Configuring a Realm in Tomcat
Ones Self
I'm trying to configure a Realm in Tomcat. When I try to access the
servlet
I get no errors, but the servlet let's me access whatever I want
instead
of asking for a username and password. The only thing I did was add a
Realm element in my server.xml file (which I've attached below), as
the
"Realm Configuration HOW-TO" on the apache.org site suggests, and add
all
the right tables to my posrgres database. Do I need to do anything
else?
Thanks
--------------------------------- server.xml
---------------------------------
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8005" shutdown="SHUTDOWN" debug="0">
<!-- A "Service" is a collection of one or more "Connectors" that
share
a single "Container" (and therefore the web applications
visible
within that Container). Normally, that Container is an
"Engine",
but this is not required.
Note: A "Service" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this
level.
-->
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Tomcat-Standalone">
<!-- A "Connector" represents an endpoint by which requests are
received
and responses are returned. Each Connector passes requests
on to the
associated "Container" (normally an Engine) for processing.
By default, a non-SSL HTTP/1.1 Connector is established on
port 8080.
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
following the instructions below and uncommenting the second
Connector
entry. SSL support requires the following steps (see the SSL
Config
HOWTO in the Tomcat 4.0 documentation bundle for more
detailed
instructions):
* Download and install JSSE 1.0.2 or later, and put the JAR
files
into "$JAVA_HOME/jre/lib/ext".
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
(Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
(Unix)
with a password value of "changeit" for both the
certificate and
the keystore itself.
By default, DNS lookups are enabled when a web application
calls
request.getRemoteHost(). This can have an adverse impact on
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are
disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false"
disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout
value
to -1 -->
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" redirectPort="8443"
acceptCount="10" debug="0" connectionTimeout="0"
useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
<!-- Define the top level container in our container hierarchy -->
<Engine name="Standalone" defaultHost="localhost" debug="0">
<!-- The request dumper valve dumps useful debugging information
about
the request headers and cookies that were received, and the
response
headers and cookies that were sent, for all requests
received by
this instance of Tomcat. If you care only about requests
to a
particular virtual host, or a particular application, nest
this
element inside the corresponding <Host> or <Context> entry
instead.
For a similar mechanism that is portable to all Servlet 2.3
containers, check out the "RequestDumperFilter" Filter in
the
example application (the source for this filter may be
found in
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Request dumping is disabled by default. Uncomment the
following
element to enable it. -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<!-- Because this Realm is here, an instance will be shared
globally -->
<!-- Replace the above Realm with one of the following to get a
Realm
stored in a database and accessed via JDBC -->
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://127.0.0.1:5432/incommon"
connectionName="incommon" connectionPassword="comeonin"
userTable="person" userNameCol="person_id"
userCredCol="password"
userRoleTable="person_role" roleNameCol="role_id" />
<!-- Define the default virtual host -->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- Logger shared by all Contexts related to this virtual
host. By
default (when using FileLogger), log files are created in
the "logs"
directory relative to $CATALINA_HOME. If you wish, you
can specify
a different directory with the "directory" attribute.
Specify either a
relative (to $CATALINA_HOME) or absolute path to the
desired
directory.-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log."
suffix=".txt"
timestamp="true"/>
<!-- Define properties for each web application. This is only
needed
if you want to set non-default properties, or have web
application
document roots in places other than the virtual host's
appBase
directory. -->
<!-- Tomcat Root Context -->
<Context debug="0" docBase="ROOT" path="/servlet"
reloadable="true">
<Loader checkInterval="3"></Loader>
</Context>
</Host>
</Engine>
</Service>
</Server>
------------------------------ database
------------------------------
DROP TABLE person;
CREATE TABLE person (
person_id VARCHAR(32) NOT NULL,
password VARCHAR(32) NOT NULL,
date_created TIMESTAMP DEFAULT now() NOT NULL,
email VARCHAR(64) NOT NULL,
first_name VARCHAR(32),
last_name VARCHAR(32),
middle_initial VARCHAR(3),
use_metric BOOLEAN DEFAULT FALSE NOT NULL,
PRIMARY KEY (person_id)
);
DROP TABLE role;
CREATE TABLE role (
role_id VARCHAR(32) NOT NULL,
PRIMARY KEY (role_id)
);
DROP TABLE person_role;
CREATE TABLE person_role (
person_id VARCHAR(32) NOT NULL,
role_id VARCHAR(32) NOT NULL,
PRIMARY KEY (person_id, role_id),
FOREIGN KEY (person_id) REFERENCES person,
FOREIGN KEY (role_id) REFERENCES role
);
insert into role (role_id) values ('User');
insert into person(person_id, password, email) values ('oneself',
'bringiton', 'email');
insert into person(person_id, password, email) values ('victrola',
'dome', 'email');
insert into person_role( person_id, role_id ) values( 'oneself',
'User' );
insert into person_role( person_id, role_id ) values( 'victrola',
'User' );
Paul Thomas
> Hi,
>
> I'm trying to configure a Realm in Tomcat. When I try to access the
> servlet
> I get no errors, but the servlet let's me access whatever I want instead
> of asking for a username and password. The only thing I did was add a
> Realm element in my server.xml file (which I've attached below), as the
> "Realm Configuration HOW-TO" on the apache.org site suggests, and add
> all
> the right tables to my posrgres database. Do I need to do anything
> else?
You need to put security constraints etc in web.xml. See the Servlet
specs on java.sun.com for details.
--
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller Business |
| Computer Consultants | http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+---------------------------------------------+
Ones Self
Thank you very much for your help.
I added the following lines to my web.xml:
<!-- Security is active on entire directory -->
<security-constraint>
<display-name>Basic Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area
-->
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<!-- Login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Basic Realm</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>User Role</description>
<role-name>User</role-name>
</security-role>
And now everything works. However, I do have a different problem.
When I start tomcat I get the following Exception:
Sep 2, 2003 11:08:27 PM org.apache.commons.digester.Digester error
SEVERE: Parse Error at line 66 column 25: The content of element type
"security-constraint" must match
"(web-resource-collection+,auth-constraint?,user-data-constraint?)".
org.xml.sax.SAXParseException: The content of element type
"security-constraint" must match
"(web-resource-collection+,auth-constraint?,user-data-constraint?)".
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:232)
at org.apache.xerces.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:173)
at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:371)
at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:305)
at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(XMLDTDValidator.java:1918)
at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(XMLDTDValidator.java:851)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1008)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1469)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329)
at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525)
at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581)
at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175)
at org.apache.commons.digester.Digester.parse(Digester.java:1495)
at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:282)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:243)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3567)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:738)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
at org.apache.catalina.core.StandardService.start(StandardService.java:497)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2189)
at org.apache.catalina.startup.Catalina.start(Catalina.java:512)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
Does anyone know what causes this? And how I can make it go away?
Thanks.
Paul Thomas <pa...@tmsl.demon.co.uk> wrote in message news:<pan.2003.08.31.08...@tmsl.demon.co.uk>...