aspose file tools*
The moose likes Tomcat and the fly likes Tomcat security Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat security Problem " Watch "Tomcat security Problem " New topic
Author

Tomcat security Problem

Em Aiy
Ranch Hand

Joined: May 11, 2006
Posts: 225
I have 1 tomcat server (5.5) and i have deployed 2 independent applications on it.

Application 1 has security, which is implemented using BASIC AUTHENTICATION mode of tomcat. defining the username and password in conf/tomcat-users.xml file.

Application 2 has form based security and for some enhanced security i have added the "realm" for the database in conf/server.xml file.

Now, if add the realm thing in server.xml file my basic authentication stop working in application 1 (application 2 security still works) on the other hand if i remove this realm then my basic authentication work and ofcourse my application 2 will not be able to imply security. What to do? I can't use another tomcat for another application.


The difference between <b>failure</b> and <b>success</b> is often being <b>right</b> and being <b>exactly right</b>.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
The Realm element is part of the Engine element, so only a single realm can be configured per Engine. If you set up a second Service element you can configure its Engine to use a different realm.


Ping & DNS - updated with new look and Ping home screen widget
Em Aiy
Ranch Hand

Joined: May 11, 2006
Posts: 225
Originally posted by Ulf Dittmer:
The Realm element is part of the Engine element, so only a single realm can be configured per Engine. If you set up a second Service element you can configure its Engine to use a different realm.


so what if i have to configure security for 2 applications on the same server? Need Basic Authentication for application 1 and Form Based Security for Application 2?

Can you elaborate for setting another engine?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
so what if i have to configure security for 2 applications on the same server? Need Basic Authentication for application 1 and Form Based Security for Application 2?

That's no problem. Within a web app you can only use one or the other -not both-, but different web apps can use different forms of authantication.

What is not possible is to use different Realm implementations for the same Tomcat Service. That's a limitation of Tomcat, and has nothing to do with servlets per se. See below for how to get around this.

Can you elaborate for setting another engine?

Much more information about that can be found in the Tomcat docs. You could start by duplicating the Service element in the server.xml file, and then changing the Realm of the second one to suit your needs.
Em Aiy
Ranch Hand

Joined: May 11, 2006
Posts: 225
I have placed the following configuration in server.xml file after reading from tomcat site


But it is not working ... the way i want to.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
That's interesting. So Tomcat does allow different realms for each web app by declaring them in the Context element. Note that it's "Context", not "context" - is that just a typo in the post?

What does "But it is not working" mean? How is or isn't it working? Is the web app itself working properly (apart from the authentication)?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat security Problem
 
Similar Threads
Tomcat with more than one Applications in WEBAPPS folder
question about tomcat JDBC realm.
Windows Authentication Using Tomcat 5.0
A Realm for more than one Webapp
what is realm. ???