I created a web application and i deployed it on
Tomcat. I'm trying to manage the access to private areas with a realm DB accessed via a JNDI named
JDBC DataSource. I can successfully access the DataSource but securyty constraints do not work correctly: i am asked a username and password but none is accepted.
That's what i did:
- i've created two tables in the DB: one with usernames and passwords and the other with usernames and roles
-i configured a a JNDI named JDBC DataSource for your database (this seems to work
-i set up a <Realm> element in $CATALINA_HOME/conf/server.xml:
<Realm className="org.apache.catalina.realm.DataSourceRealm" debug="99"
dataSourceName="jdbc/utenti"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"/>
(and restarted tomcat)
-i put security constrints in the web.xml file of my application:
<security-constraint>
<display-name>basic</display-name>
<web-resource-collection>
<web-resource-name>Secured Web Collection</web-resource-name>
<url-pattern>/pages/Welcome.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>registered</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/pages/Login.jsp</form-login-page>
<form-error-page>/pages/Error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>una autorizzazione per il gli utenti registrati</description>
<role-name>registered</role-name>
</security-role>
thanks to anyone that could give me some advice
eve