It took me a few tries to figure out where the "<security-role>" needed to go but finally found it by trial and error.
STILL GETTING THIS ERROR THO: "No Realm has been configured to authenticate against"
If I comment out the "UserDatabaseRealm", then I get the error, If I leave it in I don't get the error message, but my test app does not successfully log-in.
QUESTIONS:
1. Should my new JDBC Realm be located inside <Engine> or <Host> element?
2. Should I need to comment out the "UserDatabaseRealm" that is defined in the Tomcat sample "server.xml" file?
3. Where can I find detail information about how to set up "web.xml" and "server.xml"?
4. I found this piece of code in Ian McFarland's book. Is this the correct way to do the login form?
<form method="POST" action='<%=response.encodeURL("j_security_check") %>'>
here is a snip from my server.xml file: ------------------------------------------------
<snip> <!-- Define the top level container in our container hierarchy --> <Engine name="Standalone" defaultHost="localhost" debug="0">
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/><!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
--><!-- Define the default virtual host --> <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
Realm className="org.apache.catalina.realm.JDBCRealm"
connectionName="AI_DBA"
connectionPassword="SUKHOI"
connectionURL="jdbc:oracle:thin:@sukoi:1521:orcl"
driverName="oracle.jdbc.driver.OracleDriver"
userTable="REALM_USER"
userNameCol="LOGIN"
userCredCol="PASSWORD"
userRoleTable="REALM_ROLE"
roleNameCol="ROLE"
/>
</snip>
This is my web.xml now: ---------------------------------------------------------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_3.dtd";><web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- Only methods listed will be protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
tomcat test role
</description>
<role-name>tomcat</role-name>
</security-role>
</web-app>here is my login.jsp file:
-----------------------------------------------------------
<[EMAIL PROTECTED] contentType="text/html"%>
<html>
<head>
<title>Login</title>
</head>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>'>
<table border="0" cellspcacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"<input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_passsword"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</body>
</html>Thanks,
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
