oops, also here is my resource definition from my web.xml:
<!-- Define reference to the user database for looking up roles -->
<resource-env-ref>
<description>
Link to the UserDatabase instance from which we request lists of
defined role names. Typically, this will be connected to the global
user database with a ResourceLink element in server.xml or the context
configuration file for the Manager web application.
</description>
<resource-env-ref-name>users</resource-env-ref-name>
<resource-env-ref-type>
org.apache.catalina.UserDatabase
</resource-env-ref-type>
</resource-env-ref>
Matthew Kerle wrote:
(see below for message context)
Ok, I've decided on using Http Basic authentication for my web
service, and successfully configured tomcat to authenticate against
the tomcat-users.xml file to the point where I can access a valid
principal. But now I've got another problem.. :-)
I tried accessing the userDatabase which represents the memoryrealm,
and got the below exception. I don't understand this as according to
the API doc MemoryUserDatabase is an implementation of UserDatabase,
and this is confirmed by looking at the source code for
MemoryUserDatabase, which *does* implement that interface!
I'm stumped, does anyone know why this might be happening? Or am I
doing something the wrong way...
//code to get tomcat UserDatabase, copied from
ManagerServlet.roles(PrintWriter) from tomcat manager application.
Context ic = new InitialContext();
UserDatabase userdb = (UserDatabase )ic.lookup("java:comp/env/users");
// <- this line causes ClassCastException
SEVERE: Fault occurred!
java.lang.ClassCastException:
org.apache.catalina.users.MemoryUserDatabase cannot be cast to
org.apache.catalina.UserDatabase
at
myapp.service.webservice.ImageServiceImpl.EnumerateLOV(ImageServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
// stack trace elided...
at
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
// stack trace elided...
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286)
at java.lang.Thread.run(Thread.java:619)
//my context.xml
<Context path="/myapp">
<!-- get access to the tomcat-users.xml database -->
<ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
</Context>
Matthew Kerle wrote:
Hi all
I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java
1.6.0_01, and we need to authenticate access by client applications
coming in over SOAP. We're looking at using the tomcat-users.xml file
to store user/pwd/role data until the customers Single Sign-On
service is ready (which will be when pigs fly, if it keeps going as
it has).
The application will be deployed internally so we don't need any SSL
or digest authentication, we're looking at simple HTTP BASIC or SOAP
headers for the client to pass through their auth details. The
complication is that we want to allow default access as well as
authenticated access, and authenticate against the tomcat-users file.
eg - un-authenticated clients can still access the web service url,
but get a public role, and authenticated clients get a privileged role.
I'm thinking we might be able to do part of that with the following
tomcat-users.xml config by having an empty user declaration:
<tomcat-users>c
<role rolename="privileged"/>
<user name="" password="" roles="PUBLIC" />
<user name="priv_user1" password="tomcat" roles="privileged" />
</tomcat-users>
The question is how to authenticate against the tomcat-user database?
I've read the tomcat docs on memory realm:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm,
and I want to expose the org.apache.catalina.UserDatabase class to
the web service context via a <ResourceLink...>. I'd like to be able
to authenticate users without having to add a <security-constraint>
to my web.xml, so that unauthenticated clients can still connect.
Am I on the right track? Or is there a much easier way than what I'm
trying to do...
thanks!
--
Matthew Kerle
IT Consultant
Canberra, Australia
Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
