Hi, everybody:
I was trying out the DataSourceRealm configuration by following the
documentation included in the installation of Tomcat 5.5.23 on my machine
but could not make it work. It would be very much appreciated if Tomcat
gurus and veterans can spare some time reading my message and help me out.
Before trying the DataSourceRealm
==============================
Before trying the DataSourceRealm, my test web application worked fine in
user authentication using the default <Realm> element in
%CATALINA_HOME%/conf/server.xml that came with the installation of Tomcat
5.5.23 and and the web.xml configuration described below.
(1) In the server.xml file, the default <Realm> element is as follows, and
has the scope for the Tomcat engine:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
(2) The pertinent elements in the web.xml for my application are cited
below, which worked out fine for my test application:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Restricted Area
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.html</form-login-page>
<form-error-page>/Error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
What I did in my attempt to set and use the DataSourceRealm
===============================================
To setup DataSourceRealm, I am using Oracle database to set up the users and
user_roles tables for user authentication, with the columns in the tables
exactly as instructed in the documentation. However, when it comes down to
writing the <Realm> element for the DataSourceRealm, the documentation gives
an example for mySQL, not one for Oracle. In the server.xml, the
commented-out examples are all for JDBCRealm only.
First attempt:
++++++++++
I replaced the above-mentioned <Realm> element with the following one,
mimicking the example for mySQL in the documentation:
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/webappDB"
userTable="users" userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
and edited the web.xml, which becomes:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Restricted Area
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>enduser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.html</form-login-page>
<form-error-page>/Error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>enduser</role-name>
</security-role>
Note that I change the <role-name> elements from "manager"and "tomcat" to
"admin" and "enduser", which are the values in the role_name column in the
user_roles table.
It did not surprise me that this did not work because I wondered how can
Tomcat look up the users and user_roles tables if the url of the Oracle
server is not even given in the <Realm> element's attributes. I was looking
for the DTD for server.xml, but it is not spelled in the server.xml file.
So I could only blindly fumble:
Second attempt:
++++++++++++
I changed the <Realm> element in the server.xml file, and it became:
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/webappDB"
driverName="oracle.jdbc.OracleDriver"
connectionURL="jdbc:oracle:thin:@sb.lehman.cuny.edu:1521:idm0"
connectionName="webappdb" connectionPassword="GreenHorn"
userTable="users" userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
where webappdb is the name of the account holding the users and user_roles
tables on the Oracle server; and GreenHorn is its password. For the
web.xmlfile, I am not sure if the <realm-name> sub-element for the
<login-config>
element is necessary and, even if it is necessary, what would be the value
for it. I tried by adding <realm-name>jdbc/webappDB</realm-name>.
I re-started tomcat, closed and re-started the browser, and it did not
work. I then commented out the <realm-name> element, thinking that since
there is only one <Realm> element in server.xml (there are not any other
<Realm> elements for any hosts or applications), tomcat might know which
realm to look at. But it still did not work.
Many thanks for any help!
Jason
