Hi all,
I am trying to use JDBCRealm to store user login
information in an oracle database. I am working on a
Windows2000 machine, using jdk1.4, and Tomcat4.0.4.
In server.xml, i have this configuration:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<Realm
className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:usr/pass@host:1521:ORCL"
userTable="users" userNameCol="user_name"
userCredCol="user_pass" userRoleTable="user_roles"
roleNameCol="role_name" digest="MD5" />
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In an Oracle8i database, i have a table called "users"
which has two columns named "user_name" and
"user_pass" ; and yet another one called
"user_roles" with to columns named "user_name" and
"user_role".
When i store user passwords in cleartext, everything
works fine.
I want to store passwords in a digested form. So, i
have used the following code to store a user_name :
baris, user_pass : aksu and user_role : director.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
import org.apache.catalina.realm.RealmBase;
import java.io.*;
import java.sql.*;
public class DigestDene {
public static void main(String[] args) {
try {
String username = args[0];
String password = args[1];
String role = args[2];
String digested =
RealmBase.Digest(password, "MD5");
//Here, code that connects to the database
/* ...... */
stmt.executeUpdate("insert into users values('" +
username + "', '" + digested + "')");
stmt.executeUpdate("insert into user_roles values
('" + username + "', '" + role + "')");
}
catch(Exception ex) {}
}
}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Then, i have inserted my user's info from the
command-line with :
^^^^^^^^^^^^^^^^^^^^^^^^^^
java DigestDene baris aksu director
^^^^^^^^^^^^^^^^^^^^^^^^^^^
After this, I have these values in the database :
(in table users)
USER_NAME USER_PASS
--------------- ------------------------
baris 394e654ca65973f232653fb0008c603d
(in table user_roles)
USER_NAME USER_ROLE
------------------- ---------
baris director
Lastly, in web.xml i have these lines :
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Basla Servlet
</web-resource-name>
<url-pattern>/servlet/IlkGirisServlet
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>director</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
When i try to acces my protected resource, i am
presented with the classic login screen for BASIC
authentication, and after i type "baris" for username
and "aksu" for password, Tomcat doesn't simply let me
in.
Any suggestions or comments will be greatly
appreciated.
Baris.....
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
