

tomcat 4.1.27: Realm authentication 400 error code

[Fabio Bazzani]

How is it possible I get this message:

HTTP Status 400 - Invalid direct reference to form login page

during JDBC Realm FORM authentication.

These are the stpes I followed :


1. create tables in mysql db :

create table IsInRole(
usernamevarchar(20) not null,
userrolevarchar(10) not null,
primary key(username,userrole)
);

create table usertable(
usernamevarchar(20) not null,
userpwdvarchar(10) ,

...
primary key (username)
);

2. in server.xml

  



3.  always in server.xml, commented out :

4. created webapps/logIn/login.jsp with:


   
   
   
   
   

5. in web.xml :

  
   
test
/protected/*

DELETE
GET
POST
PUT

  

   
myrole
   

  

  
   FORM
   authentication test
   
/logIn/logIn.jsp
/logIn/logIn-error.jsp
   
  


when I try to go to "/protected/index.jsp" I have to pass the login.jsp and when I 
authenticate I get 400 error code ? what's wrong ?

thank you

FB

Realm Authentication does not restore Original "POST" request.

[Raman]

Hi,
I am facing this problem.
The Form Based Realm Authentication is not able to recreate the original post 
request.

To recreate the problem:

-Request a page protected with Form Based authentication.
-Login to the application.
-Stop at a page which has a form with method "POST", till session times 
out/context is reloaded.
-After session times out, Hit the submit button, you will be asked to login 
again.
-org.apache.catalina.authenticator.FormAuthenicator saves the request 
parameters with the request in session, before taking you to the login page.
-After successful login, it should take you to the orgininal URI requested 
along with FORM parameters.

But one gets redirected to the original request URI. All the parameters with 
the request are lost.

Either the user should be forwarded to the original request URI, or the Form 
Parameters with the original request should be saved as query string to be 
appended to the request URI, so that even after redirecting to the original 
URI, we have access to the parameters.
Would like to know whether it is a bug in tomcat or something else.
Thanks in advance.
Raman

Realm Authentication over SSL

[Gabriel Santonja]

Hello,

I'am trying to authenticate an user with tomcat/SSL and using FORM realm.
Now I can't use the SSL only when the user give his password.

Is it possible?.

Thank you
___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JDBC Realm Authentication Problem

[Sean Dockery]

Yes, that is correct.  To have a Realm apply only to a context, it must
declared inside the context tags.  So...



becomes


  



--
Sean Dockery
[EMAIL PROTECTED]
Certified Java Web Component Developer
Certified Delphi Programmer
SBD Consultants
http://www.sbdconsultants.com

"Geoff Peters" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Sean - I didn't omit anything in my post - the serverl.xml is as it is in my
app. I think you might have inadvertently answered my question, does my
context level realm physically have to reside inside the context tag? (do I
have to put a  on after the realm)? I manager to get everything
working, it is authenticating the manager app against the database fine now,
and the lower level authentication works as well, I am not sure which realm
is being used where, I am going to create a new database and see that it is
working right.


Thanks for the reply!!

Geoff


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: JDBC Realm Authentication Problem

[Geoff Peters]

Sean - I didn't omit anything in my post - the serverl.xml is as it is in my app. I 
think you might have inadvertently answered my question, does my context level realm 
physically have to reside inside the context tag? (do I have to put a  on 
after the realm)? I manager to get everything working, it is authenticating the 
manager app against the database fine now, and the lower level authentication works as 
well, I am not sure which realm is being used where, I am going to create a new 
database and see that it is working right.


Thanks for the reply!!

Geoff

-Original Message-
From: Sean Dockery [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 06, 2003 8:34 PM
To: Tomcat Users List
Subject: Re: JDBC Realm Authentication Problem


Where I wrote "did you remove," I meant to write "did you omit."  Basically 
I want to know exactly what you edited out of the server.xml file that you 
put in your message because you didn't think it was relevant.

Basically, I suspect that if you left the memory realm at the engine level 
that authentication is failing against the memory realm (so it doesn't 
bother checking your JDBC realm at the engine level).

At 17:27 2003-02-06 -0700, you wrote:
>Um.  I don't see a context-level realm in there.  There is a host-level 
>realm, however.  :-)
>
>Did you remove anything at all (such as other Realms) from the server.xml 
>file that you presented?
>
>At 13:29 2003-02-06 -0400, you wrote:
>>A small problem here, can't seem to figure out why.
>>
>>In the following server.xml, if I remove the context level realm, the 
>>authentication fails against the database (I can connect on startup, but 
>>I cannot authenticate to access the manager or admin applications). 
>>However, if I put the context level JDBC realm back in (exactly the same 
>>as the top level realm)
>>
>>Removing the top level realm makes no difference on startup or 
>>authentication. Shouldn't I be able to authenticate for the manager and 
>>admin outside of a contect level database?
>>
>>
>>Thanks!!
>>
>>Geoff
>>
>>
>>SERVER.XML:
>>
>>
>>
>>   
>>
>>
>>
>> > port="80" minProcessors="5" maxProcessors="75"
>>enableLookups="true" redirectPort="8443"
>>acceptCount="100" debug="0" connectionTimeout="2"
>>useURIValidationHack="false" disableUploadTimeout="true" />
>>
>>
>> 
>>
>>
>>   >   prefix="catalina_log." suffix=".txt"
>>   timestamp="true"/>
>>
>>
>>  >   driverName="org.gjt.mm.mysql.Driver"
>>connectionURL="jdbc:mysql://somewhere.com/MailAdmn"
>>   connectionName="user" connectionPassword="password"
>> userTable="tblUsers" userNameCol="user_name" 
>> userCredCol="user_pass"
>>   userRoleTable="tblUser_Role" roleNameCol="role_name" digest = 
>> "md5"/>
>>
>>
>>   > autoDeploy="true">
>>
>>
>>>  directory="logs"  prefix="gpeters_access_log." 
>> suffix=".txt"
>>  pattern="common" resolveHosts="false"/>
>>
>> >  directory="logs"  prefix="gpeters_log." suffix=".txt"
>> timestamp="true"/>
>>
>>   
>>
>>
>> >   reloadable="true" crossContext="true" />
>>
>> > debug="99"
>> driverName="org.gjt.mm.mysql.Driver"
>> connectionURL="jdbc:mysql://somewhere.com/MailAdmn"
>> connectionName="user" 
>> connectionPassword="password"  userTable="tblUsers" 
>> userNameCol="user_name"   userCredCol="user_pass"
>> userRoleTable="tblUser_Role" 
>> roleNameCol="role_name" digest = "md5"/>
>>
>>
>> >   prefix="tomcat_MailApp_log." suffix=".txt" 
>> timestamp="true" />
>>
>>
>>   
>>
>>

Re: JDBC Realm Authentication Problem

[Sean Dockery]

Where I wrote "did you remove," I meant to write "did you omit."  Basically 
I want to know exactly what you edited out of the server.xml file that you 
put in your message because you didn't think it was relevant.

Basically, I suspect that if you left the memory realm at the engine level 
that authentication is failing against the memory realm (so it doesn't 
bother checking your JDBC realm at the engine level).

At 17:27 2003-02-06 -0700, you wrote:
Um.  I don't see a context-level realm in there.  There is a host-level 
realm, however.  :-)

Did you remove anything at all (such as other Realms) from the server.xml 
file that you presented?

At 13:29 2003-02-06 -0400, you wrote:
A small problem here, can't seem to figure out why.

In the following server.xml, if I remove the context level realm, the 
authentication fails against the database (I can connect on startup, but 
I cannot authenticate to access the manager or admin applications). 
However, if I put the context level JDBC realm back in (exactly the same 
as the top level realm)

Removing the top level realm makes no difference on startup or 
authentication. Shouldn't I be able to authenticate for the manager and 
admin outside of a contect level database?


Thanks!!

Geoff


SERVER.XML:



  




port="80" minProcessors="5" maxProcessors="75"
   enableLookups="true" redirectPort="8443"
   acceptCount="100" debug="0" connectionTimeout="2"
   useURIValidationHack="false" disableUploadTimeout="true" />





  
  prefix="catalina_log." suffix=".txt"
  timestamp="true"/>


 
  driverName="org.gjt.mm.mysql.Driver"
   connectionURL="jdbc:mysql://somewhere.com/MailAdmn"
  connectionName="user" connectionPassword="password"
userTable="tblUsers" userNameCol="user_name" 
userCredCol="user_pass"
  userRoleTable="tblUser_Role" roleNameCol="role_name" digest = 
"md5"/>


  


   
 directory="logs"  prefix="gpeters_access_log." 
suffix=".txt"
 pattern="common" resolveHosts="false"/>


 directory="logs"  prefix="gpeters_log." suffix=".txt"
timestamp="true"/>

  



  reloadable="true" crossContext="true" />


driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://somewhere.com/MailAdmn"
connectionName="user" 
connectionPassword="password"  userTable="tblUsers" 
userNameCol="user_name"   userCredCol="user_pass"
userRoleTable="tblUser_Role" 
roleNameCol="role_name" digest = "md5"/>



  prefix="tomcat_MailApp_log." suffix=".txt" 
timestamp="true" />


  



  




Geoff Peters, BScFE, AIT  Phone  : (441) 296-9640
Applications DeveloperFax: (441) 292-1509
Logic Communications  E-mail : [EMAIL PROTECTED]
12 Par-La-Ville Road  WWW: http://www.logic.bm
Hamilton, Bermuda  HM JX


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Sean Dockery
[EMAIL PROTECTED]
Certified Java Web Component Developer
Certified Delphi Programmer
SBD Consultants
http://www.sbdconsultants.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Sean Dockery
[EMAIL PROTECTED]
Certified Java Web Component Developer
Certified Delphi Programmer
SBD Consultants
http://www.sbdconsultants.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JDBC Realm Authentication Problem

[Sean Dockery]

Um.  I don't see a context-level realm in there.  There is a host-level 
realm, however.  :-)

Did you remove anything at all (such as other Realms) from the server.xml 
file that you presented?

At 13:29 2003-02-06 -0400, you wrote:
A small problem here, can't seem to figure out why.

In the following server.xml, if I remove the context level realm, the 
authentication fails against the database (I can connect on startup, but I 
cannot authenticate to access the manager or admin applications). However, 
if I put the context level JDBC realm back in (exactly the same as the top 
level realm)

Removing the top level realm makes no difference on startup or 
authentication. Shouldn't I be able to authenticate for the manager and 
admin outside of a contect level database?


Thanks!!

Geoff


SERVER.XML:



  




port="80" minProcessors="5" maxProcessors="75"
   enableLookups="true" redirectPort="8443"
   acceptCount="100" debug="0" connectionTimeout="2"
   useURIValidationHack="false" disableUploadTimeout="true" />





  
  prefix="catalina_log." suffix=".txt"
  timestamp="true"/>


 
  driverName="org.gjt.mm.mysql.Driver"
   connectionURL="jdbc:mysql://somewhere.com/MailAdmn"
  connectionName="user" connectionPassword="password"
userTable="tblUsers" userNameCol="user_name" 
userCredCol="user_pass"
  userRoleTable="tblUser_Role" roleNameCol="role_name" digest = 
"md5"/>


  


   
 directory="logs"  prefix="gpeters_access_log." suffix=".txt"
 pattern="common" resolveHosts="false"/>


 directory="logs"  prefix="gpeters_log." suffix=".txt"
timestamp="true"/>

  



  reloadable="true" crossContext="true" />


driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://somewhere.com/MailAdmn"
connectionName="user" 
connectionPassword="password"  userTable="tblUsers" 
userNameCol="user_name"   userCredCol="user_pass"
userRoleTable="tblUser_Role" 
roleNameCol="role_name" digest = "md5"/>



  prefix="tomcat_MailApp_log." suffix=".txt" 
timestamp="true" />


  



  




Geoff Peters, BScFE, AIT  Phone  : (441) 296-9640
Applications DeveloperFax: (441) 292-1509
Logic Communications  E-mail : [EMAIL PROTECTED]
12 Par-La-Ville Road  WWW: http://www.logic.bm
Hamilton, Bermuda  HM JX


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Sean Dockery
[EMAIL PROTECTED]
Certified Java Web Component Developer
Certified Delphi Programmer
SBD Consultants
http://www.sbdconsultants.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JDBC Realm Authentication Problem

[Geoff Peters]

A small problem here, can't seem to figure out why. 

In the following server.xml, if I remove the context level realm, the authentication 
fails against the database (I can connect on startup, but I cannot authenticate to 
access the manager or admin applications). However, if I put the context level JDBC 
realm back in (exactly the same as the top level realm)

Removing the top level realm makes no difference on startup or authentication. 
Shouldn't I be able to authenticate for the manager and admin outside of a contect 
level database?


Thanks!!

Geoff


SERVER.XML:



  

   



 



  

  
 
  
  
  

   
   


 
  
  
  

  

 
  
  


  



  




Geoff Peters, BScFE, AIT  Phone  : (441) 296-9640
Applications DeveloperFax: (441) 292-1509
Logic Communications  E-mail : [EMAIL PROTECTED]
12 Par-La-Ville Road  WWW: http://www.logic.bm
Hamilton, Bermuda  HM JX


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Realm Authentication Across Multiple Servers

[Jacob Hookom]

The application we are working on is laid out on the network like so (*
means many):

Apache2

Tomcat4 Web Site Servers*

Tomcat4 File Servers*

Basically the application acts much like sourceforge or another download
site, but I would like to carry authentication from the Web site server
to the request made to the File Servers.

Is this possible?  I did think about a way of creating a timed/digested
certificate that could be passed in the request string, but it would be
ideal to have the Principal be used on all servers.

The user roles for the Web site servers are pulled from a DB, but I have
heard that these servers can share a JNDI context, so couldn't
information be put in there?

Any advice would be appreciated as I'm working in rational rose this
afternoon trying to lay things out :-)

-Jacob


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
 


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Realm Authentication lost when tomcat is restarted

[Craig R. McClanahan]

On Fri, 5 Apr 2002, Bill Gibbs wrote:

> Date: Fri, 5 Apr 2002 09:12:16 -0500
> From: Bill Gibbs <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Realm Authentication lost when tomcat is restarted
>
> I have a JDBCRealm setup that works great.  I can log in, it protects the
> resource I specified.
>
> But when I stop, then start tomcat, I lose the authentication and have to
> relogin.
>

Yep.  The sessions (and any serializable attributes) are saved across
restarts (even without setting up the persistent manager and file store),
but the fact that you've logged in is not.  I would consider it a security
risk to change this design.

One workaround to this would be to use BASIC authentication (at least for
development).  This succeeds because the browser keeps sending the
credentials with every request, so it automatically logs back on for you.
Of course, you can't log off by invalidating the session if you do this,
but ...

Craig


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Realm Authentication lost when tomcat is restarted

[Bill Gibbs]

I have a JDBCRealm setup that works great.  I can log in, it protects the 
resource I specified.

But when I stop, then start tomcat, I lose the authentication and have to 
relogin.

Looking at the log, I do see that my session was restored properly.

I ensured that PersistentManager was set to saveOnRestart=true

Tomcat ver 4.0.3.
RedHat Linux 7.2
FileStore sessions

server.xml:












web.xml:



http://java.sun.com/dtd/web-app_2_3.dtd";>




Staff

Staff Protected 
Area
 
 /staff/*



Staff





FORM
Staff Authentication Area

/staff/login.jsp
/staff/login.jsp





-- 
Bill "Elvis" Gibbs
Eduro Technologies, Inc.
main 240-529-2000 | fax 301-662-9552 | cell 301-748-5418

--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

RE: Popup Browser Windows & Tomcat Realm Authentication

[Ricky Leung]

I'm not sure if this would work, but I am guessing that your popup
immediately opens and your original window didn't do a thing.  If you allow
your parent authenticate and go to a authenticated page, it would be fine.
Then simply have that page popup the window that you wanted.  This idea is
similar to the way many sites having an auto-popup of advertisement when you
enters their main page.  Give that a try.

Ricky

-Original Message-
From: Kennedy Clark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 14, 2002 8:59 PM
To: [EMAIL PROTECTED]
Subject: Popup Browser Windows & Tomcat Realm Authentication


I'm using Tomcat 4.0.1 to develop a web-site application that needs to use
popup browser windows.  I have the main page protected by a JDBCRealm and
it's working nicely.  Now that I've added the popups, the popup window
opens fine using the authentication of the main windows.  However, when you
close the popup, you cannot do anything in the main windows without having
to re-authenticate.  I've tried using both a "target=" attribute on an "mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Popup Browser Windows & Tomcat Realm Authentication

[Kennedy Clark]

I'm using Tomcat 4.0.1 to develop a web-site application that needs to use 
popup browser windows.  I have the main page protected by a JDBCRealm and 
it's working nicely.  Now that I've added the popups, the popup window 
opens fine using the authentication of the main windows.  However, when you 
close the popup, you cannot do anything in the main windows without having 
to re-authenticate.  I've tried using both a "target=" attribute on an "mailto:[EMAIL PROTECTED]>
For additional commands: 
Troubles with the list: 

Re: ajp13 + tomcat 4 + realm authentication

[Leonard Bouchet]

Hum. Muchas gracias.

I need an advice now: I'd like to use apache and tomcat 4 with realm. Does
it make sense to use mod_webapp instead of mod_jk?

I guess apache will not serve the non-jsp pages in my context with
mod_webapp, will it? That's why I planned to use mod_jk with a

JkMount /*.jsp ajp13

Do I have a way to do it, though?

Thanks again

-leo

> Yes, tomcatAuthentication is not present in the ajp13 implementation of
> TC 4.0.1, but will be ported from 3.3 for 4.0.2..
> 
> Saludos ,
> Ignacio J. Ortega
> 
> 
>> Hi all,
>> 
>> I can't use the ajp13 connector with the realm authentication
>> mechanism. It
>> doesn't pass the correct headers to tomcat, causing the
>> userid value to be
>> null.
>> 
>> I saw on this list that you can set a
>> tomcatAuthentication="true"
>> attribute in the Connector element in Tomcat 3.3, but it
>> doesn't seem to
>> work for me (tomcat 4.0.1)
>> 
>> Can anyone help me on this? Does anyone know anything about
>> this problem?
>> 
>> Thanks a lot
>> 
>> -leo
>> 
>> Linux RH 7.1
>> Apache 1.3.22
>> Tomcat 4.0.1
>> 
>> Example log:
>> 
>> MemoryRealm[localhost]: Username null NOT successfully authenticated


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: JDBC realm authentication

[Ignacio J. Ortega]

Do not need to exchange classe in the jar, call it XYZRealm put it into
%TOMCAT_HOME%/classes and change the requestinterceptor line in
server.xml from org.apache.tomcat.request.JDBCRealm to your XYZRealm ,
and that's all folks.

FYI.: Next Tomcat 3.X already has Digested passwrods inside ( and Tomcat
4.0 too ).

Saludos ,
Ignacio J. Ortega


> -Mensaje original-
> De: Dario Novakovic [mailto:[EMAIL PROTECTED]]
> Enviado el: lunes 22 de enero de 2001 0:41
> Para: tomcat-user
> Asunto: JDBC realm authentication
> 
> 
> i want to use database for (form based) user authentication 
> but problem is
> that i  have crypted user passwords and JDBCRealm.class expects plain
> passwords. Would it be enough if i change JDBCRealm class to encrypt
> password typed in the form before it checks it against password in the
> database? i would, then, compile that class and swap it with 
> the same class
> in the jar file. is it any good or am i beeing stupid?
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

JDBC realm authentication

[Dario Novakovic]

i want to use database for (form based) user authentication but problem is
that i  have crypted user passwords and JDBCRealm.class expects plain
passwords. Would it be enough if i change JDBCRealm class to encrypt
password typed in the form before it checks it against password in the
database? i would, then, compile that class and swap it with the same class
in the jar file. is it any good or am i beeing stupid?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]