We are running a tomcat webapp which allows the remote administration of a
Solaris machine via a http interface.
Access control is managed using the default MemoryRealm implementation
(using tomcat-users.xml to store users and roles).
The webapp allows changing various settings on the machine (including
editing and saving of the tomcat-users.xml file)
We're having the following problem:
>From time to time our tomcat-users.xml file is erased (it is replaced by a
file only containing the following:
<tomcat-users>
</tomcat-users>
).
So far we have not been able to reproduce this behaviour (it has happened
both after a tomcat restart and while running normally).
I have a feeling this has to do with the behaviour of the
org.apache.catalina.users.MemoryUserDatabase class.
In our code, when a user logs in, we access this class to retrieve the user
roles assigned to this particular user, like so:
MemoryUserDatabase userDatabase = new MemoryUserDatabase();
userDatabase.open();
User user = userDatabase.findUser(USER_ID);
userDatabase.close();
...
If login is successful, the user object is stored in the user's session
context. For access control, a user's roles are retrieved using:
Iterator iter = user.getRoles();
while (iter.hasNext()) {
Role aRole = (Role) iter.next();
if (aRole.getName().equals(REQUIRED_ROLE_FOR_ACCESS)) {
return true;//allow access
}
What could be the cause of this problem? I have seen a similar post
(http://archives.real-time.com/pipermail/tomcat-users/2003-March/103924.html
) before, but I have not found an answer so far.
The system that we are using:
Tomcat 5(.0.27) with Struts 1.1 on a Solaris 9 Ultrasparc III machine - JVM
Sun 1.4.2_04
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
