Could you try MemoryRealm to evict filter mechanisms (like firewall or router configuration) between your tomcat serve rand your database ?
As you can see in the servlet specification the security-role element isn't optional. <!ELEMENT web-app (icon?, display-name?, description?, distributable?, context-param*, filter*, filter-mapping*, listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, welcome-file-list?, error-page*, taglib*, resourceenv- ref*, resource-ref*, security-constraint*, login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*)> -----Message d'origine----- De�: Luke [mailto:[EMAIL PROTECTED] Envoy�: vendredi 11 f�vrier 2005 08:18 ��: Tomcat Users List Objet�: Re: RE : Security Newbie - Need Help Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke ----- Original Message ----- From: "Dennis Payne" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help > you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). > > Each servlet in the system that is secure is setup this way and has an associated mapping: > > <servlet> > <servlet-name>EnterAssignment</servlet-name> > <display-name>EnterAssignment</display-name> > <description>Enter Assignment</description> > <servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class> > <security-role-ref> > <role-name>IMS</role-name> > <role-link>IMS</role-link> > </security-role-ref> > </servlet> > ... > <servlet-mapping> > <servlet-name>EnterAssignment</servlet-name> > <url-pattern>/servlet/EnterAssignment</url-pattern> > </servlet-mapping> > > The server.xml contains a reference to the security tables by using the <Realm> tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: > > <Engine defaultHost="localhost" name="Catalina"> > <Host appBase="webapps" name="localhost"> > <Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_log." suffix=".txt" timestamp="true" /> > <Realm className="org.apache.catalina.realm.JDBCRealm" connectionName="username" connectionPassword="password" connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname" driverName="com.mysql.jdbc.Driver" userRoleTable="userrole" userTable="userpassword" roleNameCol="userrole" userNameCol="userid" userCredCol="passwordid" /> > </Host> > <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true" /> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" /> > </Engine> > > Hope this helps.... Enjoy! > > >>> [EMAIL PROTECTED] 02-10-2005 08:56 >>> > Where would the <security-role> be declared? WEB-INF/web.xml? > > The tables I have are roles, user_roles and users. When you say wrong role > table which of the tables I have should be renamed? > > Thanks for you help, > > Luke > > > It seems that you have a wrong role table (roles or user_roles). > > Have you declare <security-role> element ? > > > > -----Message d'origine----- > > De : Luke [mailto:[EMAIL PROTECTED] > > Envoy� : jeudi 10 f�vrier 2005 16:02 > > � : Tomcat Users List > > Objet : Re: Security Newbie - Need Help > > > > Hi; > > > > Here is the roles table: > > > > mysql> select * from roles; > > +-----------+ > > | role_name | > > +-----------+ > > | admin | > > +-----------+ > > 1 row in set (0.02 sec) > > > > I noticed I did have a mistake in the realm declaration in my server.xml. > > I > > had the wrong user table name. That is fixed this but still have the > > problem: > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > driverName="org.gjt.mm.mysql.Driver" > > > > connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas > > sword" > > userTable="users" userNameCol="user_name" > > userCredCol="user_pass" userRoleTable="user_roles" > > roleNameCol="role_name" /> > > > > I also changed my security declaration to have a realm-name in the login > > config: > > > > <!-- security --> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>fw</web-resource-name> > > <url-pattern>*.do</url-pattern> > > <http-method>POST</http-method> > > <http-method>GET</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>admin</role-name> > > </auth-constraint> > > <login-config> > > <auth-method>BASIC</auth-method> > > <realm-name>fw</realm-name> > > </login-config> > > </security-constraint> > > > > The error is (which appears without a login window first allowing me to > > authenticate): > > > > > > HTTP Status 403 - Configuration error: Cannot perform access control > > without > > an authenticated principal > > type Status report > > message Configuration error: Cannot perform access control without an > > authenticated principal > > description Access to the specified resource (Configuration error: Cannot > > perform access control without an authenticated principal) has been > > forbidden. > > Apache Tomcat/5.0.28 > > > > > > Thanks, > > > > Luke > > > > ----- Original Message ----- > > From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> > > To: "'Tomcat Users List'" <[email protected]> > > Sent: Thursday, February 10, 2005 12:27 AM > > Subject: RE : Security Newbie - Need Help > > > > > >> Hi, > >> Could you verify that you have declared your admin role in the web.xml > >> file. > >> <security-role> > >> <role-name>admin</role-name> > >> </security-role> > >> > >> -----Message d'origine----- > >> De : Luke [mailto:[EMAIL PROTECTED] > >> Envoy� : jeudi 10 f�vrier 2005 07:33 > >> � : Tomcat Users List > >> Objet : Security Newbie - Need Help > >> > >> > >> Hi; > >> > >> I am trying to install a security realm for my application. I am > >> expecting > > a > >> browser login window. But instead I get: > >> > >> HTTP Status 403 - Configuration error: Cannot perform access control > >> without an authenticated principal > >> type Status report > >> message Configuration error: Cannot perform access control without an > >> authenticated principal > >> description Access to the specified resource (Configuration error: > >> Cannot > >> perform access control without an authenticated principal) has been > >> forbidden. > >> Apache Tomcat/5.0.28 > >> > >> Why I am not getting the login window? > >> > >> Here is the web.xml in project root/WEB-INF > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>fw</web-resource-name> > >> <url-pattern>*.do</url-pattern> > >> <http-method>POST</http-method> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>admin</role-name> > >> </auth-constraint> > >> <login-config> > >> <auth-method>BASIC</auth-method> > >> </login-config> > >> </security-constraint> > >> > >> > >> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > >> driverName="org.gjt.mm.mysql.Driver" > >> > >> > > connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor > >> d=password" > >> userTable="applicationusers" userNameCol="user_name" > >> userCredCol="user_pass" userRoleTable="user_roles" > >> roleNameCol="role_name" /> > >> > >> The table structure was created using the following sql: > >> > >> create table users ( > >> user_name varchar(15) not null primary key, > >> user_pass varchar(15) not null > >> > >> ); > >> > >> create table user_roles ( > >> user_name varchar(15) not null, > >> role_name varchar(15) not null, > >> primary key (user_name, role_name) > >> ); > >> > >> How can I trouble shoot this? The log doesn't show anything. Any tips > > would > >> be great. > >> > >> Thanks, > >> > >> Luke > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
