All works fine now - cheers :o)
On Tue, 08 Feb 2005 21:55:03 -0500, Erik Weber <[EMAIL PROTECTED]> wrote:
> JDBC driver jar files belong in $TOMCAT_HOME/common/lib (I think that's
> what you are asking).
>
> Erik
>
>
> Tim Christopher wrote:
>
> >Turned out that the database driver could not be found, which resulted
> >in the same error that I was being given by the Container when it
> >tried to connect for the JDBCRealm.
> >
> >Adding the file to the WEB-INF/lib folder allows a connection to be
> >made from a JSP, however Tomcat still gives the same error as before -
> >does adding the jar to WEB-INF/lib give the container access to the
> >class files stored in it?!
> >
> >The contents of the server.xml file (which does not work correctly) is:
> > <Realm className="org.apache.catalina.realm.JDBCRealm"
> > debug="99"
> > driverName="com.borland.datastore.jdbc.DataStoreDriver"
> > connectionURL="jdbc:borland:dslocal:C:\\Documents
> >and Settings\\SIS_Db.jds"
> > connectionName="sysdba"
> > connectionPassword="masterkey"
> > userTable="users"
> > userNameCol="user_name"
> > userCredCol="user_pass"
> > userRoleTable="user_roles"
> > roleNameCol="role_name" />
> >
> >
> >
> >
> >For anyone with a similar problem the driver (DataStoreDriver) can be
> >found in <JBuilder>\lib\jdsserver.jar. The code I added to the top of
> >the JSP to test the database connection is below:
> >
> ><%
> >
> >try {
> > Class.forName("com.borland.datastore.jdbc.DataStoreDriver");
> >}
> >catch (Exception e) {
> > System.out.println("Driver Error\n" + e);
> >}
> >
> >try {
> > String username = "sysdba";
> > String password = "masterkey";
> > String db_url = "jdbc:borland:dslocal:";
> > String db_file = "C:\\Documents and Settings\\SIS_Db.jds";
> > java.sql.Connection
> >connection=java.sql.DriverManager.getConnection(db_url + db_file,
> >username, password);
> >
> > java.sql.ResultSet
> >rs=connection.createStatement().executeQuery("SELECT * FROM users");
> > System.out.println("Column count is: " + rs.getMetaData().getColumnCount());
> >}
> >catch (Exception e) {
> > System.out.println("Error\n" + e);
> >}
> >
> >%>
> >
> >
> >On Tue, 8 Feb 2005 20:17:49 -0500, David G. Friedman
> ><[EMAIL PROTECTED]> wrote:
> >
> >
> >>Tim,
> >>
> >>Have you tried using any command line tools to get to your datastore?
> >>Knowing that could rule out permissions issues on the database site as well
> >>as the connection host/port/URL.
> >>
> >>Regards,
> >>David
> >>
> >>-----Original Message-----
> >>From: Tim Christopher [mailto:[EMAIL PROTECTED]
> >>Sent: Tuesday, February 08, 2005 5:45 PM
> >>To: Struts Users Mailing List
> >>Subject: Re: Application Security
> >>
> >>I managed to solve the first error by reordering the elements within
> >>the server.xml file, however I'm now stuck with the following error
> >>(which occurs when the server is started):
> >>
> >>JDBCRealm[Catalina]: Exception opening database connection
> >>java.sql.SQLException: com.borland.datastore.jdbc.DataStoreDriver
> >> at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:589)
> >> at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:663)
> >> <snip/>
> >>
> >>Does anyone know if this is a problem with the database driver, or the
> >>location of the database? I've tried changing the URL to a path that
> >>doesn't exist and I still get the same error, however I'm confident
> >>that the connectionURL is correct as it connects perfectly when using
> >>the same information within JBuilder's database pilot.
> >>
> >>Any suggestions would be appreciated. :o)
> >>
> >>Tim
> >>
> >>On Tue, 8 Feb 2005 12:07:16 -0500, David G. Friedman
> >><[EMAIL PROTECTED]> wrote:
> >>
> >>
> >>>Tim,
> >>>
> >>>Have you also updated your web.xml and Tomcat conifgurations?
> >>>
> >>>-----Original Message-----
> >>>From: Tim Christopher [mailto:[EMAIL PROTECTED]
> >>>Sent: Tuesday, February 08, 2005 12:05 PM
> >>>To: Struts Users Mailing List
> >>>Subject: Re: Application Security
> >>>
> >>>Cheers for all your advice.
> >>>
> >>>I've just tried implementing the JDBCRealm, though unfortunaltly it
> >>>does not work. The Log4j error file contains the following:
> >>>
> >>>http-80-Processor25 ERROR org.apache.catalina.realm.JAASRealm
> >>>JAASRealm.java:269 Unexpected error
> >>>java.lang.SecurityException: Unable to locate a login configuration
> >>> at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
> >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> >>>Method)
> >>> <snip/>
> >>>
> >>>To be honest, I'm not really sure what that means... All I've done so
> >>>far is copy a simple example and I've got that error. Do I need to
> >>>add anything to the classpath?
> >>>
> >>>I can post the code I'm using if anything thinks that will help....
> >>>
> >>>On Tue, 8 Feb 2005 03:06:51 -0000, Niall Pemberton
> >>><[EMAIL PROTECTED]> wrote:
> >>>
> >>>
> >>>>The forms for container managed security don't have to be plain html -
> >>>>
> >>>>
> >>you
> >>
> >>
> >>>>can configure in the web.xml custom "Logon" and "Logon Error" pages
> >>>>
> >>>>
> >>which
> >>
> >>
> >>>>can be jsps, not just plain html. I have a custom tag on each of these
> >>>>
> >>>>
> >>>pages
> >>>
> >>>
> >>>>which writes the fact that a user has arrived at that page to log4j
> >>>>
> >>>>
> >>along
> >>
> >>
> >>>>with details from the request (e.g. IP address). Log4j is pretty
> >>>>
> >>>>
> >>powerful
> >>
> >>
> >>>in
> >>>
> >>>
> >>>>how you can configure it to filter that info and where to send it to.
> >>>>
> >>>>There are tags in the Jakarta Taglibs which you could use to achieve the
> >>>>same thing...
> >>>> http://jakarta.apache.org/taglibs/doc/log-doc/intro.html
> >>>> http://jakarta.apache.org/taglibs/doc/request-doc/intro.html
> >>>>
> >>>>For example on your "Logon Error Page", you might have something like
> >>>>this...
> >>>>
> >>>><req:request id="req"/>
> >>>><log:error category="myapp.logon.failed">
> >>>> <bean:write name="req" property="remoteAddr"/>
> >>>> <bean:write name="req" property="remoteHost"/>
> >>>></log:error>
> >>>>
> >>>>Once a user has "logged on", you can get the user name from from the
> >>>>
> >>>>
> >>>request
> >>>
> >>>
> >>>>and then look up the user details wherever they are stored...
> >>>> request.getUserPrincipal().getName()
> >>>>
> >>>>The actual form elements required are, as you say, plain html - but is
> >>>>
> >>>>
> >>>there
> >>>
> >>>
> >>>>any need for special tags since the action your posting to is fixed?
> >>>>
> >>>>Niall
> >>>>
> >>>>----- Original Message -----
> >>>>From: "Tim Christopher" <[EMAIL PROTECTED]>
> >>>>Sent: Tuesday, February 08, 2005 2:08 AM
> >>>>
> >>>>
> >>>>
> >>>>>I've recently discovered that it is not possible to map an action to
> >>>>>j_security_check. Given this situation how is it possible to populate
> >>>>>a form bean with user data, or create a log of any failed login
> >>>>>attempts (bad username / password) if the container takes control of
> >>>>>the entire login process?
> >>>>>
> >>>>>Looking back at previous posts to the newsgroup I can see that in the
> >>>>>past people have just used plain html to produce the j_security_check
> >>>>>form. Is it possible to do this using the <sslext:form> tag, but so
> >>>>>that it does not require a Struts action mapping for j_security_check
> >>>>>to be present?
> >>>>>
> >>>>>I was currently intending on using JDBCRealm and the security-filter
> >>>>>to control the site's security, though given the above problems I'm
> >>>>>starting to think there might be a better way? Or are these problems
> >>>>>everyone has already solved, as surely some form of login system is
> >>>>>present in the vast majority of Struts applications.
> >>>>>
> >>>>>
> >>>>---------------------------------------------------------------------
> >>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>>
> >>>>
> >>>>
> >>>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
