Tomcat 7: JDBCRealm authentication issue

I have a peculiar problem. My Context uses a JDBCRealm for authentication. When I put my Context in conf/server.xml, I can login without a problem. But, I'm told this is a bad practice and that I should place my Context in /webapps/Injunction/WEB-INF/META-INF/context.xml.

I've done this. And now my login fails. Same Context. Two different locations.

I've googled left and right but no one else has experienced this issue. I'm using Tomcat 7.0.39. I upgraded to 7.0.55 to see if it would help, but the problem persists.

Here is my Context:

<Context docBase="Injunction" path="/Injunction" reloadable="true"> <Realm className="org.apache.catalina.realm.JDBCRealm" digest="MD5" driverName="com.informix.jdbc.IfxDriver" connectionURL="jdbc:informix-sqli://pegasus2.ccsc.seminoleclerk.org:1540/civil:INFORMIXSERVER=pegasus2_tcp" connectionName="tomcivil" connectionPassword="tomcivil" userTable="user_password" userNameCol="user_login" userCredCol="secured_password" userRoleTable="users_roles" roleNameCol="role_name" /> </Context>

If I can't resolve this problem, I'll have to maintain the Context in the server.xml and manually deploy the webapp. Turns out you can't use the HTML manager gui if you've put the Context in the server.xml.

"/webapps/Injunction/WEB-INF/META-INF/context.xml" isn't actually a valid location.

You can put a context file in a webapp's "/META-INF/context.xml" file. Or you can put it in the Tomcat server instance's "conf/Catalina/localhost" directory under the name "xxxxx.xml", where "xxxxx" is the context path name you want to use. Or both, in which case the Catalina/localhost context overrides the WAR's context.xml. Which is useful if you like a default context in the WAR for testing but need to override it with settings specific to production.

Oh my stars and garters. I assumed the META-INF directory had to reside under WEB-INF.

Thank you Tim, you are a saint!

META-INF has uses outside of J2EE, such as for self-executing JAR apps. That's why it's not under WEB-INF. Actually, it's probably subject to the same "invisibility" rules as WEB-INF, but I never thought about that before.