help! authentication problem

[Nathan Pitts]

I have a problem that hopefully someone has seen before -- please help if you can. I am trying to get Tomcat to do declarative authentication/auth. using a JDBCRealm (via a Sybase database). I am using Sybase's Jconnect5.5 driver. It seems like I have followed the instructions to configure this, but the authentication fails and there is an exception in my app's logfile that says the following:

2002-12-02 18:52:09 Authenticator[/hris]: Security checking request GET /hris/index.html
2002-12-02 18:52:09 Authenticator[/hris]: Checking constraint 'SecurityConstraint[TAHCStaff]' against GET /index.html --> true
2002-12-02 18:52:09 Authenticator[/hris]: Subject to constraint SecurityConstraint[TAHCStaff]
2002-12-02 18:52:09 Authenticator[/hris]: Calling checkUserData()
2002-12-02 18:52:09 Authenticator[/hris]: User data constraint has no restrictions
2002-12-02 18:52:09 Authenticator[/hris]: Calling authenticate()
2002-12-02 18:52:09 JDBCRealm[/hris]: Username jpitts successfully authenticated
2002-12-02 18:52:09 JDBCRealm[/hris]: Exception performing authentication
com.sybase.jdbc2.jdbc.SybSQLException: Invalid column name 'username'.

at com.sybase.jdbc2.tds.Tds.processEed(Tds.java:2535)
at com.sybase.jdbc2.tds.Tds.nextResult(Tds.java:1916)
at com.sybase.jdbc2.jdbc.ResultGetter.nextResult(ResultGetter.java:69)
at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:201)
at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:182)
at com.sybase.jdbc2.jdbc.SybStatement.queryLoop(SybStatement.java:1455)
at com.sybase.jdbc2.jdbc.SybStatement.executeQuery(SybStatement.java:1440)
at com.sybase.jdbc2.jdbc.SybPreparedStatement.executeQuery(SybPreparedState ment.java:70)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:476)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:394)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicA uthenticator.java:161)

The column is called 'username' in the database, however. The following clips of the server.xml file and web.xml file may give some insight....???

Server.xml

<Context className="org.apache.catalina.core.StandardContext" cachingAllowed="false" charsetMapperClass="org.apache.catalina.util.CharsetMapper" cookies="true" crossContext="false" debug="99" displayName="Welcome to HRIS" docBase="/usr/local/tomcat/webapps/hris" mapperClass="org.apache.catalina.core.StandardContextMapper" path="/hris" privileged="false" reloadable="true" swallowOutput="false" useNaming="true" wrapperClass="org.apache.catalina.core.StandardWrapper">
<Realm className="org.apache.catalina.realm.JDBCRealm" connectionName="theuser"
connectionPassword="thepw" connectionURL="jdbc:sybase:Tds:192.108.17.13:4100/users"
debug="99" driverName="com.sybase.jdbc2.jdbc.SybDriver"
userTable="users" userNameCol="username" userCredCol="password"
userRoleTable="roles" roleNameCol="arole"/>

<Logger className="org.apache.catalina.logger.FileLogger" debug="99" directory="logs" prefix="hris_log."
suffix=".txt" timestamp="true" verbosity="99"/>
</Context>


Web.xml

<security-constraint>
<display-name>Web App Access Control -- TAHC Staff</display-name>
<web-resource-collection>
<web-resource-name>TAHCStaff</web-resource-name>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tahcstaff</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>


<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JDBCRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login-error.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
<description>Regular TAHC users</description>
<role-name>tahcstaff</role-name>
</security-role>




=============================
Nathan Pitts
Programmer Analyst
Texas Animal Health Commission
=============================


--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>