Re: Scoping of JNDI Resources?
J Malcolm wrote: I've actually got my realms defined per host. That's not the problem. The problem is that the datasources for the various realms must be declared globally (apparently). I'm assuming that any datasource that is defined globally is accessible to any Tomcat app that knows the datasource name, right? This means that the realm authentication db for one host is accessible to any other host that might be able to determine the datasource name. Ah, OK, this isn't a problem I've had to deal with, but: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html :: I would read this: The GlobalNamingResources element defines the global JNDI resources for the Server. These resources are listed in the server's global JNDI resource context. This context is distinct from the per-web-application JNDI contexts described in the JNDI Resources HOW-TO. The resources defined in this element are not visible in the per-web-application contexts unless you explicitly link them with ResourceLink elements. :: as refuting the above concern... But I don't have time to test that theory right now :-) HTH! -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Scoping of JNDI Resources?
Hassan, Thank you so much. I figured there had to be some sort of answer for that. This makes sense. I really appreciate the help. Jerry -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, March 14, 2005 9:00 AM To: Tomcat Users List Subject: Re: Scoping of JNDI Resources? J Malcolm wrote: I've actually got my realms defined per host. That's not the problem. The problem is that the datasources for the various realms must be declared globally (apparently). I'm assuming that any datasource that is defined globally is accessible to any Tomcat app that knows the datasource name, right? This means that the realm authentication db for one host is accessible to any other host that might be able to determine the datasource name. Ah, OK, this isn't a problem I've had to deal with, but: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html :: I would read this: The GlobalNamingResources element defines the global JNDI resources for the Server. These resources are listed in the server's global JNDI resource context. This context is distinct from the per-web-application JNDI contexts described in the JNDI Resources HOW-TO. The resources defined in this element are not visible in the per-web-application contexts unless you explicitly link them with ResourceLink elements. :: as refuting the above concern... But I don't have time to test that theory right now :-) HTH! -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Scoping of JNDI Resources?
I know you can define DataSources, etc. globally to all of Tomcat using GlobalNamingResources. I have also determined that you can define individual DataSources inside a webApp's Context/Context block inside a Host block. But are these the only two options? I would like to define DataSources that are scoped to a Host, but not global to all of Tomcat. I tried a few things, but couldn't seem to get it to work any other way. Is there a way to define a DataSource (or any other JNDI resource) at the host level? More generally, examples of server.conf are great. But is there a document that describes all the options and variations of what you do in server.xml? Thanks. Jerry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Scoping of JNDI Resources?
J Malcolm wrote: I know you can define DataSources, etc. globally to all of Tomcat using GlobalNamingResources. I have also determined that you can define individual DataSources inside a webApp's Context/Context block inside a Host block. But are these the only two options? I would like to define DataSources that are scoped to a Host, but not global to all of Tomcat. I tried a few things, but couldn't seem to get it to work any other way. Is there a way to define a DataSource (or any other JNDI resource) at the host level? You didn't mention what version you're running, but take a look at this page for the DefaultContext : http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/defaultcontext.html More generally, examples of server.conf are great. But is there a document that describes all the options and variations of what you do in server.xml? It's not a single document, but the Server Configuration Reference (again, this is for the 5.0 branch, adjust as required) covers it all, element by element: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html HTH! -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Scoping of JNDI Resources?
Hassan, Thanks so much for the info. I am on 5.5.7. I was not aware of the Default-Context option. That will be useful. But it does not appear that the Default-Context applies to DataSourceRealms for a host. Is there a way to define a datasource for use by a realm in a particular host (without making the datasource available to other hosts?) Thanks again. Jerry -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Sunday, March 13, 2005 12:38 PM To: Tomcat Users List Subject: Re: Scoping of JNDI Resources? J Malcolm wrote: I know you can define DataSources, etc. globally to all of Tomcat using GlobalNamingResources. I have also determined that you can define individual DataSources inside a webApp's Context/Context block inside a Host block. But are these the only two options? I would like to define DataSources that are scoped to a Host, but not global to all of Tomcat. I tried a few things, but couldn't seem to get it to work any other way. Is there a way to define a DataSource (or any other JNDI resource) at the host level? You didn't mention what version you're running, but take a look at this page for the DefaultContext : http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/defaultcontext.html More generally, examples of server.conf are great. But is there a document that describes all the options and variations of what you do in server.xml? It's not a single document, but the Server Configuration Reference (again, this is for the 5.0 branch, adjust as required) covers it all, element by element: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html HTH! -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Scoping of JNDI Resources?
J Malcolm wrote: But it does not appear that the Default-Context applies to DataSourceRealms for a host. Is there a way to define a datasource for use by a realm in a particular host (without making the datasource available to other hosts?) Ah, Realms, well then: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html :: says: You may nest a Realm inside any Catalina container Engine, Host, or Context). Not tested -- I'm also running 5.5.7, but my DataSourceRealm is applied globally -- but that sounds like it fits the bill... -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Scoping of JNDI Resources?
I've actually got my realms defined per host. That's not the problem. The problem is that the datasources for the various realms must be declared globally (apparently). Until yesterday, I was running JDBCRealms where I could define a different database for each realm inside the host. But I had to move off of JDBCRealms due to a catastrophic bug discussed in an earlier thread. I'm assuming that any datasource that is defined globally is accessible to any Tomcat app that knows the datasource name, right? This means that the realm authentication db for one host is accessible to any other host that might be able to determine the datasource name. Many of my hosts are from different businesses that must ensure integrity of their security environment. With a global datasource defined for their realm authority db, I can't guarantee that another malicious host cannot access and possible corrupt the db. It doesn't seem right that there would be this sort of hole in DataSourceRealms. But right now, the only way I can find to define a datasource for any realm, even those defined inside a host, is to use global datasource definitions. Is this really the only way? Thanks. Jerry -Original Message- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Sunday, March 13, 2005 7:08 PM To: Tomcat Users List Subject: Re: Scoping of JNDI Resources? J Malcolm wrote: But it does not appear that the Default-Context applies to DataSourceRealms for a host. Is there a way to define a datasource for use by a realm in a particular host (without making the datasource available to other hosts?) Ah, Realms, well then: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html :: says: You may nest a Realm inside any Catalina container Engine, Host, or Context). Not tested -- I'm also running 5.5.7, but my DataSourceRealm is applied globally -- but that sounds like it fits the bill... -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]