--nathan
On Monday, December 2, 2002, at 07:39 PM, Craig R. McClanahan wrote:
See below. On Mon, 2 Dec 2002, Nathan Pitts wrote:Date: Mon, 2 Dec 2002 19:08:42 -0600Is this column called "username" in *both* the "users" and "roles" tables?
From: Nathan Pitts <[EMAIL PROTECTED]>
Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: help! authentication problem
I have a problem that hopefully someone has seen before -- please help
if you can. I am trying to get Tomcat to do declarative
authentication/auth. using a JDBCRealm (via a Sybase database). I am
using Sybase's Jconnect5.5 driver. It seems like I have followed the
instructions to configure this, but the authentication fails and there
is an exception in my app's logfile that says the following:
2002-12-02 18:52:09 Authenticator[/hris]: Security checking request GET
/hris/index.html
2002-12-02 18:52:09 Authenticator[/hris]: Checking constraint
'SecurityConstraint[TAHCStaff]' against GET /index.html --> true
2002-12-02 18:52:09 Authenticator[/hris]: Subject to constraint
SecurityConstraint[TAHCStaff]
2002-12-02 18:52:09 Authenticator[/hris]: Calling checkUserData()
2002-12-02 18:52:09 Authenticator[/hris]: User data constraint has no
restrictions
2002-12-02 18:52:09 Authenticator[/hris]: Calling authenticate()
2002-12-02 18:52:09 JDBCRealm[/hris]: Username jpitts successfully
authenticated
2002-12-02 18:52:09 JDBCRealm[/hris]: Exception performing
authentication
com.sybase.jdbc2.jdbc.SybSQLException: Invalid column name 'username'.
at com.sybase.jdbc2.tds.Tds.processEed(Tds.java:2535)
at com.sybase.jdbc2.tds.Tds.nextResult(Tds.java:1916)
at com.sybase.jdbc2.jdbc.ResultGetter.nextResult(ResultGetter.java:69)
at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:201)
at com.sybase.jdbc2.jdbc.SybStatement.nextResult(SybStatement.java:182)
at com.sybase.jdbc2.jdbc.SybStatement.queryLoop(SybStatement.java:1455)
at
com.sybase.jdbc2.jdbc.SybStatement.executeQuery(SybStatement.java:1440 )
at
com.sybase.jdbc2.jdbc.SybPreparedStatement.executeQuery(SybPreparedSta te
ment.java:70)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:476)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:394)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(Basi cA
uthenticator.java:161)
The column is called 'username' in the database, however. The
following clips of the server.xml file and web.xml file may give some
insight....???
The particular query that broke (at line 476 of JDBCRealm) is trying
to read from the roles table, while it appears from the log that
authenticating the user was successful (meaning the users table is
probably ok).
Server.xml
<Context className="org.apache.catalina.core.StandardContext"
cachingAllowed="false"
charsetMapperClass="org.apache.catalina.util.CharsetMapper"
cookies="true" crossContext="false" debug="99" displayName="Welcome to
HRIS" docBase="/usr/local/tomcat/webapps/hris"
mapperClass="org.apache.catalina.core.StandardContextMapper"
path="/hris" privileged="false" reloadable="true" swallowOutput="false"
useNaming="true"
wrapperClass="org.apache.catalina.core.StandardWrapper">
<Realm className="org.apache.catalina.realm.JDBCRealm"
connectionName="theuser"
connectionPassword="thepw"
connectionURL="jdbc:sybase:Tds:192.108.17.13:4100/users"
debug="99" driverName="com.sybase.jdbc2.jdbc.SybDriver"
userTable="users" userNameCol="username" userCredCol="password"
userRoleTable="roles" roleNameCol="arole"/>
<Logger className="org.apache.catalina.logger.FileLogger" debug="99"
directory="logs" prefix="hris_log."
suffix=".txt" timestamp="true" verbosity="99"/>
</Context>
Web.xml
<security-constraint>
<display-name>Web App Access Control -- TAHC Staff</display-name>
<web-resource-collection>
<web-resource-name>TAHCStaff</web-resource-name>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tahcstaff</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JDBCRealm</realm-name>
Although this element (confusingly) refers to a "realm", it's only used when you are using BASIC authentication -- this value shows up in the pop-up dialog that the browser shows for you. You can make it say whatever you want.<form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/login-error.html</form-error-page> </form-login-config>You don't need these if you're using BASIC authentication.Craig</login-config> <security-role> <description>Regular TAHC users</description> <role-name>tahcstaff</role-name> </security-role>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
============================= Nathan Pitts Programmer Analyst Texas Animal Health Commission ============================= -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
