This discussion is archived
0 Replies Latest reply: May 8, 2008 12:38 PM by 807581 RSS

non functioning tomcat jdbcrealm+jaas web form authentication jspwebapp

807581 Newbie
Currently Being Moderated
Hi all,
I want to use the built-in JAAS on my servlet and jsp files to manages easier the access roles of the different pages. I use Tomcat 6.0, Java EE 5, JDK 1.5 and I am developing in Netbeans 6.1. On the internet I found several tutorials on how to get the web form based authentication work on webapps which run on tomcat or on other application server. Using Glassfish v2ur2 as application server as descriped in this tutorial [http://developinjava.com/readarticle.php?article_id=6] using the internal derby databases worked so i can be sure that the xml files regarding the wepapp are working properly. However I have to use Tomcat as application server. I set up the database, inserted tables and data as described in the official tutorial and added the realm to the server.xml file. But trying to use the username and password stored on the database fails. When I use a role which is in the tomcat-users.xml file it works perfectly so what made i wrong. Tomcat tells me no exception.
server.xml in tomcat/conf/ snippet tried with and without port, even tried mysql and postgres
     <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
           driverName="org.gjt.mm.mysql.Driver"
        connectionURL="jdbc:mysql://127.0.0.1:3306/auth?user=root&password=root"
            userTable="users" userNameCol="user_name" userCredCol="user_pass"
        userRoleTable="user_roles" roleNameCol="role_name"/>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
    <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
            <description/>
            <url-pattern>/protected/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
            <role-name>USERS</role-name>
            </auth-constraint>
    </security-constraint>


    <!-- Default login configuration uses form-based authentication -->
    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>developinjava</realm-name> 
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
    </web-app>
sun-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/dogma</context-root>
  <security-role-mapping>
    <role-name>USERS</role-name>
    <group-name>USERS</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>
The jdbcrealm I tried are accepting all connections, the tables and columns exists in the databases and username and password are correct.
Thanks for any hint
Question: What I made wrong on configuring the jdbcrealm or what is missing on my configuration?