you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication).
Each servlet in the system that is secure is setup this way and has an associated mapping: <servlet> <servlet-name>EnterAssignment</servlet-name> <display-name>EnterAssignment</display-name> <description>Enter Assignment</description> <servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class> <security-role-ref> <role-name>IMS</role-name> <role-link>IMS</role-link> </security-role-ref> </servlet> ... <servlet-mapping> <servlet-name>EnterAssignment</servlet-name> <url-pattern>/servlet/EnterAssignment</url-pattern> </servlet-mapping> The server.xml contains a reference to the security tables by using the <Realm> tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: <Engine defaultHost="localhost" name="Catalina"> <Host appBase="webapps" name="localhost"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_log." suffix=".txt" timestamp="true" /> <Realm className="org.apache.catalina.realm.JDBCRealm" connectionName="username" connectionPassword="password" connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname" driverName="com.mysql.jdbc.Driver" userRoleTable="userrole" userTable="userpassword" roleNameCol="userrole" userNameCol="userid" userCredCol="passwordid" /> </Host> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true" /> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" /> </Engine> Hope this helps.... Enjoy! >>> [EMAIL PROTECTED] 02-10-2005 08:56 >>> Where would the <security-role> be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke > It seems that you have a wrong role table (roles or user_roles). > Have you declare <security-role> element ? > > -----Message d'origine----- > De : Luke [mailto:[EMAIL PROTECTED] > Envoyé : jeudi 10 février 2005 16:02 > À : Tomcat Users List > Objet : Re: Security Newbie - Need Help > > Hi; > > Here is the roles table: > > mysql> select * from roles; > +-----------+ > | role_name | > +-----------+ > | admin | > +-----------+ > 1 row in set (0.02 sec) > > I noticed I did have a mistake in the realm declaration in my server.xml. > I > had the wrong user table name. That is fixed this but still have the > problem: > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > driverName="org.gjt.mm.mysql.Driver" > > connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas > sword" > userTable="users" userNameCol="user_name" > userCredCol="user_pass" userRoleTable="user_roles" > roleNameCol="role_name" /> > > I also changed my security declaration to have a realm-name in the login > config: > > <!-- security --> > <security-constraint> > <web-resource-collection> > <web-resource-name>fw</web-resource-name> > <url-pattern>*.do</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>fw</realm-name> > </login-config> > </security-constraint> > > The error is (which appears without a login window first allowing me to > authenticate): > > > HTTP Status 403 - Configuration error: Cannot perform access control > without > an authenticated principal > type Status report > message Configuration error: Cannot perform access control without an > authenticated principal > description Access to the specified resource (Configuration error: Cannot > perform access control without an authenticated principal) has been > forbidden. > Apache Tomcat/5.0.28 > > > Thanks, > > Luke > > ----- Original Message ----- > From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org> > Sent: Thursday, February 10, 2005 12:27 AM > Subject: RE : Security Newbie - Need Help > > >> Hi, >> Could you verify that you have declared your admin role in the web.xml >> file. >> <security-role> >> <role-name>admin</role-name> >> </security-role> >> >> -----Message d'origine----- >> De : Luke [mailto:[EMAIL PROTECTED] >> Envoyé : jeudi 10 février 2005 07:33 >> À : Tomcat Users List >> Objet : Security Newbie - Need Help >> >> >> Hi; >> >> I am trying to install a security realm for my application. I am >> expecting > a >> browser login window. But instead I get: >> >> HTTP Status 403 - Configuration error: Cannot perform access control >> without an authenticated principal >> type Status report >> message Configuration error: Cannot perform access control without an >> authenticated principal >> description Access to the specified resource (Configuration error: >> Cannot >> perform access control without an authenticated principal) has been >> forbidden. >> Apache Tomcat/5.0.28 >> >> Why I am not getting the login window? >> >> Here is the web.xml in project root/WEB-INF >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>fw</web-resource-name> >> <url-pattern>*.do</url-pattern> >> <http-method>POST</http-method> >> </web-resource-collection> >> <auth-constraint> >> <role-name>admin</role-name> >> </auth-constraint> >> <login-config> >> <auth-method>BASIC</auth-method> >> </login-config> >> </security-constraint> >> >> >> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" >> driverName="org.gjt.mm.mysql.Driver" >> >> > connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor >> d=password" >> userTable="applicationusers" userNameCol="user_name" >> userCredCol="user_pass" userRoleTable="user_roles" >> roleNameCol="role_name" /> >> >> The table structure was created using the following sql: >> >> create table users ( >> user_name varchar(15) not null primary key, >> user_pass varchar(15) not null >> >> ); >> >> create table user_roles ( >> user_name varchar(15) not null, >> role_name varchar(15) not null, >> primary key (user_name, role_name) >> ); >> >> How can I trouble shoot this? The log doesn't show anything. Any tips > would >> be great. >> >> Thanks, >> >> Luke >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]