OWF webapp log errors
I have installed the OWF webapp in Tomcat and I'm trying to resolve some errors I'm finding in the log files. I have not had much luck getting responses to questions on the OWF mailing list, so I'm hoping someone can help here. Here are the details of my setup: -Windows 7. -Tomcat 7.0.42. -MySQL 5.6. -JDK 7.51-b13. -IE 11 browser. First, the OWF webapp does start (some features are not working). The webapp is not generating a stacktrace or an initialization log file anymore since I resolved earlier errors with help. There are 3 log files remaining that list SEVERE errors. I will start with the 1 error reported in the localhost log. Any idea how to resolve the following error? Mar 01, 2014 12:19:36 PM org.apache.catalina.core.StandardContext filterStart SEVERE: Exception starting filter springSecurityFilterChain org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean Definition(DefaultListableBeanFactory.java:527) at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocal BeanDefinition(AbstractBeanFactory.java:1083) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(Abst ractBeanFactory.java:274) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(Abstra ctBeanFactory.java:194) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(Abst ractBeanFactory.java:266) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(Abstra ctBeanFactory.java:194) at org.springframework.context.support.AbstractApplicationContext.getBean(Abstr actApplicationContext.java:1079) at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(Delegating FilterProxy.java:217) at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(Delegati ngFilterProxy.java:145) at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java :179) at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilte rConfig.java:281) at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilter Config.java:262) at org.apache.catalina.core.ApplicationFilterConfig.init(ApplicationFilterCon fig.java:107) at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:47 75) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java: 5452) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:9 01) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:976) at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1653) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
RE: Installing the OWF webapp to an existing Tomcat Instance
Mark, -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, February 25, 2014 3:34 AM To: Tomcat Users List Subject: Re: Installing the OWF webapp to an existing Tomcat Instance On 24/02/2014 23:46, J. Brian Hall 2. Log files. Yes, the webapp fails to initialize. Here's the first few lines: ERROR org.springframework.web.context.ContextLoader - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'messageSource': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transactionManager': Cannot resolve reference to bean 'sessionFactory' while setting bean property 'sessionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionFactory': Cannot resolve reference to bean 'hibernateProperties' while setting bean property 'hibernateProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'hibernateProperties': Cannot resolve reference to bean 'dialectDetector' while setting bean property 'properties' with key [hibernate.dialect]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialectDetector': Invocation of init method failed; nested exception is org.springframework.jdbc.support.MetaDataAccessException Where did you put the JAR containing your JDBC driver? It should be in the lib directory and nowhere else. Yes, I have mysql-connector-java-5.1.26-bin.jar placed in CATALINA_HOME\lib (and nowhere else). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Installing the OWF webapp to an existing Tomcat Instance
Chris, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, February 25, 2014 1:01 AM To: Tomcat Users List Subject: Re: Installing the OWF webapp to an existing Tomcat Instance -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Brian, On 2/24/14, 6:46 PM, J. Brian Hall wrote: Hey Chuck, thanks (I was worried someone would yell at me for posting this question here). Responses are below ... -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, February 24, 2014 6:26 PM To: Tomcat Users List Subject: RE: Installing the OWF webapp to an existing Tomcat Instance From: J. Brian Hall [mailto:jbrianhall...@me.com] Subject: Installing the OWF webapp to an existing Tomcat Instance if I access OWF through Tomcat's Application Manager, the URL address it follows goes to http://localhost:8080/owf/ when it should go to https://localhost:8443/owf/ That's expected - the manager doesn't know that the specified app is for https use only. However, there could be a problem with your server.xml file in Tomcat's conf directory, so you should post that here with comments removed and sensitive information masked out. Also, look in the various Tomcat log files to see if the application initialized properly. Thanks. Two comments: 1. The only thing I added to server.xml per the instructions is: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=certs/keystore.jks keystorePass=changeit clientAuth=want sslProtocol=TLS / Sanity check: you do have a certs/keystore.jks file and the password is in fact changeIt, right? It would be best to fully-qualify the path of the keystore file. Yes, the OWF distribution provided a certs folder with that file in it and 3 others. I fully-qualified the path and I have the same result. 2. Log files. Yes, the webapp fails to initialize. Here's the first few lines: ERROR org.springframework.web.context.ContextLoader - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'messageSource': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transactionManager': Cannot resolve reference to bean 'sessionFactory' while setting bean property 'sessionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionFactory': Cannot resolve reference to bean 'hibernateProperties' while setting bean property 'hibernateProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'hibernateProperties': Cannot resolve reference to bean 'dialectDetector' while setting bean property 'properties' with key [hibernate.dialect]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialectDetector': Invocation of init method failed; nested exception is org.springframework.jdbc.support.MetaDataAccessException Failure to deploy ought to either cause Tomcat to immediately stop after trying to start or continue running and issue 404 responses for requests to /owf/ -- depending upon the severity of the error. Is there anything suspicious in logs/catalina.out (or any other log file in logs/ for that matter)? Yes, note that I don't have experience with the logs so I will provide parts that may shed light: Feb 24, 2014 7:14:28 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR Feb 24, 2014 7:14:28 PM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] Feb 24, 2014 7:15:13 PM org.apache.catalina.core.StandardContext startInternal SEVERE: Error listenerStart Feb 24, 2014 7:15:13 PM org.apache.catalina.core.StandardContext startInternal SEVERE: Context [/owf] startup failed due to previous errors Feb 24, 2014 7:15:13 PM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc SEVERE: The web application [/owf] registered the JDBC driver [org.hsqldb.jdbcDriver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered. Feb 24, 2014 7:15:13 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/owf] appears to have started a thread named [HSQLDB Timer @dd627f] but has failed to stop it. This is very likely to create a memory leak. - -chris -BEGIN PGP SIGNATURE
RE: Installing the OWF webapp to an existing Tomcat Instance
Mikolaj, -Original Message- From: Mikolaj Rydzewski [mailto:m...@ceti.pl] Sent: Tuesday, February 25, 2014 2:52 AM To: Tomcat Users List Subject: RE: Installing the OWF webapp to an existing Tomcat Instance On 25.02.2014 00:46, J. Brian Hall wrote: ERROR org.springframework.web.context.ContextLoader - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'messageSource': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transactionManager': Cannot resolve reference to bean 'sessionFactory' while setting bean property 'sessionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionFactory': Cannot resolve reference to bean 'hibernateProperties' while setting bean property 'hibernateProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'hibernateProperties': Cannot resolve reference to bean 'dialectDetector' while setting bean property 'properties' with key [hibernate.dialect]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialectDetector': Invocation of init method failed; nested exception is org.springframework.jdbc.support.MetaDataAccessException Is it the complete error message? Is there anything more in the logs? Yes, the log files are extensive - should I post them here? Which one? Those error messages are related to JDBC problems. Is your DB up and running with all tables created and with correct permissions? I had Tomcat and MySQL up and running without problems before this and the DB works with other webapps. The OWF webapp that I'm trying to install provided a script to create the tables within the schema. All lines of the script ran successfully. You said, that install guide is for older version of Tomcat. Several versions of Tomcat back, there were changes in way one configures datasource resources. Maybe your install guide refers to the old way? Yes, the OWF webapp comes with Tomcat 7.0.21. I'm using Tomcat 7.0.42. Should I changes how the datasource resources are configured? How? -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Installing the OWF webapp to an existing Tomcat Instance
Mikolaj, -Original Message- From: Mikolaj Rydzewski [mailto:m...@ceti.pl] Sent: Tuesday, February 25, 2014 7:35 AM To: Tomcat Users List Subject: RE: Installing the OWF webapp to an existing Tomcat Instance On 25.02.2014 13:22, J. Brian Hall wrote: Feb 24, 2014 7:14:28 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR What about adding missing attribute? I'm not sure what you mean? Adding what missing attribute to what file? -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Installing the OWF webapp to an existing Tomcat Instance
Chuck, you are THE MAN! That was it. No log file now for the owf webapp. It successfully initializes. Also, when accessing owf from http://localhost:8080/manager/html, I'm successfully prompted for certificates and redirected to https://localhost:8443/owf One other kink I tried to work-out. When I go to https://localhost:8443/owf, I get the following common message: There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Bla, bla, bla, ... I can click on continue to this website and the webapp works fine and just shows untrusted certificate highlighted in red where the URL is located in the browser. So I imported the certificates via Tools-Internet Options-Content Tab-Certificates. But I still get this untrusted certificate message. Is there any way to overcome this? Thank you again for your help. Brian. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 25, 2014 8:08 AM To: Tomcat Users List Subject: RE: Installing the OWF webapp to an existing Tomcat Instance From: J. Brian Hall [mailto:jbrianhall...@me.com] Subject: RE: Installing the OWF webapp to an existing Tomcat Instance Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=certs/keystore.jks keystorePass=changeit clientAuth=want sslProtocol=TLS / Feb 24, 2014 7:14:28 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler [http-apr-8443] java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR You appear to have the APR library installed (tcnative-1.dll), but have configured SSL for the pure Java handler. You must choose one or the other, not mix them. Doc is here: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support If you want to keep the Java keystore, you can delete or rename the above .dll, or comment out the APR listener in conf/server.xml. Note that the APR SSL handler is more efficient than the pure Java one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Installing the OWF webapp to an existing Tomcat Instance
Leo, -Original Message- From: Leo Donahue [mailto:donahu...@gmail.com] Sent: Tuesday, February 25, 2014 9:44 AM To: Tomcat Users List Subject: Re: Installing the OWF webapp to an existing Tomcat Instance On Tue, Feb 25, 2014 at 7:17 AM, J. Brian Hall jbrianhall...@me.com wrote: Chuck, you are THE MAN! +1 One other kink I tried to work-out. When I go to https://localhost:8443/owf, I get the following common message: There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Bla, bla, bla, ... There is some important stuff in the bla bla part. If you created your certificate with a domain name, you can't expect to not get warned when you access your site with the name localhost. Did you try putting in the server name or domain name in the URL? Same error? What exactly is the error? Response: No problem. I didn't create the cert, it came with the owf webapp. I'm working in a development/test environment so maybe the untrusted certificate message is unavoidable? Just because the cert wasn't issued by a trusted source doesn't mean you can't self sign one yourself and use it. If you created the cert correctly, and install it in the Trusted Root Certification Authorities store, you shouldn't get that error message. Response: Assuming the webapp developer created the certs correctly, how do I install them in the Trusted Root Authorities store? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Installing the OWF webapp to an existing Tomcat Instance
I submitted the following request for help on the OWF mailing list but no one is replying. I'm hoping someone here may be able to help? OWF is a webapp I'm trying to install to an existing instance of Tomcat (the OWF webapp bundle ships with an older version of Tomcat). Appendix C of the attached guide provides short, simple steps to install OWF on an existing instance of Tomcat. I followed all the these straight-forward procedures but the webapp fails to start - I get a HTTP Status 404 (requested resource is not available). Also, if I access OWF through Tomcat's Application Manager, the URL address it follows goes to http://localhost:8080/owf/ when it should go to https://localhost:8443/owf/ (if I go to this site directly, the browser title bar just shows the message Waiting for localhost and never does anything. Other details of my setup: -Windows 7 -Tomcat 7.0.42 -MySQL 5.6 (Note that I followed the directions on p. 12-13 to integrate with MySQL). -JDK 1.7.0_51-b13 Sorry to ask this question on this list, but I don't know where else to go. Brian. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Installing the OWF webapp to an existing Tomcat Instance
Hey Chuck, thanks (I was worried someone would yell at me for posting this question here). Responses are below ... -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, February 24, 2014 6:26 PM To: Tomcat Users List Subject: RE: Installing the OWF webapp to an existing Tomcat Instance From: J. Brian Hall [mailto:jbrianhall...@me.com] Subject: Installing the OWF webapp to an existing Tomcat Instance if I access OWF through Tomcat's Application Manager, the URL address it follows goes to http://localhost:8080/owf/ when it should go to https://localhost:8443/owf/ That's expected - the manager doesn't know that the specified app is for https use only. However, there could be a problem with your server.xml file in Tomcat's conf directory, so you should post that here with comments removed and sensitive information masked out. Also, look in the various Tomcat log files to see if the application initialized properly. Thanks. Two comments: 1. The only thing I added to server.xml per the instructions is: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=certs/keystore.jks keystorePass=changeit clientAuth=want sslProtocol=TLS / 2. Log files. Yes, the webapp fails to initialize. Here's the first few lines: ERROR org.springframework.web.context.ContextLoader - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'messageSource': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'transactionManager': Cannot resolve reference to bean 'sessionFactory' while setting bean property 'sessionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sessionFactory': Cannot resolve reference to bean 'hibernateProperties' while setting bean property 'hibernateProperties'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'hibernateProperties': Cannot resolve reference to bean 'dialectDetector' while setting bean property 'properties' with key [hibernate.dialect]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialectDetector': Invocation of init method failed; nested exception is org.springframework.jdbc.support.MetaDataAccessException if I go to this site directly, the browser title bar just shows the message Waiting for localhost and never does anything. Could be a certificate problem. Other details of my setup: -Windows 7 -Tomcat 7.0.42 -MySQL 5.6 (Note that I followed the directions on p. 12-13 to integrate with MySQL). -JDK 1.7.0_51-b13 Thanks for that; many people forget. Sorry to ask this question on this list, but I don't know where else to go. This is an appropriate place for such questions. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
j_security_check error
Im using Tomcat and a MySQL database that contains usernames/passwords/roles for form-based authentication. Logging in with correct username/password successfully directs to index.jsp (from login.jsp). Logging in with incorrect username/password successfully directs to error.jsp (from login.jsp). However, an unsuccessful login followed by attempting to login with the correct username/password leads to an HTTP Status 404 j_security_check error that says the requested resource is not available. Does anyone know what may be wrong? Here are the details of my configuration. Software -Windows 7 -MySQL 5.6 -Tomcat 7.042 context.xml ?xml version=1.0 encoding=UTF-8? Context antiJARLocking=true antiResourceLocking=true path=/webapp Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/database connectionName=username connectionPassword=password userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ /Context login.jsp html head titlemywebapp demo/title meta http-equiv=ÓContent-TypeÓ content=Ótext/html; charset=UTF-8Ó /head body div class=ÓcontentÓ bPlease login to continue/b form method=post action=j_security_check table tr tdlabel for=usernameUsername:/label/td tdinput id=username type=text name=j_username /td /tr tr tdlabel for=passwordPassword:/label/td tdinput id=password type=password name=j_password /td tdinput type=submit value=Login //td /tr /table /form /div /body /html web.xml (for the webapp) ?xml version=1.0 encoding=ISO-8859-1? web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 display-namewebapp/display-name descriptionForm-Based Authentication with mySQL/description resource-ref descriptionmySQL Database/description res-ref-namejdbc/database/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref security-constraint web-resource-collection web-resource-namewebapps/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namerolename/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config /web-app
Configuring Combined Realm
How can I configure CombinedRealm in order to: (1) use JDBCRealm for my webapp with form-based authentication while (2) also using the default UserDatabaseRealm for the Tomcat Web Application Manager? I can get one or the other to work, but not both. Here are the details of my setup: -OS: Windows 7 -Server: Tomcat 7.0.42 -Database: MySQL 5.6 Articles I have used up to this point: 1. Form-based authentication with Tomcat 7 and MySQL: http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and -tomcat-7-with-form-based-authentication/ 2. Configuring CombinedRealm: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm 3. Lastly, note that my database, tables, and Connector/J are setup per instructions above and I am able to login to my webapp with form-based authentication when only using JDBCRealm, but I then can't login to the Tomcat Web Application Manager. I configured the file CATALINA_HOME/config/server.xml in two ways: 1. I've identified the following global resources: !--Resource for Tomcat Web App Manager-- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / !--Resource for my webapp-- Resource name=jdbc/authority auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver description=mySQL Database url=jdbc:mysql://localhost:3306/authority maxActive=15 maxidle=3/ 2. I've nested Realms within CombinedRealm as follows: Realm className=org.apache.catalina.realm.CombinedRealm !-- LockOutRealm to prevent brute-force attack. -- Realm className=org.apache.catalina.realm.LockOutRealm failureCount=3 lockoutTime=3600/ !-- Default Realm for Tomcat Application Manager -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- JDBC Realm for my webapp. -- Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/authority connectionName=root connectionPassword=root userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ /Realm Lastly, I configured my CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml file as follows: ?xml version=1.0 encoding=ISO-8859-1? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-namewebapp/display-name descriptionForm-Based Authentication with mySQL/description resource-ref descriptionmySQL Database/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref security-constraint web-resource-collection web-resource-nameProtected/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namewebappuser/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config /web-app
RE: Configuring Combined Realm
Folks, please ignore my question. I found the problem. Basically, I had the same username / password combination in both databases used under CombinedRealm, (which would be fine) but the associated role_name was different and that's what caused the problem. In any event, all is working. Sorry for the fuss. From: J. Brian Hall [mailto:jbrianhall...@me.com] Sent: Monday, October 28, 2013 7:46 AM To: 'users@tomcat.apache.org' Subject: Configuring Combined Realm How can I configure CombinedRealm in order to: (1) use JDBCRealm for my webapp with form-based authentication while (2) also using the default UserDatabaseRealm for the Tomcat Web Application Manager? I can get one or the other to work, but not both. Here are the details of my setup: -OS: Windows 7 -Server: Tomcat 7.0.42 -Database: MySQL 5.6 Articles I have used up to this point: 1. Form-based authentication with Tomcat 7 and MySQL: http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and -tomcat-7-with-form-based-authentication/ 2. Configuring CombinedRealm: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm 3. Lastly, note that my database, tables, and Connector/J are setup per instructions above and I am able to login to my webapp with form-based authentication when only using JDBCRealm, but I then can't login to the Tomcat Web Application Manager. I configured the file CATALINA_HOME/config/server.xml in two ways: 1. I've identified the following global resources: !--Resource for Tomcat Web App Manager-- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / !--Resource for my webapp-- Resource name=jdbc/authority auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver description=mySQL Database url=jdbc:mysql://localhost:3306/authority maxActive=15 maxidle=3/ 2. I've nested Realms within CombinedRealm as follows: Realm className=org.apache.catalina.realm.CombinedRealm !-- LockOutRealm to prevent brute-force attack. -- Realm className=org.apache.catalina.realm.LockOutRealm failureCount=3 lockoutTime=3600/ !-- Default Realm for Tomcat Application Manager -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- JDBC Realm for my webapp. -- Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/authority connectionName=root connectionPassword=root userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ /Realm Lastly, I configured my CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml file as follows: ?xml version=1.0 encoding=ISO-8859-1? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://java.sun.com/xml/ns/j2ee%20http:/java.sun.com/xml/ns/j2ee/web-app_2_ 4.xsd display-namewebapp/display-name descriptionForm-Based Authentication with mySQL/description resource-ref descriptionmySQL Database/description res-ref-namejdbc/authority/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref security-constraint web-resource-collection web-resource-nameProtected/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namewebappuser/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config /web-app
RE: Configuring Combined Realm
Hey Felix, thanks much. This is a better alternative for what I am doing. -Original Message- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: Monday, October 28, 2013 8:38 AM To: Tomcat Users List Subject: Re: Configuring Combined Realm Hello Brian, On Mo, 2013-10-28 at 07:46 -0400, J. Brian Hall wrote: How can I configure CombinedRealm in order to: (1) use JDBCRealm for my webapp with form-based authentication while (2) also using the default UserDatabaseRealm for the Tomcat Web Application Manager? I can get one or the other to work, but not both. Here are the details of my setup: you don't need CombinedRealm to setup two different Realms for two different contexts (webapps). In fact, it is not what you want. Just put the realm definitions into the contexts for the webapps. So the context for your webapp - I will name it appA - would probably be something like this (file: $CATALINA_BASE/conf/Catalina/localhost/appA.xml or $CATALINA_BASE/webapps/appA/META-INF/context.xml) Context Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/authority... / ... /Context While the context definition for the manager application would take the realm definition for the UserDatabaseRealm (file: $CATALINA_BASE/conf/Catalina/localhost/manager.xml or $CATALINA_BASE/webapps/manager/META-INF/context.xml) Context antiResourceLocking=false privileged=true Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ ... /Context You can wrap those realms with the LockOutRealm as done in your examples, of course. Note, that I replaced JDBCRealm with DataSourceRealm, since it is better suited for production. Look at http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html#DataSourceRealm for more details to configure it. Regards Felix -OS: Windows 7 -Server: Tomcat 7.0.42 -Database: MySQL 5.6 Articles I have used up to this point: 1. Form-based authentication with Tomcat 7 and MySQL: http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mys ql-and -tomcat-7-with-form-based-authentication/ 2. Configuring CombinedRealm: http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm 3. Lastly, note that my database, tables, and Connector/J are setup per instructions above and I am able to login to my webapp with form-based authentication when only using JDBCRealm, but I then can't login to the Tomcat Web Application Manager. I configured the file CATALINA_HOME/config/server.xml in two ways: 1. I've identified the following global resources: !--Resource for Tomcat Web App Manager-- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / !--Resource for my webapp-- Resource name=jdbc/authority auth=Container type=javax.sql.DataSource driverClassName=com.mysql.jdbc.Driver description=mySQL Database url=jdbc:mysql://localhost:3306/authority maxActive=15 maxidle=3/ 2. I've nested Realms within CombinedRealm as follows: Realm className=org.apache.catalina.realm.CombinedRealm !-- LockOutRealm to prevent brute-force attack. -- Realm className=org.apache.catalina.realm.LockOutRealm failureCount=3 lockoutTime=3600/ !-- Default Realm for Tomcat Application Manager -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- JDBC Realm for my webapp. -- Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3306/authority connectionName=root connectionPassword=root userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ /Realm Lastly, I configured my CATALINA_HOME/webapps/[mywebapp]/WEB-INF/web.xml file as follows: ?xml version=1.0 encoding=ISO-8859-1? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-namewebapp/display-name descriptionForm-Based Authentication with mySQL/description resource-ref descriptionmySQL Database/description
