you will not need a roles table for tomcat... it is only useful to your own
applications that will edit the data. The system only utilizes the the
user-role table and the user-password table (at least for basic authentication).
Each servlet in the system that is secure is setup this way and has an
associated mapping:
<servlet>
<servlet-name>EnterAssignment</servlet-name>
<display-name>EnterAssignment</display-name>
<description>Enter Assignment</description>
<servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class>
<security-role-ref>
<role-name>IMS</role-name>
<role-link>IMS</role-link>
</security-role-ref>
</servlet>
...
<servlet-mapping>
<servlet-name>EnterAssignment</servlet-name>
<url-pattern>/servlet/EnterAssignment</url-pattern>
</servlet-mapping>
The server.xml contains a reference to the security tables by using the <Realm>
tag placed as shown (there are other ways to do it) and all db driver jars
have been place in the classpath:
<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" name="localhost">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="localhost_log." suffix=".txt" timestamp="true" />
<Realm className="org.apache.catalina.realm.JDBCRealm"
connectionName="username" connectionPassword="password"
connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname"
driverName="com.mysql.jdbc.Driver" userRoleTable="userrole"
userTable="userpassword" roleNameCol="userrole" userNameCol="userid"
userCredCol="passwordid" />
</Host>
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt" timestamp="true" />
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" />
</Engine>
Hope this helps.... Enjoy!
>>> [EMAIL PROTECTED] 02-10-2005 08:56 >>>
Where would the <security-role> be declared? WEB-INF/web.xml?
The tables I have are roles, user_roles and users. When you say wrong role
table which of the tables I have should be renamed?
Thanks for you help,
Luke
> It seems that you have a wrong role table (roles or user_roles).
> Have you declare <security-role> element ?
>
> -----Message d'origine-----
> De : Luke [mailto:[EMAIL PROTECTED]
> Envoyé : jeudi 10 février 2005 16:02
> À : Tomcat Users List
> Objet : Re: Security Newbie - Need Help
>
> Hi;
>
> Here is the roles table:
>
> mysql> select * from roles;
> +-----------+
> | role_name |
> +-----------+
> | admin |
> +-----------+
> 1 row in set (0.02 sec)
>
> I noticed I did have a mistake in the realm declaration in my server.xml.
> I
> had the wrong user table name. That is fixed this but still have the
> problem:
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.gjt.mm.mysql.Driver"
>
> connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas
> sword"
> userTable="users" userNameCol="user_name"
> userCredCol="user_pass" userRoleTable="user_roles"
> roleNameCol="role_name" />
>
> I also changed my security declaration to have a realm-name in the login
> config:
>
> <!-- security -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>fw</web-resource-name>
> <url-pattern>*.do</url-pattern>
> <http-method>POST</http-method>
> <http-method>GET</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>fw</realm-name>
> </login-config>
> </security-constraint>
>
> The error is (which appears without a login window first allowing me to
> authenticate):
>
>
> HTTP Status 403 - Configuration error: Cannot perform access control
> without
> an authenticated principal
> type Status report
> message Configuration error: Cannot perform access control without an
> authenticated principal
> description Access to the specified resource (Configuration error: Cannot
> perform access control without an authenticated principal) has been
> forbidden.
> Apache Tomcat/5.0.28
>
>
> Thanks,
>
> Luke
>
> ----- Original Message -----
> From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]>
> To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> Sent: Thursday, February 10, 2005 12:27 AM
> Subject: RE : Security Newbie - Need Help
>
>
>> Hi,
>> Could you verify that you have declared your admin role in the web.xml
>> file.
>> <security-role>
>> <role-name>admin</role-name>
>> </security-role>
>>
>> -----Message d'origine-----
>> De : Luke [mailto:[EMAIL PROTECTED]
>> Envoyé : jeudi 10 février 2005 07:33
>> À : Tomcat Users List
>> Objet : Security Newbie - Need Help
>>
>>
>> Hi;
>>
>> I am trying to install a security realm for my application. I am
>> expecting
> a
>> browser login window. But instead I get:
>>
>> HTTP Status 403 - Configuration error: Cannot perform access control
>> without an authenticated principal
>> type Status report
>> message Configuration error: Cannot perform access control without an
>> authenticated principal
>> description Access to the specified resource (Configuration error:
>> Cannot
>> perform access control without an authenticated principal) has been
>> forbidden.
>> Apache Tomcat/5.0.28
>>
>> Why I am not getting the login window?
>>
>> Here is the web.xml in project root/WEB-INF
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>fw</web-resource-name>
>> <url-pattern>*.do</url-pattern>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> </login-config>
>> </security-constraint>
>>
>>
>> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>> driverName="org.gjt.mm.mysql.Driver"
>>
>>
> connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor
>> d=password"
>> userTable="applicationusers" userNameCol="user_name"
>> userCredCol="user_pass" userRoleTable="user_roles"
>> roleNameCol="role_name" />
>>
>> The table structure was created using the following sql:
>>
>> create table users (
>> user_name varchar(15) not null primary key,
>> user_pass varchar(15) not null
>>
>> );
>>
>> create table user_roles (
>> user_name varchar(15) not null,
>> role_name varchar(15) not null,
>> primary key (user_name, role_name)
>> );
>>
>> How can I trouble shoot this? The log doesn't show anything. Any tips
> would
>> be great.
>>
>> Thanks,
>>
>> Luke
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
