I am trying to protect a webapp I wrote using a JDBCRealm, but it doesn't seem to work as expected. I am using Tomcat 4.1.27, and Postgresql 7.3.2, with latest JDBC driver within $tomcat/common/lib.
My realm is described as follows, in $tomcat/conf/server.xml :
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.postgresql.Driver"
digest="md5"
connectionURL="jdbc:postgresql://127.0.0.1/mydb"
connectionName="mylogin" connectionPassword="mypass"
userTable="pg_shadow" userNameCol="usename" userCredCol="passwd"
userRoleTable="named_roles" roleNameCol="role" />When I start Tomcat, I can see it connecting and idling to mydb, so JDBC driver works. Also 'mylogin' has read access on named_roles.
My webapp is called 'test' and located within $tomcat/webapps/, its WEB-INF/web.xml is as follows :
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd";><web-app>
<security-constraint>
<web-ressource-collection>
<web-ressource-name>test</web-ressource-name>
<url-pattern>/*</url-pattern>
</web-ressource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>test</realm-name>
</login-config>
<security-role>
<role-name>myrole</role-name>
</security-role>
</web-app>The 'myrole' role is defined in my named_roles table, and I have several users under that role. I did add <security-role> tags because Tomcat would warn me about 'myrole' not being within <security-role> tags on startup.
Now when I am trying to access http://localhost:8080/test, no authentication window pops up, I can access it freely, which shouldn't be correct (?). When I look at logs, I can see :
2003-09-23 14:14:52 ContextConfig[/test]: Configured an authenticator for method BASIC
2003-09-23 14:14:52 StandardManager[/test]: Seeding random number generator class java.security.SecureRandom
2003-09-23 14:14:52 StandardManager[/test]: Seeding of random number generator has been completed
If BASIC auth method is activated, why isn't my browser showing up an auth window ? :-/
Also I know Postgres doesn't store md5 password files like md5_func(password), but instead md5_func(password+login), will it cause problems with Tomcat's digest=md5 behaviour ?
Thanks for any help
Laurent Perez
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
