Turned out that the database driver could not be found, which resulted
in the same error that I was being given by the Container when it
tried to connect for the JDBCRealm.
Adding the file to the WEB-INF/lib folder allows a connection to be
made from a JSP, however Tomcat still gives the same error as before -
does adding the jar to WEB-INF/lib give the container access to the
class files stored in it?!
The contents of the server.xml file (which does not work correctly) is:
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="com.borland.datastore.jdbc.DataStoreDriver"
connectionURL="jdbc:borland:dslocal:C:\\Documents
and Settings\\SIS_Db.jds"
connectionName="sysdba"
connectionPassword="masterkey"
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name" />
For anyone with a similar problem the driver (DataStoreDriver) can be
found in <JBuilder>\lib\jdsserver.jar. The code I added to the top of
the JSP to test the database connection is below:
<%
try {
Class.forName("com.borland.datastore.jdbc.DataStoreDriver");
}
catch (Exception e) {
System.out.println("Driver Error\n" + e);
}
try {
String username = "sysdba";
String password = "masterkey";
String db_url = "jdbc:borland:dslocal:";
String db_file = "C:\\Documents and Settings\\SIS_Db.jds";
java.sql.Connection
connection=java.sql.DriverManager.getConnection(db_url + db_file,
username, password);
java.sql.ResultSet
rs=connection.createStatement().executeQuery("SELECT * FROM users");
System.out.println("Column count is: " + rs.getMetaData().getColumnCount());
}
catch (Exception e) {
System.out.println("Error\n" + e);
}
%>
On Tue, 8 Feb 2005 20:17:49 -0500, David G. Friedman
<[EMAIL PROTECTED]> wrote:
Tim,
Have you tried using any command line tools to get to your datastore?
Knowing that could rule out permissions issues on the database site as well
as the connection host/port/URL.
Regards,
David
-----Original Message-----
From: Tim Christopher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 08, 2005 5:45 PM
To: Struts Users Mailing List
Subject: Re: Application Security
I managed to solve the first error by reordering the elements within
the server.xml file, however I'm now stuck with the following error
(which occurs when the server is started):
JDBCRealm[Catalina]: Exception opening database connection
java.sql.SQLException: com.borland.datastore.jdbc.DataStoreDriver
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:663)
<snip/>
Does anyone know if this is a problem with the database driver, or the
location of the database? I've tried changing the URL to a path that
doesn't exist and I still get the same error, however I'm confident
that the connectionURL is correct as it connects perfectly when using
the same information within JBuilder's database pilot.
Any suggestions would be appreciated. :o)
Tim
On Tue, 8 Feb 2005 12:07:16 -0500, David G. Friedman
<[EMAIL PROTECTED]> wrote:
Tim,
Have you also updated your web.xml and Tomcat conifgurations?
-----Original Message-----
From: Tim Christopher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 08, 2005 12:05 PM
To: Struts Users Mailing List
Subject: Re: Application Security
Cheers for all your advice.
I've just tried implementing the JDBCRealm, though unfortunaltly it
does not work. The Log4j error file contains the following:
http-80-Processor25 ERROR org.apache.catalina.realm.JAASRealm
JAASRealm.java:269 Unexpected error
java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
<snip/>
To be honest, I'm not really sure what that means... All I've done so
far is copy a simple example and I've got that error. Do I need to
add anything to the classpath?
I can post the code I'm using if anything thinks that will help....
On Tue, 8 Feb 2005 03:06:51 -0000, Niall Pemberton
<[EMAIL PROTECTED]> wrote:
The forms for container managed security don't have to be plain html -
you
can configure in the web.xml custom "Logon" and "Logon Error" pages
which
can be jsps, not just plain html. I have a custom tag on each of these
pages
which writes the fact that a user has arrived at that page to log4j
along
with details from the request (e.g. IP address). Log4j is pretty
powerful
in
how you can configure it to filter that info and where to send it to.
There are tags in the Jakarta Taglibs which you could use to achieve the
same thing...
http://jakarta.apache.org/taglibs/doc/log-doc/intro.html
http://jakarta.apache.org/taglibs/doc/request-doc/intro.html
For example on your "Logon Error Page", you might have something like
this...
<req:request id="req"/>
<log:error category="myapp.logon.failed">
<bean:write name="req" property="remoteAddr"/>
<bean:write name="req" property="remoteHost"/>
</log:error>
Once a user has "logged on", you can get the user name from from the
request
and then look up the user details wherever they are stored...
request.getUserPrincipal().getName()
The actual form elements required are, as you say, plain html - but is
there
any need for special tags since the action your posting to is fixed?
Niall
----- Original Message -----
From: "Tim Christopher" <[EMAIL PROTECTED]>
Sent: Tuesday, February 08, 2005 2:08 AM
I've recently discovered that it is not possible to map an action to
j_security_check. Given this situation how is it possible to populate
a form bean with user data, or create a log of any failed login
attempts (bad username / password) if the container takes control of
the entire login process?
Looking back at previous posts to the newsgroup I can see that in the
past people have just used plain html to produce the j_security_check
form. Is it possible to do this using the <sslext:form> tag, but so
that it does not require a Struts action mapping for j_security_check
to be present?
I was currently intending on using JDBCRealm and the security-filter
to control the site's security, though given the above problems I'm
starting to think there might be a better way? Or are these problems
everyone has already solved, as surely some form of login system is
present in the vast majority of Struts applications.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
