RE: JDBC Realm not triggering

Mon, 05 Mar 2001 01:19:25 -0800 

Hola Herchel:

I'm lost.., I dont understand what are you doing..

Please revise http://localhost:8080/examples/jsp/security without
JDBCRealm .. make it work with the default config...sure it works.. if
not file a bug under http://nagoya.apache.org/bugzilla..

You dont need to call the login page by yourself *never*, it's
suppoussed that the Container(Tomcat) does the work, iow when you try to
access a protected resource with a unauthenticated session, tomcat will
show the login.form, after a sucefull authentication , REDIRECTS from
the login page to the original protected resource..

JDBRealm  has *nothing* to do with FORM or BASIC or web.xml settings..,
it's ONLY a way to store user details inside a DB, .....


Hope this helps.


Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Herchel Wojciech [mailto:[EMAIL PROTECTED]]
> Enviado el: lunes 5 de marzo de 2001 9:59
> Para: '[EMAIL PROTECTED]'
> Asunto: ODP: JDBC Realm not triggering
> 
> 
> form auth does work, only j_security_check is not found.
> 
> vVolf
> 
> 
> > -----Oryginalna wiadomooeæ-----
> > Od: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]]
> > Wys³ano: 5 marca 2001 09:52
> > Do: '[EMAIL PROTECTED]'
> > Temat: RE: JDBC Realm not triggering
> > 
> > 
> > Please revise 
> http://localhost:8080/examples/jsp/security/protected ..
> > 
> > The problem is that you need to access a protected resource for FORM
> > auth to work.., not directly the Login form....in the 
> config below ..
> > you need to acess a url with the form
> > http://localhost:8080/context/pwAdmin/ i.e ( i dont know the 
> > exact name
> > of the context .. try substitute "context" with the right one 
> > ).. after
> > that Tomcat tries to authenticate the user prior to access 
> > the resource
> > ..  showing the login form.. when you make a correct 
> > authentication.. it
> > redirect the form the login page to the original protected 
> resource ..
> > does not have sense to try to access directly the login form..
> > 
> > 
> > Saludos ,
> > Ignacio J. Ortega
> > 
> > 
> > > -----Mensaje original-----
> > > De: Herchel Wojciech [mailto:[EMAIL PROTECTED]]
> > > Enviado el: lunes 5 de marzo de 2001 8:14
> > > Para: '[EMAIL PROTECTED]'
> > > Asunto: ODP: JDBC Realm not triggering
> > > 
> > > 
> > > same problem here - still don't know how to solve it :(
> > > 
> > > vVolf
> > > 
> > > 
> > > > -----Oryginalna wiadomooec-----
> > > > Od: Mike Slinn [mailto:[EMAIL PROTECTED]]
> > > > Wyslano: 2 marca 2001 18:59
> > > > Do: [EMAIL PROTECTED]
> > > > Temat: JDBC Realm not triggering
> > > > 
> > > > 
> > > > I feel like I sailed off the edge of the known universe, 
> > > > because there isn't
> > > > much documentation for form-based authentication using JDBC 
> > > realms (at
> > > > least, none that I could find, beyond the short 
> > > > JDBCRealm.howto included in
> > > > the TomCat docs).
> > > > 
> > > > I am using Windows NT Server 4sp6 with JDK1.3 and Tomcat 3.2.1.
> > > > 
> > > > I made the following changes to server.xml:
> > > > 
> > > > <!-- <RequestInterceptor 
> > > > className="org.apache.tomcat.request.SimpleRealm"
> > > > debug="0" /> -->
> > > > <RequestInterceptor 
> > className="org.apache.tomcat.request.JDBCRealm"
> > > >      debug="99"
> > > >      driverName="org.gjt.mm.mysql.Driver"
> > > >      connectionURL="jdbc:mysql://blahblah.com:3306/database"
> > > >      connectionName="secret"
> > > >      connectionPassword="secret"
> > > >      userTable="Users" userNameCol="userId" 
> > > userCredCol="userPassword"
> > > >      userRoleTable="UserPriv" roleNameCol="privLevel" />
> > > > 
> > > > The database tables exist, exactly as shown in 
> > > > <RequestInterceptor>, since
> > > > mySql is case-sensitive w.r.t. table names.
> > > > 
> > > > Here is a piece of my web.xml:
> > > > 
> > > >   <security-constraint>
> > > >     <web-resource-collection>
> > > >       <web-resource-name>developer</web-resource-name>
> > > >       <url-pattern>/pwAdmin/*</url-pattern>
> > > >       <url-pattern>/pwModerator/*</url-pattern>
> > > >       <url-pattern>/pwNormal/*</url-pattern>
> > > >       <url-pattern>/pwPortal/*</url-pattern>
> > > >       <url-pattern>/pwTest/*</url-pattern>
> > > >       <http-method>get</http-method>
> > > >       <http-method>post</http-method>
> > > >     </web-resource-collection>
> > > > 
> > > >     <auth-constraint>
> > > >       <role-name>developer</role-name>
> > > >     </auth-constraint>
> > > > 
> > > >     <user-data-constraint>
> > > >       <transport-guarantee>NONE</transport-guarantee>
> > > >     </user-data-constraint>
> > > >   </security-constraint>
> > > > 
> > > >   <login-config>
> > > >     <auth-method>FORM</auth-method>
> > > >     <realm-name>JDBC</realm-name>
> > > >     <form-login-config>
> > > >       <form-login-page>/index.html</form-login-page>
> > > >       <form-error-page>/register.jsp</form-error-page>
> > > >     </form-login-config>
> > > >   </login-config>
> > > > 
> > > >   <security-role>
> > > >     <role-name>developer</role-name>
> > > >   </security-role>
> > > > 
> > > > 
> > > > Here is the authentication form:
> > > > <form method="POST" action="j_security_check">
> > > >    Login id: <input type="text" name="j_username" size="8"
> > > > class=formStyle><br>
> > > >    Password: <input type="password" name="j_password" size="8"
> > > > class=formStyle><br>
> > > >              <input type="submit" value="  Log In  " 
> name="LogIn"
> > > > class=formStyle>
> > > > </form>
> > > > 
> > > > 
> > > > When I press the submit button, I get the following error:
> > > > HTTP 404 - File not found
> > > > The url reported is http://localhost:8080/j_security_check
> > > > 
> > > > Somehow the form action is not being picked up by the 
> > > TomCat security
> > > > mechanism.  What have I missed?
> > > > 
> > > > A few more questions:
> > > >  - If I omit <transport-guarantee>, does it default to NONE?
> > > >  - Is it possible to use * for <http-method> to specify 
> > > that all HTTP
> > > > methods are to be subject to security?
> > > >  - I would like to use a numeric column in the database to 
> > > > store the user
> > > > authentication level, rather than a text string.  Can the 
> > > > JDBC realm be set
> > > > up to work this way?
> > > >  - I found very little documentation regarding form-based 
> > > > authentication
> > > > using JDBC realms. Can you point me to some more?
> > > > 
> > > > ... thanks
> > > > Mike
> > > > 
> > > > 
> > > > 
> > > 
> > 
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: 
> [EMAIL PROTECTED]
> > > > For additional commands, email: 
> > [EMAIL PROTECTED]
> > > > 
> > > 
> > > 
> > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, email: 
> [EMAIL PROTECTED]
> > > 
> > > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to