Hello; I finally got this. It turned out I had my:
<login-config> <auth-method>BASIC</auth-method> </login-config> Inside my <security-constraint> instead of being in the <web-app>. Once I moved this to the correct place in the document. Everything worked fine. Thanks to all that posted advice. Luke Luke Shannon Web Design/Development Java Programmer http://www.lukeshannon.com phone: 416-570-1984 ----- Original Message ----- From: "Luke" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[email protected]> Sent: Friday, February 11, 2005 9:05 PM Subject: Re: RE : Security Newbie - Need Help > Hi; > > I can't get the memory realm to work either. I am still getting the error > below without a login prompt: > > > HTTP Status 403 - Configuration error: Cannot perform access control without > an authenticated principal > type Status report > message Configuration error: Cannot perform access control without an > authenticated principal > description Access to the specified resource (Configuration error: Cannot > perform access control without an authenticated principal) has been > forbidden. > Apache Tomcat/5.0.27 > > This has to be something with my application, WEB-INF, server.xml. How > should I proceed to trouble shoot? > > Thanks, > > Luke > > ----- Original Message ----- > From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[email protected]> > Sent: Friday, February 11, 2005 12:21 AM > Subject: RE : RE : Security Newbie - Need Help > > > > Could you try MemoryRealm to evict filter mechanisms (like firewall or > > router configuration) between your tomcat serve rand your database ? > > > > As you can see in the servlet specification the security-role element > isn't > > optional. > > <!ELEMENT web-app (icon?, display-name?, description?, > > distributable?, context-param*, filter*, filter-mapping*, > > listener*, servlet*, servlet-mapping*, session-config?, mimemapping*, > > welcome-file-list?, error-page*, taglib*, resourceenv- > > ref*, resource-ref*, security-constraint*, login-config?, > > security-role*, env-entry*, ejb-ref*, ejb-local-ref*)> > > > > -----Message d'origine----- > > De : Luke [mailto:[EMAIL PROTECTED] > > Envoy� : vendredi 11 f�vrier 2005 08:18 > > � : Tomcat Users List > > Objet : Re: RE : Security Newbie - Need Help > > > > Hi Dennis; > > > > Where is IMS defined? Otherwise I have specified everything as you > > recommended. Yet I still get this error once I hit the page (no login > > prompt): > > > > > > HTTP Status 403 - Configuration error: Cannot perform access control > without > > an authenticated principal > > type Status report > > message Configuration error: Cannot perform access control without an > > authenticated principal > > description Access to the specified resource (Configuration error: Cannot > > perform access control without an authenticated principal) has been > > forbidden. > > Apache Tomcat/5.0.28 > > > > Thanks, > > > > Luke > > > > > > ----- Original Message ----- > > From: "Dennis Payne" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Thursday, February 10, 2005 11:23 AM > > Subject: Re: RE : Security Newbie - Need Help > > > > > > > you will not need a roles table for tomcat... it is only useful to your > > own applications that will edit the data. The system only utilizes the the > > user-role table and the user-password table (at least for basic > > authentication). > > > > > > Each servlet in the system that is secure is setup this way and has an > > associated mapping: > > > > > > <servlet> > > > <servlet-name>EnterAssignment</servlet-name> > > > <display-name>EnterAssignment</display-name> > > > <description>Enter Assignment</description> > > > <servlet-class>com.mtc.ims.ia.servlet.EnterAssignment</servlet-class> > > > <security-role-ref> > > > <role-name>IMS</role-name> > > > <role-link>IMS</role-link> > > > </security-role-ref> > > > </servlet> > > > ... > > > <servlet-mapping> > > > <servlet-name>EnterAssignment</servlet-name> > > > <url-pattern>/servlet/EnterAssignment</url-pattern> > > > </servlet-mapping> > > > > > > The server.xml contains a reference to the security tables by using the > > <Realm> tag placed as shown (there are other ways to do it) and all db > > driver jars have been place in the classpath: > > > > > > <Engine defaultHost="localhost" name="Catalina"> > > > <Host appBase="webapps" name="localhost"> > > > <Logger className="org.apache.catalina.logger.FileLogger" > > prefix="localhost_log." suffix=".txt" timestamp="true" /> > > > <Realm className="org.apache.catalina.realm.JDBCRealm" > > connectionName="username" connectionPassword="password" > > connectionURL="jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname" > > driverName="com.mysql.jdbc.Driver" userRoleTable="userrole" > > userTable="userpassword" roleNameCol="userrole" userNameCol="userid" > > userCredCol="passwordid" /> > > > </Host> > > > <Logger className="org.apache.catalina.logger.FileLogger" > > prefix="catalina_log." suffix=".txt" timestamp="true" /> > > > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" /> > > > </Engine> > > > > > > Hope this helps.... Enjoy! > > > > > > >>> [EMAIL PROTECTED] 02-10-2005 08:56 >>> > > > Where would the <security-role> be declared? WEB-INF/web.xml? > > > > > > The tables I have are roles, user_roles and users. When you say wrong > role > > > table which of the tables I have should be renamed? > > > > > > Thanks for you help, > > > > > > Luke > > > > > > > It seems that you have a wrong role table (roles or user_roles). > > > > Have you declare <security-role> element ? > > > > > > > > -----Message d'origine----- > > > > De : Luke [mailto:[EMAIL PROTECTED] > > > > Envoy� : jeudi 10 f�vrier 2005 16:02 > > > > � : Tomcat Users List > > > > Objet : Re: Security Newbie - Need Help > > > > > > > > Hi; > > > > > > > > Here is the roles table: > > > > > > > > mysql> select * from roles; > > > > +-----------+ > > > > | role_name | > > > > +-----------+ > > > > | admin | > > > > +-----------+ > > > > 1 row in set (0.02 sec) > > > > > > > > I noticed I did have a mistake in the realm declaration in my > > server.xml. > > > > I > > > > had the wrong user table name. That is fixed this but still have the > > > > problem: > > > > > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" > debug="99" > > > > driverName="org.gjt.mm.mysql.Driver" > > > > > > > > > > > connectionURL="jdbc:mysql://localhost/tomcatusers?user=user&password=pas > > > > sword" > > > > userTable="users" userNameCol="user_name" > > > > userCredCol="user_pass" userRoleTable="user_roles" > > > > roleNameCol="role_name" /> > > > > > > > > I also changed my security declaration to have a realm-name in the > login > > > > config: > > > > > > > > <!-- security --> > > > > <security-constraint> > > > > <web-resource-collection> > > > > <web-resource-name>fw</web-resource-name> > > > > <url-pattern>*.do</url-pattern> > > > > <http-method>POST</http-method> > > > > <http-method>GET</http-method> > > > > </web-resource-collection> > > > > <auth-constraint> > > > > <role-name>admin</role-name> > > > > </auth-constraint> > > > > <login-config> > > > > <auth-method>BASIC</auth-method> > > > > <realm-name>fw</realm-name> > > > > </login-config> > > > > </security-constraint> > > > > > > > > The error is (which appears without a login window first allowing me > to > > > > authenticate): > > > > > > > > > > > > HTTP Status 403 - Configuration error: Cannot perform access control > > > > without > > > > an authenticated principal > > > > type Status report > > > > message Configuration error: Cannot perform access control without an > > > > authenticated principal > > > > description Access to the specified resource (Configuration error: > > Cannot > > > > perform access control without an authenticated principal) has been > > > > forbidden. > > > > Apache Tomcat/5.0.28 > > > > > > > > > > > > Thanks, > > > > > > > > Luke > > > > > > > > ----- Original Message ----- > > > > From: "LERBSCHER Jean-Pierre" <[EMAIL PROTECTED]> > > > > To: "'Tomcat Users List'" <[email protected]> > > > > Sent: Thursday, February 10, 2005 12:27 AM > > > > Subject: RE : Security Newbie - Need Help > > > > > > > > > > > >> Hi, > > > >> Could you verify that you have declared your admin role in the > web.xml > > > >> file. > > > >> <security-role> > > > >> <role-name>admin</role-name> > > > >> </security-role> > > > >> > > > >> -----Message d'origine----- > > > >> De : Luke [mailto:[EMAIL PROTECTED] > > > >> Envoy� : jeudi 10 f�vrier 2005 07:33 > > > >> � : Tomcat Users List > > > >> Objet : Security Newbie - Need Help > > > >> > > > >> > > > >> Hi; > > > >> > > > >> I am trying to install a security realm for my application. I am > > > >> expecting > > > > a > > > >> browser login window. But instead I get: > > > >> > > > >> HTTP Status 403 - Configuration error: Cannot perform access control > > > >> without an authenticated principal > > > >> type Status report > > > >> message Configuration error: Cannot perform access control without an > > > >> authenticated principal > > > >> description Access to the specified resource (Configuration error: > > > >> Cannot > > > >> perform access control without an authenticated principal) has been > > > >> forbidden. > > > >> Apache Tomcat/5.0.28 > > > >> > > > >> Why I am not getting the login window? > > > >> > > > >> Here is the web.xml in project root/WEB-INF > > > >> > > > >> <security-constraint> > > > >> <web-resource-collection> > > > >> <web-resource-name>fw</web-resource-name> > > > >> <url-pattern>*.do</url-pattern> > > > >> <http-method>POST</http-method> > > > >> </web-resource-collection> > > > >> <auth-constraint> > > > >> <role-name>admin</role-name> > > > >> </auth-constraint> > > > >> <login-config> > > > >> <auth-method>BASIC</auth-method> > > > >> </login-config> > > > >> </security-constraint> > > > >> > > > >> > > > >> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > > >> driverName="org.gjt.mm.mysql.Driver" > > > >> > > > >> > > > > > > > connectionURL="jdbc:mysql://localhost/applicationusers?user=user&passwor > > > >> d=password" > > > >> userTable="applicationusers" userNameCol="user_name" > > > >> userCredCol="user_pass" userRoleTable="user_roles" > > > >> roleNameCol="role_name" /> > > > >> > > > >> The table structure was created using the following sql: > > > >> > > > >> create table users ( > > > >> user_name varchar(15) not null primary key, > > > >> user_pass varchar(15) not null > > > >> > > > >> ); > > > >> > > > >> create table user_roles ( > > > >> user_name varchar(15) not null, > > > >> role_name varchar(15) not null, > > > >> primary key (user_name, role_name) > > > >> ); > > > >> > > > >> How can I trouble shoot this? The log doesn't show anything. Any tips > > > > would > > > >> be great. > > > >> > > > >> Thanks, > > > >> > > > >> Luke > > > >> > > > >> > > > >> > > > >> --------------------------------------------------------------------- > > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > >> > > > >> --------------------------------------------------------------------- > > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > >> > > > >> > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
