Re: Realm configuration issues
Adam Posner wrote: Hi, I have been trying to implement form based authentication using container managed security. I had tried originally to use the DataSource Realm but after struggling with that for so long I gave up because I had tried everything I could think of as far as putting the Realm declaration in varioius places with no luck, and I got conflicting answers between the the Apache-Tomcat docs Generally, the docs will give you more accurate information. If you have problems ask here and on the odd occasion the docs are wrong they'll get fixed. ( which I've read multiple times) and what I found in places like mark-mail and nabble. So now I am trying to get it working with the JDBC realm instead. That is a bad idea. The JDBCRealm is horribly synchronized whereas the DataSourceRealm uses a connection pool. server.xml: I'd strongly suggest removing the comments from this file. It makes it a lot easier to read. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context path=/blurbV1 docBase=blurbV1 debug=99 debug doesn't do anything - delete it. This begs the question why did you add it? Any docs that say you need it are for the wrong Tomcat version. That is why you are best following the official Tomcat 6 docs. reloadable=true Resource name=jdbc/trailsDB auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/trailsDB?user=buzzamp;password=99 maxActive=8/ I assume this resource is required by the application since the JBDCRealm won't use it. Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/trailsDB userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / You are missing the connectionName and connectionPassword attributes. Both of which are clearly marked as required in the docs. Again - use the official docs and life gets a lot easier. /Context /Host /Engine /Service /Server And my web.xml: security-constraint web-resource-collection web-resource-nameUpdateTrails/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method This is bad from a security point of view. This means *only* GET and POST are protected but all of the other HTTP methods are allowed. I doubt that is what you want. /web-resource-collection auth-constraint descriptionThese are the roles who have access/description role-nameadmin/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameTomcat Server Configuration Form-Based Authentication Area/realm-name form-login-config form-login-page/Login.html/form-login-page form-error-page/auth-error.html/form-error-page /form-login-config /login-config resource-ref descriptionDB Connection/description res-ref-namejdbc/trailsDB/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref /web-app Even though it says DataSource in the above resource-ref tag, all the info I found told me to do that even with the JDBCRealm. Really? If the official Tomcat docs say you need to do that then
mod_jk Tomcat AJP Connectivity problem
I am using Tomcat 5.5.20 and Apache 2.2 with Mod_jk 1.2.2.7 on Solaris 10 intel platform. Following is my configurations Tomcat port=8030 enableLookups=false redirectPort=8444 protocol=AJP/1.3 compression=on compressableMimeType=text/html,text/xml,text/css,text/javascript maxThreads=250 maxSpareThreads=75 minSpareThreads=25 connectionTimeout=60 Apache IfModule mpm_prefork_module StartServers 10 MinSpareServers 10 MaxSpareServers 20 MaxClients 200 MaxRequestsPerChild 0 /IfModule mod_jk worker.template.type=ajp13 worker.template.lbfactor=1 worker.template.ping_timeout=1000 worker.template.ping_mode=A worker.template.socket_timeout=10 worker.template.connection_pool_timeout=600 worker.anznz.reference=worker.template worker.anznz.host=localhost worker.anznz.port=8030 My website is running fine for the entire day and mod_jk started throwing the following error end of the day [Sat Sep 05 11:27:05 2009][23566:1] [error] jk_ajp_common.c (2400): () sending request to tomcat failed (unrecoverable), (attempt=1) [Sat Sep 05 11:27:04 2009][7724:1] [info] jk_ajp_common.c (1104): () can't receive the response message from tomcat, tomcat (127.0.0.1:8030) has forceda connection close for socket 36 [Sat Sep 05 11:27:05 2009][7724:1] [error] jk_ajp_common.c (1920): () Tomcat is down or refused connection. No response has been sent to the client (yet ) Once the abouve error hits, the user get the service not available pages. It is not happening to all users. Then when I restart the Tomcat, it started working. There is no problem in accessing the site through the HTTP connector in the Tomcat. Did someone experience similar problem and is there any solution for this problem? Thanks in advance -- View this message in context: http://www.nabble.com/mod_jk-Tomcat-AJP-Connectivity-problem-tp25306341p25306341.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: An unexpected error has been detected by Java Runtime Environment:
It's possible. What is your architecture? Solaris 9.Sparc. Do you have physical access? Can you run a memory tester on it? Unfortunatly this is not possible. Thanks Evgeny - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqhJNgACgkQ9CaO5/Lv0PAHzwCff9RgReSy8KeQLVEnN5TX2XEB kSIAoJPHn+1g7VzvA/+FuCdvB8YzY9mt =d2Fg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Realm configuration issues
Thanks Mark for all those tips. I will go back to the DataSource Realm. As for the location of my auth-error.html, it is in webapps/web-app-name, where my jsp's are. On Sat, Sep 5, 2009 at 1:55 AM, Mark Thomas ma...@apache.org wrote: Adam Posner wrote: Hi, I have been trying to implement form based authentication using container managed security. I had tried originally to use the DataSource Realm but after struggling with that for so long I gave up because I had tried everything I could think of as far as putting the Realm declaration in varioius places with no luck, and I got conflicting answers between the the Apache-Tomcat docs Generally, the docs will give you more accurate information. If you have problems ask here and on the odd occasion the docs are wrong they'll get fixed. ( which I've read multiple times) and what I found in places like mark-mail and nabble. So now I am trying to get it working with the JDBC realm instead. That is a bad idea. The JDBCRealm is horribly synchronized whereas the DataSourceRealm uses a connection pool. server.xml: I'd strongly suggest removing the comments from this file. It makes it a lot easier to read. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context path=/blurbV1 docBase=blurbV1 debug=99 debug doesn't do anything - delete it. This begs the question why did you add it? Any docs that say you need it are for the wrong Tomcat version. That is why you are best following the official Tomcat 6 docs. reloadable=true Resource name=jdbc/trailsDB auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/trailsDB?user=buzzamp;password=99 maxActive=8/ I assume this resource is required by the application since the JBDCRealm won't use it. Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/trailsDB userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / You are missing the connectionName and connectionPassword attributes. Both of which are clearly marked as required in the docs. Again - use the official docs and life gets a lot easier. /Context /Host /Engine /Service /Server And my web.xml: security-constraint web-resource-collection web-resource-nameUpdateTrails/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method This is bad from a security point of view. This means *only* GET and POST are protected but all of the other HTTP methods are allowed. I doubt that is what you want. /web-resource-collection auth-constraint descriptionThese are the roles who have access/description role-nameadmin/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameTomcat Server Configuration Form-Based Authentication Area/realm-name form-login-config form-login-page/Login.html/form-login-page form-error-page/auth-error.html/form-error-page /form-login-config /login-config resource-ref descriptionDB Connection/description
Re: Realm configuration issues
One other question, Chuck. One of the conflicting info is whether to put the DataSource Realm declaration inside a context element in META-INF/context.xml versus putting it in a context element inside a host element in server.xml. I get the impression that the META-INF directory is more for if you're packaging your webapp as a WAR. The other thing that's causing me some confusion is if you're putting your Realm declaration in server.xml should you comment out the default UserDatabase Realm that's above it ? (I know the Tomcat 6 docs say it's better not to put it in server.xml because that makes changing it more invasive, but right now I'm just trying to get it working - I can changs that later) Thanks On Sat, Sep 5, 2009 at 4:02 PM, Adam Posner cuco2...@gmail.com wrote: Ahh, that makes sense. I need to do some major mods. Thanks, Chuck. ! On Sat, Sep 5, 2009 at 10:28 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Realm configuration issues Any ideas why I might be getting this ? The 404 suggests the auth-error.html does not exist. Where is the file located? Since the security-constraint specifies a url-pattern of /*, doesn't that preclude delivering the error page, since it will also be protected? The url-pattern will also inhibit access to style sheets or any other resources the login page needs. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using multiple DataSource's for fail-over.
I don't think. Did you try shutting down one node? You can also look at netadmin tutorial to see what FAILOVER means. On Fri, Sep 4, 2009 at 11:58 AM, Bill Davidsonbill...@gmail.com wrote: Mohit Anchlia wrote: Something like this: (DESCRIPTION=(FAILOVER=ON)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=TCP)(HOST=x)(PORT=1526))(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=1526)))(CONNECT_DATA=(SERVICE_NAME=somesid))) I still haven't been able to locate the documentation, but that seems to make connections. I'm wondering if I need to configure the DBCP connectionProperties attribute with anything special for fail-over? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat not recognizing my Login info ?
Hi, I am wondering if I'm configuring my server.xml correctly. I have a DB called trailsDB with 2 tables in it called users and user_roles: | user_name | user_pass | +---+---+ | buzz | 99| | cuco | 77| | tobi | 11| | jaclyn| 66| | tomcat| | +---+---+ +---+---+ | user_name | role_name | +---+---+ | buzz | admin | | cuco | admin | | jaclyn| guest | | tobi | guest | +---+---+ I am using the DataSourceRealm with a server.xml as follows: (I've removed a few non relevant things to make it easier to read) ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- Engine name=Catalina defaultHost=localhost !--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) -- !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context path=/blurbV1 docBase=blurbV1 reloadable=true Resource name=jdbc/trailsDB auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/trailsDB?user=buzzamp;password=99 maxActive=8/ !-- 9/5: Removed these 2 lines from the Realm declatation as per the docs ex.: driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/trailsDB -- Realm className=org.apache.catalina.realm.DataSourceRealm dataSsourceName=jdbc/trailsDB localDataSource=true debug=99 userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / /Context /Host /Engine /Service /Server I'm wondering if I need to be using the info defined in the resource element with the DataSourceRealm, or if that should be put somewhere else. I'm using form based login, and when i attempt to access a protected resource and try to login, it doesnt recognize my credentials (for ex., this happens when I enter user name 'buzz' and password '99' at the login prompt on my Login.html. It sends me to auth-error.html instead when it should be granting me access. Here is my web.xml: ?xml version=1.0 encoding=UTF-8? web-app xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns= http://java.sun.com/xml/ns/javaee; xmlns:web= http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; xsi:schemaLocation= http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; id=WebApp_ID version=2.5 display-nameproject-1c/display-name welcome-file-list welcome-fileindex.html/welcome-file welcome-fileindex.htm/welcome-file welcome-fileindex.jsp/welcome-file welcome-filedefault.html/welcome-file welcome-filedefault.htm/welcome-file welcome-filedefault.jsp/welcome-file /welcome-file-list listener listener-class com.buzz.TrailsAppServletContextListener /listener-class /listener servlet descriptionfind trails based on category /description display-nameTrailFinderServlet/display-name servlet-nameTrailFinderServlet/servlet-name servlet-classcom.buzz.finder.TrailFinderServlet/servlet-class /servlet servlet-mapping servlet-nameTrailFinderServlet/servlet-name url-pattern/TrailFinderServlet/url-pattern /servlet-mapping servlet