No I think you are right. I have user_roles in the server.xml realm and the table in tomcatusers is called roles.
Is there a correct naming (user_roles vs roles)? Concerning the <security-role> is this required when using a JDBCRealm? Thanks, Luke > Sorry, i understand what you mean. > Your role table seems ok. > > -----Message d'origine----- > De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] > Envoy� : jeudi 10 f�vrier 2005 17:40 > � : 'Tomcat Users List' > Objet : RE : RE : Security Newbie - Need Help > > > > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Envoy� : jeudi 10 f�vrier 2005 16:57 > � : Tomcat Users List > Objet : Re: RE : Security Newbie - Need Help > > Where would the <security-role> be declared? WEB-INF/web.xml? > > Yes > > The tables I have are roles, user_roles and users. When you say wrong role > table which of the tables I have should be renamed? > > select * from roles; > ... > <realm ... userRoleTable="user_roles > > Thanks for you help, > > Luke > >> It seems that you have a wrong role table (roles or user_roles). >> Have you declare <security-role> element ? >> >> -----Message d'origine----- >> De : Luke [mailto:[EMAIL PROTECTED] >> Envoy� : jeudi 10 f�vrier 2005 16:02 >> � : Tomcat Users List >> Objet : Re: Security Newbie - Need Help >> >> Hi; >> >> Here is the roles table: >> >> mysql> select * from roles; >> +-----------+ >> | role_name | >> +-----------+ >> | admin | >> +-----------+ >> 1 row in set (0.02 sec) >> >> I noticed I did have a mistake in the realm declaration in my >> server.xml. >> I >> had the wrong user table name. That is fixed this but still have the >> problem: >> >> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" >> driverName="org.gjt.mm.mysql.Driver" >> >> > connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas >> sword" >> userTable="users" userNameCol="user_name" >> userCredCol="user_pass" userRoleTable="user_roles" >> roleNameCol="role_name" /> >> >> I also changed my security declaration to have a realm-name in the login >> config: >> >> <!-- security --> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>fw</web-resource-name> >> <url-pattern>*.do</url-pattern> >> <http-method>POST</http-method> >> <http-method>GET</http-method> >> </web-resource-collection> >> <auth-constraint> >> <role-name>admin</role-name> >> </auth-constraint> >> <login-config> >> <auth-method>BASIC</auth-method> >> <realm-name>fw</realm-name> >> </login-config> >> </security-constraint> >> >> The error is (which appears without a login window first allowing me to >> authenticate): >> >> >> HTTP Status 403 - Configuration error: Cannot perform access control >> without >> an authenticated principal >> type Status report >> message Configuration error: Cannot perform access control without an >> authenticated principal >> description Access to the specified resource (Configuration error: >> Cannot >> perform access control without an authenticated principal) has been >> forbidden. >> Apache Tomcat/5.0.28 >> >> >> Thanks, >> >> Luke >> >> ----- Original Message ----- >> From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> >> To: "'Tomcat Users List'" <[email protected]> >> Sent: Thursday, February 10, 2005 12:27 AM >> Subject: RE : Security Newbie - Need Help >> >> >>> Hi, >>> Could you verify that you have declared your admin role in the web.xml >>> file. >>> <security-role> >>> <role-name>admin</role-name> >>> </security-role> >>> >>> -----Message d'origine----- >>> De : Luke [mailto:[EMAIL PROTECTED] >>> Envoy� : jeudi 10 f�vrier 2005 07:33 >>> � : Tomcat Users List >>> Objet : Security Newbie - Need Help >>> >>> >>> Hi; >>> >>> I am trying to install a security realm for my application. I am >>> expecting >> a >>> browser login window. But instead I get: >>> >>> HTTP Status 403 - Configuration error: Cannot perform access control >>> without an authenticated principal >>> type Status report >>> message Configuration error: Cannot perform access control without an >>> authenticated principal >>> description Access to the specified resource (Configuration error: >>> Cannot >>> perform access control without an authenticated principal) has been >>> forbidden. >>> Apache Tomcat/5.0.28 >>> >>> Why I am not getting the login window? >>> >>> Here is the web.xml in project root/WEB-INF >>> >>> <security-constraint> >>> <web-resource-collection> >>> <web-resource-name>fw</web-resource-name> >>> <url-pattern>*.do</url-pattern> >>> <http-method>POST</http-method> >>> </web-resource-collection> >>> <auth-constraint> >>> <role-name>admin</role-name> >>> </auth-constraint> >>> <login-config> >>> <auth-method>BASIC</auth-method> >>> </login-config> >>> </security-constraint> >>> >>> >>> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" >>> driverName="org.gjt.mm.mysql.Driver" >>> >>> >> > connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor >>> d=password" >>> userTable="applicationusers" userNameCol="user_name" >>> userCredCol="user_pass" userRoleTable="user_roles" >>> roleNameCol="role_name" /> >>> >>> The table structure was created using the following sql: >>> >>> create table users ( >>> user_name varchar(15) not null primary key, >>> user_pass varchar(15) not null >>> >>> ); >>> >>> create table user_roles ( >>> user_name varchar(15) not null, >>> role_name varchar(15) not null, >>> primary key (user_name, role_name) >>> ); >>> >>> How can I trouble shoot this? The log doesn't show anything. Any tips >> would >>> be great. >>> >>> Thanks, >>> >>> Luke >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
