IMS is the system name... we chose that as the role name. You will need to use your role name and role link in its place. When a role is defined on a servlet it is secure. When it is not it is not secure (usually).
In the realm setting, make sure you have replaced the text "username" and "passwordid" for you username and password into your database and that the address or URI reference to the databse is correct with the appropriate database name. The text I sent was a working example from my system... The only piece that you shuld really pay attendion to is the <Realm> reference. You need to make sure it is setup for your system with the proper names. You may need to play with it a bit. We are running Tomcat 5.0.28 >>> [EMAIL PROTECTED] 02-11-2005 00:18 >>> Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke ----- Original Message ----- From: "Dennis Payne" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help > you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). > > Each servlet in the system that is secure is setup this way and has an associated mapping: > > <servlet> > <servlet-name>EnterAssignment</servlet-name> > <display-name>EnterAssignment</display-name> > <description>Enter Assignment</description> > <servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class> > <security-role-ref> > <role-name>IMS</role-name> > <role-link>IMS</role-link> > </security-role-ref> > </servlet> > ... > <servlet-mapping> > <servlet-name>EnterAssignment</servlet-name> > <url-pattern>/servlet/EnterAssignment</url-pattern> > </servlet-mapping> > > The server.xml contains a reference to the security tables by using the <Realm> tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: > > <Engine defaultHost="localhost" name="Catalina"> > <Host appBase="webapps" name="localhost"> > <Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_log." suffix=".txt" timestamp="true" /> > <Realm className="org.apache.catalina.realm.JDBCRealm" connectionName="username" connectionPassword="password" connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname" driverName="com.mysql.jdbc.Driver" userRoleTable="userrole" userTable="userpassword" roleNameCol="userrole" userNameCol="userid" userCredCol="passwordid" /> > </Host> > <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true" /> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" /> > </Engine> > > Hope this helps.... Enjoy! > > >>> [EMAIL PROTECTED] 02-10-2005 08:56 >>> > Where would the <security-role> be declared? WEB-INF/web.xml? > > The tables I have are roles, user_roles and users. When you say wrong role > table which of the tables I have should be renamed? > > Thanks for you help, > > Luke > > > It seems that you have a wrong role table (roles or user_roles). > > Have you declare <security-role> element ? > > > > -----Message d'origine----- > > De : Luke [mailto:[EMAIL PROTECTED] > > Envoy� : jeudi 10 f�vrier 2005 16:02 > > � : Tomcat Users List > > Objet : Re: Security Newbie - Need Help > > > > Hi; > > > > Here is the roles table: > > > > mysql> select * from roles; > > +-----------+ > > | role_name | > > +-----------+ > > | admin | > > +-----------+ > > 1 row in set (0.02 sec) > > > > I noticed I did have a mistake in the realm declaration in my server.xml. > > I > > had the wrong user table name. That is fixed this but still have the > > problem: > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > driverName="org.gjt.mm.mysql.Driver" > > > > connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas > > sword" > > userTable="users" userNameCol="user_name" > > userCredCol="user_pass" userRoleTable="user_roles" > > roleNameCol="role_name" /> > > > > I also changed my security declaration to have a realm-name in the login > > config: > > > > <!-- security --> > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>fw</web-resource-name> > > <url-pattern>*.do</url-pattern> > > <http-method>POST</http-method> > > <http-method>GET</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>admin</role-name> > > </auth-constraint> > > <login-config> > > <auth-method>BASIC</auth-method> > > <realm-name>fw</realm-name> > > </login-config> > > </security-constraint> > > > > The error is (which appears without a login window first allowing me to > > authenticate): > > > > > > HTTP Status 403 - Configuration error: Cannot perform access control > > without > > an authenticated principal > > type Status report > > message Configuration error: Cannot perform access control without an > > authenticated principal > > description Access to the specified resource (Configuration error: Cannot > > perform access control without an authenticated principal) has been > > forbidden. > > Apache Tomcat/5.0.28 > > > > > > Thanks, > > > > Luke > > > > ----- Original Message ----- > > From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> > > To: "'Tomcat Users List'" <[email protected]> > > Sent: Thursday, February 10, 2005 12:27 AM > > Subject: RE : Security Newbie - Need Help > > > > > >> Hi, > >> Could you verify that you have declared your admin role in the web.xml > >> file. > >> <security-role> > >> <role-name>admin</role-name> > >> </security-role> > >> > >> -----Message d'origine----- > >> De : Luke [mailto:[EMAIL PROTECTED] > >> Envoy� : jeudi 10 f�vrier 2005 07:33 > >> � : Tomcat Users List > >> Objet : Security Newbie - Need Help > >> > >> > >> Hi; > >> > >> I am trying to install a security realm for my application. I am > >> expecting > > a > >> browser login window. But instead I get: > >> > >> HTTP Status 403 - Configuration error: Cannot perform access control > >> without an authenticated principal > >> type Status report > >> message Configuration error: Cannot perform access control without an > >> authenticated principal > >> description Access to the specified resource (Configuration error: > >> Cannot > >> perform access control without an authenticated principal) has been > >> forbidden. > >> Apache Tomcat/5.0.28 > >> > >> Why I am not getting the login window? > >> > >> Here is the web.xml in project root/WEB-INF > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>fw</web-resource-name> > >> <url-pattern>*.do</url-pattern> > >> <http-method>POST</http-method> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>admin</role-name> > >> </auth-constraint> > >> <login-config> > >> <auth-method>BASIC</auth-method> > >> </login-config> > >> </security-constraint> > >> > >> > >> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > >> driverName="org.gjt.mm.mysql.Driver" > >> > >> > > connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor > >> d=password" > >> userTable="applicationusers" userNameCol="user_name" > >> userCredCol="user_pass" userRoleTable="user_roles" > >> roleNameCol="role_name" /> > >> > >> The table structure was created using the following sql: > >> > >> create table users ( > >> user_name varchar(15) not null primary key, > >> user_pass varchar(15) not null > >> > >> ); > >> > >> create table user_roles ( > >> user_name varchar(15) not null, > >> role_name varchar(15) not null, > >> primary key (user_name, role_name) > >> ); > >> > >> How can I trouble shoot this? The log doesn't show anything. Any tips > > would > >> be great. > >> > >> Thanks, > >> > >> Luke > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
