Re: Protecting applications in Tomcat using Directory Server

2005-09-26 Thread Mark Thomas

Surya Mishra wrote:

Thank You Mark,
My Tomcat server won't even start if the directory server is unreachable.
That means other applications that have not protected are also failing.
Second question: There is no attribute in the Realm definition to give a
name to realm (as per the how-to document.

Realm names are defined in web.xml


How do I configure different
realms for different applications?

You can nest realms inside contexts.

What is the default realm name for the

tomcat-users.xml?

It depends. Test your setup with basic auth and find out.

I want the manager application to run using the default

tomcat-users.xml. Another application is to be protected using JNDI realm. A
third one is public meaning nothing is protected in that application.

Set realms at the context level.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Protecting applications in Tomcat using Directory Server

2005-09-25 Thread Mark Thomas

Surya Mishra wrote:

 I have successfully used JNDI realm to protect my applications on Tomcat.
But if Tomcat is unable to connect to the the directory server, it refuses
access. I want it to use the tomcat-users list as a backup if it fails to
connect to the directory. It seems if the JNDI realm is set up, the
tomcat-users.cml file entries become useless.
Need Help!!!
Thanks
-Surya

You are correct. This type of fall-back from one realm to another is 
not supported. However, JNDI does have an alternateURL attribute which 
is used if connecting to connectionURL fails. It isn't as well 
documented as it should be - something that I'll fix later today - but 
if you search 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html for 
alternateURL you should find the info you need.


More generally, I suspect that making your directory more reliable (or 
replicating to a second directory and using the alternateURL) is going 
to be less effort and less error prone that trying to keep to 
completely different lists of users, passwords and role assignments in 
sync.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Protecting applications in Tomcat using Directory Server

2005-09-25 Thread Surya Mishra
Thank You Mark,
My Tomcat server won't even start if the directory server is unreachable.
That means other applications that have not protected are also failing.
Second question: There is no attribute in the Realm definition to give a
name to realm (as per the how-to document. How do I configure different
realms for different applications? What is the default realm name for the
tomcat-users.xml? I want the manager application to run using the default
tomcat-users.xml. Another application is to be protected using JNDI realm. A
third one is public meaning nothing is protected in that application.
 Thanks
-Surya

 On 9/25/05, Mark Thomas [EMAIL PROTECTED] wrote:

 Surya Mishra wrote:
  I have successfully used JNDI realm to protect my applications on
 Tomcat.
  But if Tomcat is unable to connect to the the directory server, it
 refuses
  access. I want it to use the tomcat-users list as a backup if it fails
 to
  connect to the directory. It seems if the JNDI realm is set up, the
  tomcat-users.cml file entries become useless.
  Need Help!!!
  Thanks
  -Surya
 
 You are correct. This type of fall-back from one realm to another is
 not supported. However, JNDI does have an alternateURL attribute which
 is used if connecting to connectionURL fails. It isn't as well
 documented as it should be - something that I'll fix later today - but
 if you search
 http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html for
 alternateURL you should find the info you need.

 More generally, I suspect that making your directory more reliable (or
 replicating to a second directory and using the alternateURL) is going
 to be less effort and less error prone that trying to keep to
 completely different lists of users, passwords and role assignments in
 sync.

 Mark



 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




Protecting applications in Tomcat using Directory Server

2005-09-24 Thread Surya Mishra
 I have successfully used JNDI realm to protect my applications on Tomcat.
But if Tomcat is unable to connect to the the directory server, it refuses
access. I want it to use the tomcat-users list as a backup if it fails to
connect to the directory. It seems if the JNDI realm is set up, the
tomcat-users.cml file entries become useless.
Need Help!!!
Thanks
-Surya