wood burning stoves 2.0*
The moose likes Tomcat and the fly likes access control with realm db Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "access control with realm db" Watch "access control with realm db" New topic
Author

access control with realm db

eve agostini
Ranch Hand

Joined: Nov 01, 2005
Posts: 43
I created a web application and i deployed it on Tomcat. I'm trying to manage the access to private areas with a realm DB accessed via a JNDI named JDBC DataSource. I can successfully access the DataSource but securyty constraints do not work correctly: i am asked a username and password but none is accepted.

That's what i did:
- i've created two tables in the DB: one with usernames and passwords and the other with usernames and roles
-i configured a a JNDI named JDBC DataSource for your database (this seems to work
-i set up a <Realm> element in $CATALINA_HOME/conf/server.xml:

<Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
dataSourceName="jdbc/utenti"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>

(and restarted tomcat)

-i put security constrints in the web.xml file of my application:

<security-constraint>
<display-name>basic</display-name>
<web-resource-collection>
<web-resource-name>Secured Web Collection</web-resource-name>
<url-pattern>/pages/Welcome.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>registered</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/pages/Login.jsp</form-login-page>
<form-error-page>/pages/Error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>una autorizzazione per il gli utenti registrati</description>
<role-name>registered</role-name>
</security-role>

thanks to anyone that could give me some advice

eve
 
jQuery in Action, 2nd edition
 
subject: access control with realm db
 
Similar Threads
req.isUserInRole("admin"); return false??
Problems with FORM Authentication
Switching from https to http - this one again
Basic form-based authentication question...
Is auth-constraint related to security-role?