RE: JDBC Realm - User Roles

Thu, 19 Apr 2001 00:34:01 -0700 

In Tomcat 3.2.1 , you can have *ONE* realm for the entire tomcat..from
your comments seems that you leaving the SimpleRealm interceptore in
addittion to JDBCRealm ....you cant do this...delete the SimpleRealm
interceptor from server.xml....

Hope that helps.

Saludos ,
Ignacio J. Ortega

-----Mensaje original-----
De: Gary Henson [mailto:[EMAIL PROTECTED]]
Enviado el: jueves 19 de abril de 2001 7:25
Para: '[EMAIL PROTECTED]'
Asunto: JDBC Realm - User Roles


I've been trying to set up JDBC Realm authentication with Tomcat.

I've run into a problem when it comes to roles. The user is
authenticated alright, but the roles do not seem to be 
taken from the database. I always get redirected to the error jsp unless
I have the user and role specified in the
tomcat-users.xml file.

This is the setup I have:

** server.xml ***
RequestInterceptor className="org.apache.tomcat.request.JDBCRealm"
debug="99"
 driverName="oracle.jdbc.driver.OracleDriver"
 connectionURL="jdbc:oracle:thin:@testdbase:1521:TEST"
 connectionName="user"
 connectionPassword="pass"
 userTable="security_user" userNameCol="user_id"
userCredCol="user_password"
 userRoleTable="security_user_role" roleNameCol="role_name" /

All the mentioned tables and columns do exist, I've checked a lot.

*** web.xml ***
 security-constraint
 web-resource-collection
 web-resource-nameSecure Area/web-resource-name
 url-pattern/secure/*/url-pattern
 /web-resource-collection
 auth-constraint
 role-nametestrole/role-name
 /auth-constraint
 /security-constraint

 login-config
 auth-methodFORM/auth-method
 realm-nameForm-Based Authentication Area/realm-name
 form-login-config
 form-login-page/secure/login/login.jsp/form-login-page
 form-error-page/secure/login/error.jsp/form-error-page
 /form-login-config
 /login-config

As mentioned above, this doesn't work unless I also have the following
in tomcat-users.xml
user name="me" password=""roles="testrole" /

And yes, it works without the password being in the file. This suggests
to me that the username/password is 
being checked against the database, but the role against
tomcat-users.xml. I'm using Tomcat 3.2.1 currently
as a stand-alone server. Please help, I'm going crazy.

Gary.

Reply via email to