Hi, everybody: I was trying out the DataSourceRealm configuration by following the documentation included in the installation of Tomcat 5.5.23 on my machine but could not make it work. It would be very much appreciated if Tomcat gurus and veterans can spare some time reading my message and help me out.
Before trying the DataSourceRealm ============================== Before trying the DataSourceRealm, my test web application worked fine in user authentication using the default <Realm> element in %CATALINA_HOME%/conf/server.xml that came with the installation of Tomcat 5.5.23 and and the web.xml configuration described below. (1) In the server.xml file, the default <Realm> element is as follows, and has the scope for the Tomcat engine: <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> (2) The pertinent elements in the web.xml for my application are cited below, which worked out fine for my test application: <security-constraint> <web-resource-collection> <web-resource-name> Restricted Area </web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/Login.html</form-login-page> <form-error-page>/Error.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>manager</role-name> </security-role> <security-role> <role-name>tomcat</role-name> </security-role> What I did in my attempt to set and use the DataSourceRealm =============================================== To setup DataSourceRealm, I am using Oracle database to set up the users and user_roles tables for user authentication, with the columns in the tables exactly as instructed in the documentation. However, when it comes down to writing the <Realm> element for the DataSourceRealm, the documentation gives an example for mySQL, not one for Oracle. In the server.xml, the commented-out examples are all for JDBCRealm only. First attempt: ++++++++++ I replaced the above-mentioned <Realm> element with the following one, mimicking the example for mySQL in the documentation: <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/webappDB" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" /> and edited the web.xml, which becomes: <security-constraint> <web-resource-collection> <web-resource-name> Restricted Area </web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>enduser</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/Login.html</form-login-page> <form-error-page>/Error.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>enduser</role-name> </security-role> Note that I change the <role-name> elements from "manager"and "tomcat" to "admin" and "enduser", which are the values in the role_name column in the user_roles table. It did not surprise me that this did not work because I wondered how can Tomcat look up the users and user_roles tables if the url of the Oracle server is not even given in the <Realm> element's attributes. I was looking for the DTD for server.xml, but it is not spelled in the server.xml file. So I could only blindly fumble: Second attempt: ++++++++++++ I changed the <Realm> element in the server.xml file, and it became: <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/webappDB" driverName="oracle.jdbc.OracleDriver" connectionURL="jdbc:oracle:thin:@sb.lehman.cuny.edu:1521:idm0" connectionName="webappdb" connectionPassword="GreenHorn" userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name" /> where webappdb is the name of the account holding the users and user_roles tables on the Oracle server; and GreenHorn is its password. For the web.xmlfile, I am not sure if the <realm-name> sub-element for the <login-config> element is necessary and, even if it is necessary, what would be the value for it. I tried by adding <realm-name>jdbc/webappDB</realm-name>. I re-started tomcat, closed and re-started the browser, and it did not work. I then commented out the <realm-name> element, thinking that since there is only one <Realm> element in server.xml (there are not any other <Realm> elements for any hosts or applications), tomcat might know which realm to look at. But it still did not work. Many thanks for any help! Jason