Re: Protecting applications in Tomcat using Directory Server
Surya Mishra wrote: Thank You Mark, My Tomcat server won't even start if the directory server is unreachable. That means other applications that have not protected are also failing. Second question: There is no attribute in the Realm definition to give a name to realm (as per the how-to document. Realm names are defined in web.xml How do I configure different realms for different applications? You can nest realms inside contexts. What is the default realm name for the tomcat-users.xml? It depends. Test your setup with basic auth and find out. I want the manager application to run using the default tomcat-users.xml. Another application is to be protected using JNDI realm. A third one is public meaning nothing is protected in that application. Set realms at the context level. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Protecting applications in Tomcat using Directory Server
Thank You Mark, My Tomcat server won't even start if the directory server is unreachable. That means other applications that have not protected are also failing. Second question: There is no attribute in the Realm definition to give a name to realm (as per the how-to document. How do I configure different realms for different applications? What is the default realm name for the tomcat-users.xml? I want the manager application to run using the default tomcat-users.xml. Another application is to be protected using JNDI realm. A third one is public meaning nothing is protected in that application. Thanks -Surya On 9/25/05, Mark Thomas <[EMAIL PROTECTED]> wrote: > > Surya Mishra wrote: > > I have successfully used JNDI realm to protect my applications on > Tomcat. > > But if Tomcat is unable to connect to the the directory server, it > refuses > > access. I want it to use the tomcat-users list as a backup if it fails > to > > connect to the directory. It seems if the JNDI realm is set up, the > > tomcat-users.cml file entries become useless. > > Need Help!!! > > Thanks > > -Surya > > > You are correct. This type of fall-back from one realm to another is > not supported. However, JNDI does have an alternateURL attribute which > is used if connecting to connectionURL fails. It isn't as well > documented as it should be - something that I'll fix later today - but > if you search > http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html for > alternateURL you should find the info you need. > > More generally, I suspect that making your directory more reliable (or > replicating to a second directory and using the alternateURL) is going > to be less effort and less error prone that trying to keep to > completely different lists of users, passwords and role assignments in > sync. > > Mark > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Protecting applications in Tomcat using Directory Server
Surya Mishra wrote: I have successfully used JNDI realm to protect my applications on Tomcat. But if Tomcat is unable to connect to the the directory server, it refuses access. I want it to use the tomcat-users list as a backup if it fails to connect to the directory. It seems if the JNDI realm is set up, the tomcat-users.cml file entries become useless. Need Help!!! Thanks -Surya You are correct. This type of fall-back from one realm to another is not supported. However, JNDI does have an alternateURL attribute which is used if connecting to connectionURL fails. It isn't as well documented as it should be - something that I'll fix later today - but if you search http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html for alternateURL you should find the info you need. More generally, I suspect that making your directory more reliable (or replicating to a second directory and using the alternateURL) is going to be less effort and less error prone that trying to keep to completely different lists of users, passwords and role assignments in sync. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Protecting applications in Tomcat using Directory Server
I have successfully used JNDI realm to protect my applications on Tomcat. But if Tomcat is unable to connect to the the directory server, it refuses access. I want it to use the tomcat-users list as a backup if it fails to connect to the directory. It seems if the JNDI realm is set up, the tomcat-users.cml file entries become useless. Need Help!!! Thanks -Surya