I am trying to get authentication to work for a web application using Eclipse paired with Tomcat 7.
I have been working on this for over two hours and am getting nowhere. There are no errors in the console. The authentication page comes up properly when I try to hit any of the pages in my web application. But when I type in the username and password, I get the authentication page again with the "Login failed, please try again." message at the top indicating I entered the wrong credentials. Originally, I didn't have the <security-role> element in my web.xml file but added it because I got a warning in the console but this didn't fix anything (except that the warning in the console went away). I have restarted the server many times and have confirmed that my xml files are not being overwritten. I have also double checked that none of the relevant elements are commented out. I have read through all the other posts I could find on this and other forums but haven't found an answer. I believe my problem may lie in my server.xml file. I keep reading that I need to have a security realm enabled and that one isn't enabled by default but I see the UserDatabaseRealm defined and it isn't commented out so I don't see what else I need. Please help!
Thank you in advance,
Here are the relevant pieces of code:
web.xml from my web application (in my Eclipse workspace under \test\WEB-INF):
<!-- The following stanza is for the FORM method only -->
tomcat-users.xml from my Tomcat 7 server conf directory (%CATALINA_HOME%\conf):
Welcome to the JavaRanch, Dana! Yes, you absolutely do have to have a security Realm configured. J2EE container security has 2 components - the part that's in the webapp and the part that's in the webapp server.
Realms are implements as plugin modules. There is no default Realm, so one must be explicitly requested.
There are 2 possibilities that would explain your problem:
1. The Realm definition that you think isn't commented-out actually is commented out and you missed it (a personal favorite hair-tearer of mine).
2. The Realm definition is defined but not for the webapp that you want it to apply to.
Realms may be configured at either the individual webapp level or at the global level, with individual level taking precedence. You would generally only define at the global level for cases where the same security system services all installed webapp - Single Signon, for example. More commonly, I define the Realm as part of my webapp Context file, because I usually am dealing with multiple security systems.
An IDE is no substitute for an Intelligent Developer.
Joined: Aug 04, 2012
Thank you very much for taking the time to reply.
I figured out the issue, finally, after another 2 hours of work, with the help of another thread on JavaRanch-
To summarize, it wasn't the Realm, which was defined properly at the engine level and not commented out. In fact, the issue was that I'm using Tomcat embedded in Eclipse and Eclipse WTP (Web Tools Platform) creates a separate instance of the Tomcat server with its own version of tomcat-users.xml (and the other xml files in the conf directory including server.xml although this didn't need to be modified in this case) under the Eclipse workspace. I was editing the version of tomcat-users.xml in %CATALINA_HOME%\conf which wasn't being used by this instance at all and so the role and user information I was entering wasn't being used by my instance and authentication failed. Once I added the role and user to the correct version of tomcat-users.xml (under "C:\Users\Dana New\workspace\Servers\Tomcat v7.0 Server at localhost-config" in my case), everything worked perfectly. Hopefully this will help some other poor newbie who finds himself in my situation down the road.
As I've said before, the Eclipse WTP is an abomination. The extra convenience (what little there is of it) is more than offset by its imperfect replication of the Tomcat run environment. The sysdeo plugin does a much better job and it's comfortably well-integrated itself.
Joined: Aug 04, 2012
Thanks for the tip, Tim. I'll install the plugin immediately.