Hi,
I am trying to set up multiple contexts in Tomcat 5.5 but have a problem in
logging in. I have them both up and running. They both use realms for login
functionality. I wanted to originally use my own custom data source realm
(limitations in the use of the Catalina one) This was working fine for App A
but as soon as I put up App B using the same code but a different configuration
(different tables, jdbc connections etc) I had some strange results. I would
get the login page for App A turning up in App B and vice versa on what seemed
random conditions. Login would only work on one App at a time in best case
scenario. I then regressed back to using the DataSourceRealm but have the same
results. If I use one of each it seems to work in that the correct login pages
appear and I can log into one of the sites (though due to my sql requirements
can only actually log into one app as the DataSourceRealm isn't quite flexible
enough for either of my apps)
Help! Is this a bug? I think my config is all correct - all in the correct
context files/tags and as I say stand alone they work. If I hazarded a guess I
reckon because the realm code is in server lib under tomcat only one instance
of the realm is loaded in a parent classloader and sharing its state across
multiple apps which is really bad and I'd even go so far to say this has
serious potential security issues depending on your environment. It also
negates a great potential feature of having realm embedded into context. I
could go to using JAAS but would rather not as its a rewrite of something
that's been working just fine for a while now.
Some (edited) sample config below in case someone believes this is wrong. As I
say I am pretty sure this is a bug but cannot believe I am the first person to
want to do this?
<Context
docBase="C:/webapps/app1"
reloadable="true"
workDir="C:\Java\Tomcat5.5\work">
<Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
dataSourceName="jdbc/App1MySQLDB"
userTable="member" userNameCol="email" userCredCol="password"
userRoleTable="schemes" roleNameCol="name"/>
<Resource
auth="Container"
name="jdbc/App1MySQLDB"
type="javax.sql.DataSource"
password="xxx"
driverClassName="com.mysql.jdbc.Driver"
maxIdle="5"
maxWait="10000"
removeAbandoned="true"
logAbandoned="true"
username="user"
url="jdbc:mysql://a-url"
removeAbandonedTimeout="60"
factory="org.apache.commons.dbcp.BasicDataSourceFactory"
maxActive="20"/>
</Context>
Repeat for App2 with its own data source (and db/config etc)
Should this go to dev mailing list? Or logged as a bug?
Thanks
Elliott Murray
Elliott Murray
Technical Architect
Green Cathedral <http://www.greencathedral.com/images/gc-logo.gif> Green
Cathedral
The Old Granary
Westwick
Cambridge
CB4 5AR
[EMAIL PROTECTED] <mailto: [EMAIL PROTECTED]>
m. +44 (C)B243 AR
t. +44 (0)1223 266700
f. +44 (0)1223 266701
www.greencathedral.com <http://www.greencathedral.com/>
