I have an annoying error which I can't solve for quite a while. I recently was introduced to container-based security and try to implement it. I have configure the realm as following:
Unfortunately I can't login with this. The log error messages are:
SEVERE: Exception performing authentication
java.sql.SQLException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null WHERE login = 'user1'' at line 1
Please notice the '' around the user name... Is this correct?
As you see I also use allRolesMode="authOnly", because I don't need this functionality and moreover the database doesn't have and won't ever have an additional column for user roles (it is quite pointless if won't use it than every user will have the same value in this column - big waste of recourses.).
The Tomcat Context definition is XML. XML requires all attribute values to be delimited by double-quote characters, unlike HTML which can use single-quote characters or no delimiters at all. If you're referring to the usage of quotes in the MySQL error message in the SQLException, its usage of single and double quotes is just plain bizarre.
I wasn't familiar with the allRolesMode option myself. My apps tend to have a minimum of 3 roles: unsecured, app user, and app administrator. So I've never had that issue.
I think your real problem is that you've setup the following structure:
That's malformed XML. It's the equivalent of this:
Assuming what you gave us is correct, I'm surprized that Tomcat didn't simple fail to start because of a digester XML error.
When it comes to destroying a civilization, gas chambers cannot hold a candle to echo chambers.
posted 7 years ago
No Tomcat works fine with this. But i is the problem of allRolesMode="authOnly" . When I added user role tables and columns it works. Unfortunately as I wrote The db won't have user roles columns so I needed to pick one with enum values and listed all of them in the application web.xml file :/ I don't like this but it seems that there is no other way :/ Unless anybody knows another approach to ignore roles checking?