RE: JDBC Realm not triggering

Mon, 05 Mar 2001 00:37:01 -0800 

Please revise http://localhost:8080/examples/jsp/security/protected ..

The problem is that you need to access a protected resource for FORM
auth to work.., not directly the Login form....in the config below ..
you need to acess a url with the form
http://localhost:8080/context/pwAdmin/ i.e ( i dont know the exact name
of the context .. try substitute "context" with the right one ).. after
that Tomcat tries to authenticate the user prior to access the resource
..  showing the login form.. when you make a correct authentication.. it
redirect the form the login page to the original protected resource ..
does not have sense to try to access directly the login form..


Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Herchel Wojciech [mailto:[EMAIL PROTECTED]]
> Enviado el: lunes 5 de marzo de 2001 8:14
> Para: '[EMAIL PROTECTED]'
> Asunto: ODP: JDBC Realm not triggering
> 
> 
> same problem here - still don't know how to solve it :(
> 
> vVolf
> 
> 
> > -----Oryginalna wiadomooeæ-----
> > Od: Mike Slinn [mailto:[EMAIL PROTECTED]]
> > Wys³ano: 2 marca 2001 18:59
> > Do: [EMAIL PROTECTED]
> > Temat: JDBC Realm not triggering
> > 
> > 
> > I feel like I sailed off the edge of the known universe, 
> > because there isn't
> > much documentation for form-based authentication using JDBC 
> realms (at
> > least, none that I could find, beyond the short 
> > JDBCRealm.howto included in
> > the TomCat docs).
> > 
> > I am using Windows NT Server 4sp6 with JDK1.3 and Tomcat 3.2.1.
> > 
> > I made the following changes to server.xml:
> > 
> > <!-- <RequestInterceptor 
> > className="org.apache.tomcat.request.SimpleRealm"
> > debug="0" /> -->
> > <RequestInterceptor className="org.apache.tomcat.request.JDBCRealm"
> >      debug="99"
> >      driverName="org.gjt.mm.mysql.Driver"
> >      connectionURL="jdbc:mysql://blahblah.com:3306/database"
> >      connectionName="secret"
> >      connectionPassword="secret"
> >      userTable="Users" userNameCol="userId" 
> userCredCol="userPassword"
> >      userRoleTable="UserPriv" roleNameCol="privLevel" />
> > 
> > The database tables exist, exactly as shown in 
> > <RequestInterceptor>, since
> > mySql is case-sensitive w.r.t. table names.
> > 
> > Here is a piece of my web.xml:
> > 
> >   <security-constraint>
> >     <web-resource-collection>
> >       <web-resource-name>developer</web-resource-name>
> >       <url-pattern>/pwAdmin/*</url-pattern>
> >       <url-pattern>/pwModerator/*</url-pattern>
> >       <url-pattern>/pwNormal/*</url-pattern>
> >       <url-pattern>/pwPortal/*</url-pattern>
> >       <url-pattern>/pwTest/*</url-pattern>
> >       <http-method>get</http-method>
> >       <http-method>post</http-method>
> >     </web-resource-collection>
> > 
> >     <auth-constraint>
> >       <role-name>developer</role-name>
> >     </auth-constraint>
> > 
> >     <user-data-constraint>
> >       <transport-guarantee>NONE</transport-guarantee>
> >     </user-data-constraint>
> >   </security-constraint>
> > 
> >   <login-config>
> >     <auth-method>FORM</auth-method>
> >     <realm-name>JDBC</realm-name>
> >     <form-login-config>
> >       <form-login-page>/index.html</form-login-page>
> >       <form-error-page>/register.jsp</form-error-page>
> >     </form-login-config>
> >   </login-config>
> > 
> >   <security-role>
> >     <role-name>developer</role-name>
> >   </security-role>
> > 
> > 
> > Here is the authentication form:
> > <form method="POST" action="j_security_check">
> >    Login id: <input type="text" name="j_username" size="8"
> > class=formStyle><br>
> >    Password: <input type="password" name="j_password" size="8"
> > class=formStyle><br>
> >              <input type="submit" value="  Log In  " name="LogIn"
> > class=formStyle>
> > </form>
> > 
> > 
> > When I press the submit button, I get the following error:
> > HTTP 404 - File not found
> > The url reported is http://localhost:8080/j_security_check
> > 
> > Somehow the form action is not being picked up by the 
> TomCat security
> > mechanism.  What have I missed?
> > 
> > A few more questions:
> >  - If I omit <transport-guarantee>, does it default to NONE?
> >  - Is it possible to use * for <http-method> to specify 
> that all HTTP
> > methods are to be subject to security?
> >  - I would like to use a numeric column in the database to 
> > store the user
> > authentication level, rather than a text string.  Can the 
> > JDBC realm be set
> > up to work this way?
> >  - I found very little documentation regarding form-based 
> > authentication
> > using JDBC realms. Can you point me to some more?
> > 
> > ... thanks
> > Mike
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to