• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Problem with JDBCRealm configuration

 
Greenhorn
Posts: 18
Eclipse IDE Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I have problems with an application in a Tomcat6. The problems are related to safety (security_constrain). For user authentication I am using a jdbcRealm by auth-method FORM.

In my local machine no problem. Everything works fine. But when the application is the production server and try to access a protected resource, I am always redirected to the error page.

I tried to change the pattern in security_constrain, and the result is the same. I can access everything but what they protect. I've also changed the password and I've removed the "digest = MD5" context.xml file, but with the same result.

The only difference is that I have (in production) Apache + Tomcat. Can this be the reason?

The web.xml security statement is this:



Reaml's statement is this:



It not is the first time that I use JDBCRealm, but is the first that I have this problem. Any idea?

Thanks.
 
Saloon Keeper
Posts: 28477
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Jaunjo!

Usually the first thing to look for when something works in test and fails in production and is is getting resources via a network connection is that a firewall may be in the way. I realize that this is unlikely when the database server is on localhost, but it's still possible. While you're at it, confirm that localhost is, in fact mapped properly to 127.0.0.1 (in the hosts file) and that mysql is configured to accept local tcp/ip requests (using netstat to display listeners).

Other than that, things look OK, but I recommend that you remove the userid/password from your JDBC URL, since you're supplying them as Realm attributes and that could be confusing. I use "login.jsp" and "loginFail.jsp" as the 2 page names myself; "login" and "logon" may look enough alike to casual troubleshooters to confuse them, although Tomcat doesn't care.

 
Juanjo Cuadrado
Greenhorn
Posts: 18
Eclipse IDE Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hi Tim...

Thanks for you reply!! And sorry for me English

Yes... is me first post, but I read this (great) forum from many years ago

Entire application is working properly, except for the resources under authentication / authorization. I think this rules out communication problems or issues of proxy (as you have seen in the configuration, the database is on the same server).

I really don't know what is happening... This is something simple... but not for this time, apparently. I'm forgetting something, sure.

If you see something more....

Thanks.

 
Tim Holloway
Saloon Keeper
Posts: 28477
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's not often done (deliberately, anyway), but it is possible to firewall local requests, so it's always worth verifying.

One thing you didn't make clear however was whether the "error page" was from Tomcat or from Apache. That's important to know.

Most likely if the database server connectivity is OK, you're either not configuring Tomcat's HTTPS connector properly or Apache isn't forwarding HTTPS properly.
 
Juanjo Cuadrado
Greenhorn
Posts: 18
Eclipse IDE Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have to achieve explain me better...

By the moment, I don't have configurated anything of HTTPS... only I need to make work the autorization issue by HTTP.

The error page is the page of "<form-error-page>/WEB-INF/logon.jsp</form-error-page>". I have put these pages under WEB-INF. I think that this is correct.

As you say, I haven't put deliberately nothing to firewall local requests, but... How can I try it?

Thanks again.
 
Juanjo Cuadrado
Greenhorn
Posts: 18
Eclipse IDE Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Other thing more...

I've stopped the Apache server and I have tried directly access to Tomcat (port 8080) and I have achieved the same result... the error login page (logon.jsp in the configuration code)....

I can rule out the Apache server as a possible cause of the problem?
 
Tim Holloway
Saloon Keeper
Posts: 28477
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think we can forget about it being an Apache problem, then.

I'm not sure what you have on your "logon.jsp" page, but the equivalent one I use (loginFail) normally is just like the login.jsp except that it includes the message "Login failed, please try again" or some similar message. The loginfail page is usable as a login form, but if you try to use a loginfail page containing a login form as a regular error page, that won't work, since the login form handler isn't a standard URL process. To avoid confusion, however, I recommend you make a completely different error page so you won't get any confusion between regular login failure and general web application errors.

As far as not using HTTPS, though, you should ALWAYS use HTTPS on login pages. Otherwise a network traffic sniffer can steal userid/password combinations at will.
 
Juanjo Cuadrado
Greenhorn
Posts: 18
Eclipse IDE Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I managed to fix the problem.

Actually what happens is that the server was not finding the library of drivers dd.bb.

In this version of Tomcat you can not put the "jar" in TOMCAT_HOME / common / lib (among other things, because does not exist and if is created, has no effect). To give effect to the driver must be placed in CATALINA_HOME (which has established a value of /etc/default/tomcat6).

Thus, Tomcat can find the drivers and validate the user.

I wrote a post on my blog about this ... although in Spanish...

http://finger-in-the-eye.blogspot.com/2011/06/problemas-con-jdbcrealm-en-tomcat6.html



Thanks for your help and for "listening".
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
follow this nice tutorial:
http://sportechno.wordpress.com/2011/08/11/restful-basic-http-authentication-with-tomcat-jdbcrealm/
 
I am displeased. You are no longer allowed to read this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic