Michael Staszewski

Greenhorn
+ Follow
since Oct 10, 2011
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Michael Staszewski

Sorry that I can't be of more help. I'm a Delphi developer and have just been exploring this hell called Java. :-) I don't really know much at all as far as application servers and the like are concerned and what I do know has been from trial and error and this forum, but I've been using NetBeans as I find it more intuitive than Eclipse.
12 years ago
I just did as I mentioned in my last post. I downloaded the official Tomcat installation from the web and stopped using the one installed by NetBeans. That resolved all of my issues. It's been several weeks and I'm using Glassfish so I don't really have anything else to offer other than the official installation allowed me to login.
12 years ago
I apologize for the terrible subject. I was unable to put into few words what I want to ask. If you are reading this, thank you!

I'm exploring authentication mechanisms for my JAX-RS web service application. I first looked at basic. It's easy to implement, works well, and makes sense to me. I have a table in my repository (Oracle db) for users and am able to find user data in other tables in the repository through normal querying and FK relationships, etc.

I've recently been looking into other mechanisms and a Server Authentication Module (SAM) looks promising. It appears as though I'd be able to have an initial rollout supporting basic authentication with this and later expand it for OpenID or some other authentication process.

First, my company has a system in place that I can use to authenticate users. Let's assume that I setup a SAM to validate users against it and later want to support OpenID. Can I setup my container to go through a list of SAMs until one succeeds or all fail? Or, is there a way for me to customize my web service app or web.xml to use one module over another if a particular HTTP header is present? Am I thinking of this all wrong?

Second, what is a best (or good) practice for linking a user authenticated by a SAM to data in a repository? Suppose I have a table named DOCUMENTS and that table contains a column for document_data and another for user_id. A user uses my application to retrieve all of his/her documents. The user's credentials are validated using my SAM and they can then access the document service. The document service would like to query the DOCUMENTS table for all documents where user_id = <some_value>. What would typically be used there for <some_value>? In basic authentication this is all easy as I have a USERS table with usernames, passwords, IDs, etc. and the information is all in one location, but using a third party authentication module seems to separate two tightly coupled pieces of the repository. Does the SAM have some ability to return a unique ID for the user? Can my application interact with the SAM? My application is JAX-RS and all communication with it will be through the REST API.

Hopefully I have made myself clear. Any help is appreciated.

Thanks,
Michael
12 years ago

Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?



I had actually moved away from this topic for a few days and intended on coming back to it, but I stumbled across something in my research that looks like it fits the bill... at least for my needs.



This will detach the specified object from the entity manager so that future changes to it are not persisted. In my use case I want to tweak the data returned via GET so I don't see any problems with first detaching the objects I wish to modify. If there are any best practices out there that suggest detachment is not the preferred method of obfuscation or hiding data then please correct me.

Thanks,
Michael
12 years ago
Thanks, Ivan. The LOG! I need to remember this.



Heh, ORA exception. Thanks, I can get past this one now.

Michael
12 years ago

HTTP 500 is a server error, so the error is likely to occur in the server implementation.


If you want to set breakpoints etc, then you should do it in the RESTful service implementation class that is supposed to handle the request (DELETE in your case).



Understood. As stated in my original post I started Glassfish in debug mode and placed breakpoints in my web service application, but everything ran "smoothly" or so it seems. Other than the glaring 500 error there was nothing in NetBeans that indicated an exception had occurred. At least nothing that jumped out at me. I'm a Delphi developer by trade and Delphi IDE does an excellent job of breaking on exception so you see not only the location of the exception, but what exception was raised and the call stack at that time. I'm not sure if NetBeans has something similar, but anything close to this would be helpful. I was unable to find any debugging options to perform a similar break on exception function. Again, when I reproduced the exception while running Glassfish in debug mode and by setting breakpoints at the appropriate places in my WS app, nothing useful was gained from what I could tell. The flow did stop on the breakpoint as expected, but stepping into, over, etc. all ran as if no exception had been raised. Perhaps I'm just not doing something correctly in NetBeans to debug properly.

Have you had a look in the GlassFish log? Isn't there any exception there?



No. I always forget about the @#$ log! I'll check it out.

Thanks,
Michael
12 years ago

Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?



I have not. At the moment I'm still learning this stuff and am unsure how to create a userprofile object in such a manner, but I'll look into it.

So I guess that a servlet filter is the only option with a RESTful web service.



Thanks. I'll look into this route as well.

Thanks,
Michael
12 years ago
Hi there, I have a JAX-RS application and am attempting to delete an item. I receive HTTP 500 errors and am unsure where the problem lies. What is the best way to debug these? I am using NetBeans 7 and Glassfish. I have started Glassfish in debug mode and reproduced my problem, placing a breakpoint on the line of code that issues the remove call, but I don't see any sort of exception dialog or anything meaningful.

The specific scenario that is raising the error is trying to delete a user. If I issue an HTTP delete to remove a user profile identified by its ID then the profile is removed, but it leaves a record in the users table which is undesirable. If I issue the delete to remove a user using its ID then I receive the HTTP 500. My tables are on Oracle DB and there are proper PK/FK relationships setup. The user_profiles table is also setup to remove the appropriate record when the corresponding users record has been removed using the ON DELETE CASCADE clause. The script for setting up the tables is as follows.



Alternatively I suppose I could setup a trigger on the DB to remove the appropriate user record when the profile record has been removed, but I'd like to figure out this 500 error to better my understanding of Java/web service app development.

Thanks in advance,
Michael
12 years ago
I'd like to mask certain data that is returned by my web service. For example, suppose I have a routine to return a user profile having a specified email address. The user profile may contain information that is to be hidden from all other users other than the owner of the profile, birth date for instance.

If I have a routine defined as...



I'd like to do something like the following psuedocode.

if UserRequestingProfileIsNotUserOwningFoundProfile and UserProfile.HideBirthdate then
UserProfile.Birthdate = null;

I have logic already to determine whether or not the user requesting the resource is entitled to see all data so we can skip that part, but when I do UserProfile.Birthdate = SomeOtherValue the underlying database storing the userprofile data is updated. I'd like to modify the return value and not update the underlying data.

Any help is much appreciated.

Thanks,
Michael
12 years ago
Ding, ding, ding. Downloading the official Tomcat distribution and setting it up manually by editing server.xml to resolve a port conflict and setting up tomcat-users.xml works likes a champ. Arghh. Thanks for the help.
12 years ago
Thanks for the help. I'll post back here if I get somewhere or send pics of my broken laptop if I toss it out of the window.
12 years ago

Try removing the LockoutRealm outer Realm definition from server.xml.



I tried the following, no luck.



Also, make sure that the tomcat-users.xml file hasn't accidentally been given file access rights that keep it from being readable by Tomcat.



Everything should be OK here. It's read-write and I've closed the file from my text editor to release any lock the editor may have placed on it that prevents it from being opened. I still see the same behavior.

You might also find useful messages in the logs/localhost log file or logs/catalina.out file.



My logs directory is empty.

I've viewed some other tutorials online and this should really be somewhat simple. Seeing that it is not, I'm going to uninstall it and reinstall it. Tomcat was bundled with NetBeans 7 installer and although I should have no reason to doubt the success of the installation, it appears that some links are broken in my Tomcat installation which raises doubt. For example, when I navigate to the Tomcat admin homepage I see the message that the installation was successful. I also see various links to how-to pages and the like. Those links are all broken. I get 404 errors. I'll go down this road a bit and see where it leads.

Thanks,
Michael
12 years ago
Thanks, getting closer hopefully. I appreciate your time as even though I can't get in, I'm learning more about the Tomcat setup. Here is my server.xml. It appears as though the Realm is available and is defined as a child element of the LockOutRealm. It points to the UserDatabase resource which is also specified and indicates the tomcat-users.xml file as the source.



Thanks,
Michael
12 years ago
Thanks for the reply.

The tomcat-users.xml file supplied with Tomcat doesn't have any admin stuff set up, and as far as I can remember, that includes the role names, so yes, you'd have to add the ones that people will be using.



This is correct, there is nothing in the XML file by default other than comments including a template for specifying roles and users which I've followed.

I suspect that you may need to define and assign the manager-status role as well as the manager-ui role before you can effectively use the manager app.



Perhaps, but I have tried that as well with no success. One of the permutations I attempted was giving my user all available roles (even though Tomcat advises to not do so as it violates some security protocol or something) and that too failed. The XML for that attempt is...



If you can login but you get "forbidden" pages, then your role assignments aren't all set up the way you need them to be



I cannot login. I enter my username and password correctly, in the exact case (all lower) as specified in the tomcat-users.xml file and every time I click OK at the login dialog, it does not load. It only shows the login dialog again, and again, and again, ... until I get fed up and click Cancel. At this point I am shown the error page showing HTTP 401 with the text I included in my previous reply.

your role set doesn't include the URL of the page you're trying to access.



I do not understand what you mean here. Can you expand on this? At no point have I specified a URL in the role definitions or in my user/role mapping. Perhaps this is an issue? The web.xml file that does contain role names is located at this location, C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.14\webapps\manager\WEB-INF\web.xml and the URL I am attempting to access is located at http://localhost:8084/manager/html. This URL is for the Tomcat manager page from what I can tell, but it's a dark and mysterious place that I cannot access.

The entire contents of that web.xml file is...



Thanks,
Michael
12 years ago

I'm not quite sure what you're asking here.



I'm just trying to login to the Tomcat manager GUI and am unable to. I'm new to web service development in Java and the Tomcat application server and I'm just poking around trying to familiarize myself with it.

It sound like you have a working solution but you're hoping for a shortcut?



No, I don't have anything working at the moment. In my original message, all of those XML snippets are failed attempts at setting up tomcat-users.xml so that I can login to the manager app (http://localhost:8084/manager/html).

Roles are defined in web.xml.



Thanks, I see that the roles are defined in the following location in my installation. C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.14\webapps\manager\WEB-INF\web.xml. However, the web.xml file in the conf directory does not have defined roles. In which location should the roles be defined? The error message returned by Tomcat when I fail to login is an HTTP 401 and specifically says the following.

You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.

<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>



It seems that the manager-gui role must be defined in the tomcat-users.xml file unless the message is incorrect. Note in my original message that I did have my tomcat-users.xml setup as follows and this does not work in my installation.



Incidentally, one of the reasons that tomcat-users.xml isn't recommended for production environments is that the Realm that uses it (MemoryRealm) loads in the entries when Tomcat starts up and does not monitor for changes to that file. To see the roles change, Tomcat has to be restarted



I have been restarting the server after each modification to tomcat-users.xml without success.

When a more dynamic Realm is used, such as a JDBCRealm or LDAP Realm, the roles a user has are determined at login time, so to get the changes, Tomcat doesn't have to be restarted.



For my web service application, this is what I will use. In Glassfish I am already setup to use JDBCRealm where it validates users against tables in an Oracle DB. At the moment; however, I'm not at the deployment phase. I simply want to see what the Tomcat manager GUI has within so that I can start playing with it in order to setup the JDBCRealm and what not.

I'm a complete newbie at this stuff so please assume that I know absolutely nothing with respect to Tomcat and using the management console. All that I want to do it get into it and do some hands on experimenting to setup my web service application. This is a sandbox server that I'm getting my feet wet in.

Thanks,
Michael
12 years ago