JDBC realm of FORM authentication in Web AS 640
Hi, All,
We try to port a web application from Apache Tomcat to WebAS 6.40. In the application we use FORM authentication based on Tomcat JDBC Realm. The configuration in Tomcat server.xml is like:
<Context...>
<Resource name="jdbc/mydb" auth="Container" type="javax.sql.DataSource" username="..." password="..." driverClassName="..." url="..."/>
<Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/mydb" digest="MD5" userTable="users" userNameCol="userName" userCredCol="passwd" userRoleTable="roles" roleNameCol="roleType"/>
</Context>
In database there are 2 tables for authentication purpose: users and roles. There are column userName, passwd in table users and userName, roleType in table roles (correlated with column userName). Then in web.xml we define FORM authentication:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>...</realm-name>
<form-login-config>
<form-login-page>...</form-login-page>
<form-error-page>...</form-error-page>
</form-login-config>
</login-config>
Has anyone tried to port Tomcat JDBC realm mechanism of FORM authentication to WebAS 640? How do we need to configure J2EE server in Visual Administrator or deploy an application with DeployTool to implement the same features? And does WebAS support declarative MD5 digest algorithm in FORM Authentication?
Any help is highly appreciated.
Thanks in advance
John
evnafets wrote:
The way it works is that you declare which pages in your application have got security around them in your web.xml. Whenever a user tries to navigate to one of those pages, they are presented with the login screen. If they login successfully, then they are taken to the page they originally requested.
You should never actually have a link to your login page - the container will serve it when required.Ok, but how do i stop them entering the URL of the login page?
i get this error after logging in correctly if i directly access the login page:
"HTTP Status 400 - Invalid direct reference to form login page"
i tried adding this constraint but it still happens:
<security-constraint>
<web-resource-collection>
<web-resource-name>login</web-resource-name>
<url-pattern>/staffLogin/login.jsp</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
>
One possible way around this would be to create a database view which is a union of the two tables, thus giving you one "table" to query for the username/password/role combinations. That should satisfy the realm requirement.
Cheers,
evnafetsThats a good idea, il give that a shot. Thanks.
Similar Messages
-
Authentificaton - JDBC realm & Form Based in Jdeveloper 10.1.3 and OCJ4
Dear Partners:
Being new working with Jdeveloper 10.1.3 and embedded OC4J,
I'm migrating an application from Tomcat and trying to
setup authentication for my JSP pages: JDBC realm and Form Based.
I succeeded only adding the security constraint to
the application's server.xml file, and creating the
user and user's roles tables. Yet, I got lost
by using the Jdeveloper's menu option Tools->OC4J embedded
OC4J server preferences.
Any documentation or examples are appreciated.
Thank you.Waheed - we aren't satisfied with our device coverage for mobile devices, hence we're focusing our efforts on Telnet/PDA and working with partners for ADF support for the broader class of mobile devices. Please send me an email or give me a call with any questions ([email protected], +1-408-687-8185).
-Indu -
Window for Form-Based Authentication in web.xml for JAZN.
Whether probably to make so that the form-authorization in Form-Based Authentication in web.xml for JAZN opened in a separate window?
Thanks,
Alexandrethis is what i have so far...in my web.xml deployment descriptor
am using Jbuilder 6 with tomcat.....if i run it from IDE, will the featuresi have added to the web.xml file...eg Error page be used ...or only when i deplo the app ???
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<display-name>Java Pet Store</display-name>
<description>Web Application for Reseach</description>
<session-config>
<session-timeout>54</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Default.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/</location>
</error-page>
<taglib>
<taglib-uri>PetStoreTagLib</taglib-uri>
<taglib-location>/WEB-INF/PetStoreTagLib.tld</taglib-location>
</taglib>
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<url-pattern>Checkout.jsp</url-pattern>
<url-pattern>OrderList.jsp</url-pattern>
<url-pattern>OrderDetails.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LoggedInUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/ErrorPage.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Logged In User</description>
<role-name>LoggedInUser</role-name>
</security-role>
</web-app>
in setting up the tomcat-users.xml file am i to add table to my database, to relate the user to the role....... -
hi,Good evening ,this is my First post in sun.com.......
I am trying to provide Form authentication and authorization in my we application (facelets,glashfish).For this I create one sample database with tables user and grouptable and finally created JDBC realm in glassfish server Successfully.
so this authentication and auth with JSP pages I am success fully providing .But i want with .jsf(.xhtml).I am getting struggle in how to call j_security_check from .xhtml page.But this same method I am successfully calling from .jsp(action="j_security_check").so can u please help me how to call j_security_check from .xhtml. page And what is the configuration for displaying success.xhtml and fail.xhtml after click on submit button in login.xhtml
web.xml
<web-app>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.validateXml</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>com.sun.faces.verifyObjects</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>facelets.SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>org.richfaces.SKIN</param-name>
<param-value>DEFAULT</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<error-page>
<error-code>403</error-code>
<location>/accesdenaid.jsp</location>
</error-page>
<filter>
<display-name>RichFaces Filter</display-name>
<filter-name>richfaces</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>richfaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<welcome-file-list>
<welcome-file>/forward.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/pages/cpdownloader/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/pages/cprequester/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<!--<realm-name>default</realm-name>-->
<realm-name>enrollmentsrealm</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>and login.xhtml
<ui:composition template="/templates/login_layout.xhtml">
<ui:define name="body">
<h:form id="loginForm1">
<table align="center" cellspacing="0" cellpadding="0">
<tr>
<td height="30px"></td>
</tr>
<tr align="center" >
<td align="center" colspan="2" class="pagetitle">Requester Login</td>
</tr>
<tr>
<td height="10px" ></td>
</tr>
<tr>
<td class="labelname">User Name *</td>
<td class="label"><h:inputText id="j_username" value="#{LoginBean.userName}"/>
</td>
</tr>
<tr>
<td class="labelname">Password </td>
<td class="label"><h:inputSecret id="j_password" value="#{LoginBean.password}"/></td>
</tr><br/>
<tr>
<td colspan="2" height="5px" ></td>
</tr>
<tr>
<td> </td>
<td class="buttonsalign">
<h:commandButton id="login1" value="Login" styleClass="buttonstyle" action="#{LoginBean.submit}"/>
</td>
</tr>
<tr>
<td colspan="2" height="25px" ></td>
</tr>
</table>
</h:form>
</ui:define>
</ui:composition>can u please help me where i did mistake
thanks in advanceI am also having problems trying to get an appclient authenticated.
Could someone post a working example app or provide a link to an example ? -
Tomcat JDBC Realm Database Connection Error
Hello all,
I am trying to edit the server.xml file on Tomcat so I can use the JDBC Realm instead of the MemoryRealm. Hence, I will be able to read users, passwords and roles from a relational database instead of from the tomcat-users.xml.
I have tried following all the guides on the net I can find, my server.xml looks as follows (after making changes to allow it to use JDBC realm). The only problem is, when I try to run the application the server outputs the following: (after all of these errors have been kicked up a pop-up box then appears titled "Tomcat Manager Application", it asks for a User Name and Password. I have tried the standard user name of "ide" and the password next to it in tomcat-users.xml but it won't accept it. (I am using the netbeans IDE)).
Please could someone suggest any ideas of how I can get the server.xml to work with JDBC realm?
Using CATALINA_BASE: C:\Documents and Settings\Administrator\.netbeans\5.0beta\jakarta-tomcat-5.5.7_base
Using CATALINA_HOME: C:\Program Files\netbeans-5.0beta\enterprise2\jakarta-tomcat-5.5.7
Using CATALINA_TMPDIR: C:\Documents and Settings\Administrator\.netbeans\5.0beta\jakarta-tomcat-5.5.7_base\temp
Using JAVA_HOME: C:\j2sdk1.4.2_08
Created MBeanServer with ID: 1f934ad:107444b1d2b:-8000:ravinder-rdnzoa:1
31-Oct-2005 01:29:33 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8084
31-Oct-2005 01:29:34 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
31-Oct-2005 01:29:34 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2174 ms
31-Oct-2005 01:29:34 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
31-Oct-2005 01:29:34 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.7
31-Oct-2005 01:29:34 org.apache.catalina.realm.JDBCRealm start
SEVERE: Exception opening database connection
java.sql.SQLException: org.gjt.mm.mysql.Driver
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:646)
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:720)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1003)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:440)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
31-Oct-2005 01:29:34 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
31-Oct-2005 01:29:36 org.apache.catalina.startup.ContextConfig validateSecurityRoles
INFO: WARNING: Security role name IBM used in an <auth-constraint> without being defined in a <security-role>
31-Oct-2005 01:29:36 org.apache.catalina.startup.ContextConfig validateSecurityRoles
INFO: WARNING: Security role name Auditor used in an <auth-constraint> without being defined in a <security-role>
31-Oct-2005 01:29:37 org.apache.struts.tiles.TilesPlugin initDefinitionsFactory
INFO: Tiles definition factory loaded for module ''.
31-Oct-2005 01:29:37 org.apache.struts.validator.ValidatorPlugIn initResources
INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml'
31-Oct-2005 01:29:37 org.apache.struts.validator.ValidatorPlugIn initResources
INFO: Loading validation rules file from '/WEB-INF/validation.xml'
31-Oct-2005 01:29:38 org.apache.catalina.startup.ContextConfig validateSecurityRoles
INFO: WARNING: Security role name IBM used in an <auth-constraint> without being defined in a <security-role>
31-Oct-2005 01:29:38 org.apache.struts.tiles.TilesPlugin initDefinitionsFactory
INFO: Tiles definition factory loaded for module ''.
31-Oct-2005 01:29:38 org.apache.struts.validator.ValidatorPlugIn initResources
INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml'
31-Oct-2005 01:29:38 org.apache.struts.validator.ValidatorPlugIn initResources
INFO: Loading validation rules file from '/WEB-INF/validation.xml'
31-Oct-2005 01:29:39 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8084
31-Oct-2005 01:29:39 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8443
31-Oct-2005 01:29:40 org.apache.jk.common.ChannelSocket init
INFO: JK2: ajp13 listening on /0.0.0.0:8009
31-Oct-2005 01:29:40 org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/60 config=null
31-Oct-2005 01:29:40 org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
31-Oct-2005 01:29:40 org.apache.catalina.startup.Catalina start
INFO: Server startup in 5738 ms
31-Oct-2005 01:29:40 org.apache.catalina.realm.JDBCRealm authenticate
SEVERE: Exception performing authentication
java.sql.SQLException: org.gjt.mm.mysql.Driver
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:646)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)
31-Oct-2005 01:29:40 org.apache.catalina.realm.JDBCRealm authenticate
SEVERE: Exception performing authentication
java.sql.SQLException: org.gjt.mm.mysql.Driver
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:646)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)The server.xml looks as follows:
<?xml version="1.0" encoding="UTF-8"?>
<!-- Example Server Configuration File -->
<!-- Note that component elements are nested corresponding to their
parent-child relationships with each other -->
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8025" shutdown="SHUTDOWN">
<!-- Comment these entries out to disable JMX MBeans support used for the
administration web application -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<!-- RAV
<Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml"/>
-->
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" (and therefore the web applications visible
within that Container). Normally, that Container is an "Engine",
but this is not required.
Note: A "Service" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
following the instructions below and uncommenting the second Connector
entry. SSL support requires the following steps (see the SSL Config
HOWTO in the Tomcat 5 documentation bundle for more detailed
instructions):
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.
By default, DNS lookups are enabled when a web application calls
request.getRemoteHost(). This can have an adverse impact on
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8084" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="utf-8"/>
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Note : To use gzip compression you could set the following properties :
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml"
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3"/>
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this. -->
<!--
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100" connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
-->
<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost">
<!-- The request dumper valve dumps useful debugging information about
the request headers and cookies that were received, and the response
headers and cookies that were sent, for all requests received by
this instance of Tomcat. If you care only about requests to a
particular virtual host, or a particular application, nest this
element inside the corresponding <Host> or <Context> entry instead.
For a similar mechanism that is portable to all Servlet 2.4
containers, check out the "RequestDumperFilter" Filter in the
example application (the source for this filter may be found in
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Request dumping is disabled by default. Uncomment the following
element to enable it. -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!-- RAV
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
-->
<!-- Comment out the old realm but leave here for now in case we
need to go back quickly -->
<!--
<Realm className="org.apache.catalina.realm.MemoryRealm" />
-->
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/tomcatusers"
connectionName="root" connectionPassword="sikhism1"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
connectionName="scott" connectionPassword="tiger"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!--
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:CATALINA"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
-->
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false">
<!-- Defines a cluster for this node,
By defining this element, means that every manager will be changed.
So when running a cluster, only make sure that you have webapps in there
that need to be clustered and remove the other ones.
A cluster has the following parameters:
className = the fully qualified name of the cluster class
name = a descriptive name for your cluster, can be anything
mcastAddr = the multicast address, has to be the same for all the nodes
mcastPort = the multicast port, has to be the same for all the nodes
mcastBindAddr = bind the multicast socket to a specific address
mcastTTL = the multicast TTL if you want to limit your broadcast
mcastSoTimeout = the multicast readtimeout
mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
in case of multiple ethernet cards.
auto means that address becomes
InetAddress.getLocalHost().getHostAddress()
tcpListenPort = the tcp listen port
tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
has a wakup bug in java.nio. Set to 0 for no timeout
printToScreen = true means that managers will also print to std.out
expireSessionsOnShutdown = true means that
useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
false means to replicate the session after each request.
false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
<%
HashMap map = (HashMap)session.getAttribute("map");
map.put("key","value");
%>
replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
* Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
* Synchronous means that the thread that executes the request, is also the
thread the replicates the data to the other nodes, and will not return until all
nodes have received the information.
* Asynchronous means that there is a specific 'sender' thread for each cluster node,
so the request thread will queue the replication request into a "smart" queue,
and then return to the client.
The "smart" queue is a queue where when a session is added to the queue, and the same session
already exists in the queue from a previous request, that session will be replaced
in the queue instead of replicating two requests. This almost never happens, unless there is a
large network delay.
-->
<!--
When configuring for clustering, you also add in a valve to catch all the requests
coming in, at the end of the request, the session may or may not be replicated.
A session is replicated if and only if all the conditions are met:
1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
2. a session exists (has been created)
3. the request is not trapped by the "filter" attribute
The filter attribute is to filter out requests that could not modify the session,
hence we don't replicate the session after the end of this request.
The filter is negative, ie, anything you put in the filter, you mean to filter out,
ie, no replication will be done on requests that match one of the filters.
The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
ending with .gif and .js are intercepted.
The deployer element can be used to deploy apps cluster wide.
Currently the deployment only deploys/undeploys to working members in the cluster
so no WARs are copied upons startup of a broken node.
The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
When a new war file is added the war gets deployed to the local instance,
and then deployed to the other instances in the cluster.
When a war file is deleted from the watchDir the war is undeployed locally
and cluster wide
-->
<!--
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true"
notifyListenersOnReplication="true">
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="auto"
tcpListenPort="4001"
tcpSelectorTimeout="100"
tcpThreadCount="6"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"
ackTimeout="15000"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
</Cluster>
-->
<!-- Normally, users must authenticate themselves to each web app
individually. Uncomment the following entry if you would like
a user to be authenticated the first time they encounter a
resource protected by a security constraint, and then have that
user identity maintained across *all* web applications contained
in this virtual host. -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
-->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
This access log implementation is optimized for maximum performance,
but is hardcoded to support only the "common" and "combined" patterns.
-->
<!--
<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
This access log implementation is optimized for maximum performance,
but is hardcoded to support only the "common" and "combined" patterns.
This valve use NIO direct Byte Buffer to asynchornously store the
log.
-->
<!--
<Valve className="org.apache.catalina.valves.ByteBufferAccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
</Host>
</Engine>
</Service>
</Server>Many thanks, and apologies for "dumping" all of the code here.So looking through the java api docs, I found that the tcUtilJDBCOperations has a connect string for the database. Below is the info it outlines. The questions I have it this. How do you specify the psdriver and URL along with do I need to do this as a persistent instance then add my selectstatement as a part of this or can I just specify this and the select statement will use this connection? Any help you can give would be appreciated.
tcUtilJDBCOperations
public tcUtilJDBCOperations(java.lang.String psDriver,
java.lang.String psUrl,
java.lang.String psUsername,
java.lang.String psPassword)Contructor that sets the parameters for connecting to a database
Parameters:
psDriver - The class name of the jdbc driver
psUrl - The URL of the database
psUsername - The username required to access the database
psPassword - The password for the above username
Nick -
I have a few questions for you all. I don't know if this is the correct place to post this... I have been trying like a mad man to get JDBCrealms to work, but to no avail. I have sank into the tomcat documentation and also have an O'Reilly book here on tomcat. The book pretty much says the same thing as the Tomcat doc's. *(Thanks O'R.)*
What I am trying to do is use tomcats security to allow different users (with different roles) to login through a form to some JSP's that I have built. What the user can see / do will vary depending on their role. If anyone can give me a hand on this I'd appreciate it, if this is not the correct place to post this, can someone point me to the right place? I'm not finding too many forums on apache tomcat out there.Thanks for the quick response. I didn't want to waste time and keystrokes, bandwidth, or database space if this was the wrong place to ask about tomcat and stuff.
Ok, there actually are a NUMBER of issues I am having. First one's first. Can I use the tomcat JDBCRealms to login to the software via a form login? Secondly, I am having some issues on setting up a realm. I've been over and over the tomcat docs and also an O'Reilly book here and it basically says the same thing. It SEEMS it should be straight forward, but I must be missing something.
Here is a snippet of my web.xml file (the portion that deals with what I need):
<welcome-file-list>
<welcome-file>Login.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>my project name</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
<role-name>manager</role-name>
<role-name>trainer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Training</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/Login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>trainer</role-name>
</security-role>
Here is my server.xml file snippet:
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="0"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/<myDBname>"
connectionName="secret"
connectionPassword="endeavor"
userTable="tcuser" userNameCol="tcuser_name" userCredCol="password"
userRoleTable="tcrole" roleNameCol="tcrole_name" />
I have been getting a number of errors the first one that is most common is the j_security_check is unavailable.
the Login.jsp calls j_security_check when the submit button is pressed. The database connection works because without the realm, I am able to run the other JSP's and edit / update / display / (your basic very flexible CRUD). I have two tables defined in the database setup as how tomcat suggests them to be except no PK definitions on the two tables (I really do not think that is the issue) I guess one of my first questions is: Does the web.xml snippet look correct? What about the server.xml snippet?
Do you have to place any extra .jar files into the lib directory of tomcat or should the appropriate jar files already be there ready to go? Do I have to make any special calls to invoke the j_security_check or should all I have to do is call it in the action="" parameter of the form?
Another thing that might be related is that I am running Enfinity Suite (Eclipse on roids) to build these jsp's, I'm just not using any of the custom functionality. I set a new instance of tomcat up as to not use the studio's customized tomcat. I noticed that there are 2 web.xml files. One in the WEB-INF folder of the project and one in the CATALINA_HOME/conf/directory. Also I have read that there should be a context.xml file in the META-INF folder of the project? I'm very sorry to dump what seems to be basic questions about this on to you all, but I am completely lost on this. Thanks in advance to everyone.
warmest regards,
Josh
Edited by: TheWhiteKnight on Jul 8, 2008 6:43 PM -
Hi,
I have been trying to get the JDBC Realm to work, but with no success,
I get the following error:
Catalina.start: LifecycleException: Exception opening database connection: java.sql.SQLException
LifecycleException: Exception opening database connection: java.sql.SQLException
(see bottom of page for more detail)
I have successfully connected to the database and retrieved data using the following code
// Define the JDBP Driver and the database connection URL
public static final String driver = "org.gjt.mm.mysql.Driver";
public static final String url = "jdbc:mysql://localhost/db?user=un&password=pw";
public static void main(String args[])
Connection conn;
try
Class.forName(driver); // load the driver dynamically
conn = DriverManager.getConnection(url); // connect to the database
// perform a query. first create a Statement object from the connection
Statement select = conn.createStatement();
// next execute a query (SQL string) and return the results in a ResultSet object
ResultSet result = select.executeQuery("select * from users");
// print out the results
while(result.next())
String user = result.getString("user_name"); // note these match the columns in the
String password = result.getString("user_pass"); // SELECT statement
System.out.println(user + " " + password);
select.close(); //Close the query
conn.close(); //Close the database connection
however I have no luck in connecting using the JDBC Realm, I am using j2re1.4.1_01, jwsdp-1_0_01 & mysql-connector-java-3.1.0-alpha and the com & org directories are in $JWSDP_HOME/common/lib/ I have also put a copy of the mysql-connector-java-3.1.0-alpha.jar in $JWSDP_HOME/server/lib/ in an effort to get this to work!!
my $JWSDP_HOME/conf/server.xml contains
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driver="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/db?user=un;password=pw"
userTable="users" usserNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
I hope someone can shed some light on this as I have been reading a lot of threads about this however they all seem to have the driver name included in the Exception error and I don't get that in the error message, so I am assuming that the driver is working and there is another error.....
Cheers in advance
Contentents of $JWSDP_HOME/logs/catalina.outStarting service Internal Services
Java Web Services Developer Pack/1.0_01-fcs
Catalina.start: LifecycleException: Exception opening database connection: java.sql.SQLException
LifecycleException: Exception opening database connection: java.sql.SQLException
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:683)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1175)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
at org.apache.catalina.core.StandardService.start(StandardService.java:499)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2187)
at org.apache.catalina.startup.Catalina.start(Catalina.java:504)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:399)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.launcher.Launcher.main(Launcher.java:208)
----- Root Cause -----
java.sql.SQLException
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:606)
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:681)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1175)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
at org.apache.catalina.core.StandardService.start(StandardService.java:499)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2187)
at org.apache.catalina.startup.Catalina.start(Catalina.java:504)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:399)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.launcher.Launcher.main(Launcher.java:208)
Stopping service Internal Services
Catalina.stop: LifecycleException: Coyote connector has not been started
LifecycleException: Coyote connector has not been started
at org.apache.coyote.tomcat4.CoyoteConnector.stop(CoyoteConnector.java:1043)
at org.apache.catalina.core.StandardService.stop(StandardService.java:549)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2223)
at org.apache.catalina.startup.Catalina.start(Catalina.java:535)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:399)
logs/catalina.outokayyyy.... now i got ur point. I think its not much
difficult. Lets take it step-by-step.
That's what I thought and it's still not working .....
As a first step, you have to create 3 tables in your
mySql database for authentication purposes. Lets name
those tables: (1) user, (2) roles (3) user_roles.
'user' will contain fields regarding user name and
password, 'roles' will contain only 1 field specific
to role names and finally 'user_roles' is a mapping
table which contain user names and their
corresponding role names (obviously from 'roles'
table). This completes the database in mySQL that
will help you to authenticate your users.
I have added the roles table, not that they are referenced in the JDBC Realm connector ????
>
Now, its time to configure your web container, i.e.
Tomcat to use this database (in terms of JDBCRealm).
Make sure that tomcat services are stopped and then
open server.xml file in any ANSII compliant editor.
Search for any real tag (<Realm ... ) already placed
in your xml file. If there would be any, then you
should find under the <Engine> tag. Now place your own
<Realm> tag under the <Engine> tag.
It should be something like:
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/tomcatusers"
connectionName="root"
connectionPassword=""
userTable="users"
userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles"
roleNameCol="role_name"/>
Yup already done... now slightly modified
>
Plz double check "connectionName" and
"connectionPassword" attributes to match your own
user-name and passwords for your mySql db. This will
complete the whole process, just start your Tomcat
services again and see if that work. I hope it will
help you, plz must tell me about progress -:)
Raheel.
mysql -u tomcat -p
mysql> select a.user_name, b.role_name from users a, user_roles b
-> where a.user_name=b.user_name;
----------------------+
| user_name | role_name |
----------------------+
| daren | employee |
| tomcat | admin |
| tomcat | manager |
| tomcat | provider |
----------------------+
can you guess what happened????
IT DONT WORK :( -
Configuring JDBC Realms and session mangement
Hello All,
I want to provide authentication to my application.
Eg.
There are users in "User" table in my Java DB.
There is home page having login form and other features.
When the user enter his credentials in the login form, his credentials will be checked against the "User" table. iIf the credentials are right then, the next page containing his account information and shopping cart will be displayed and his session ID will be maintained. This session id will be used for other operations performed by this user.
I have achieved the above task easliy with my normal JDBC and JSP,Servlet.
I am learning Securities, and i want to accomplish this task using JDBC Realm with Netbeans IDE. Means Credentials will be checked, Session will be maintined, session id will be tracked and user page(account information and shoping cart) will be displyed.
How to achieve this?
Please help me out with the codes or example.
Please provide me the link if any article is mentioned for the same.
Thans & Regards,
Gaurav Digheok thanks....
but thats what i exacltly need. How to configure Servlet Container and Glassfish server to achieve the task. Second thing is that by doing so i want to achieve the session management. To be precise i want to configure by glassfish server and application for JDBC Realm and then achieve Session management/tracking.
I there any way to achieve this. I am new to Security.
Please help..
Edited by: user8687589 on Jan 27, 2011 11:33 AM -
JDBC Realm issue on Tomcat 4.0.1
Hi folks,
Tried this one the Sun forum and haven't had luck yet getting a thorough reply.
Trying to establish the JDBC realm config in Tomcat and am getting the following error:
Starting service Tomcat-Standalone
Apache Tomcat/4.0.1
Catalina.start: LifecycleException: Exception opening database connection: jav
a.sql.SQLException: [Microsoft][ODBC Driver Manager] Data source name too long
LifecycleException: Exception opening database connection: java.sql.SQLExcepti
on: [Microsoft][ODBC Driver Manager] Data source name too long
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)
my configuration in the web.xml file is as follows;
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="sun.jdbc.odbc.JdbcOdbcDriver"
connectionURL="jdbc:odbc:DSNname@host_string:1521:ORCL?user=user_name;password=pwd_name"
userTable="chg_users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="chg_users_roles" roleNameCol="role_name" />
does the above appear incorrect? If so, specifically how?
Thanks!connectionURL="jdbc:odbc:CATALINA"
in this case, where is CATALINA supposedly pointing
to a DB connection? I don't have mine set, save for
maybe the classpath, but why would you point the
connURL through jdbc:odbc to CATALINA?
That is the name of a DNS. The ODBC shell (nothing to do with java) has DNS names. The shell uses the passed in name to look up the attributes associated with the name.
If you were using a DNS-less name then you would have to specify ODBC driver (nothing to do with java) and the associated attributes for that driver in the connection string.
I'm a little confused by this. Any explanation would
be great, as I have a driver that is jdbc:odbc,
rather than an exclusive Oracle driver.
Well, I've got the ojdbc14_g.jar file. But that's not
exclusively Oracle, correct? Just for JDBC with
Oracle?
A jdbc driver lives somewhere. The bridge driver lives in the Sun VM. The Oracle driver lives in a jar (current ones.)
The bridge driver talks to ODBC (which is outside of java.)
The oracle drivers talk to oracle databases. -
In our java web application trying establish the connection for sharePoint 2013
using Windows claims authentication (NTLM ), I am getting error message "Server was unable to process request. ---> Site is not configured for Claims Forms Authentication". But In the Sharepoint 2013 our Site is is configured for Windows
claims only.
In the Sharepoint 2013 server in the IIS manager settings for authentication it is enabled for both Windows claims and Forms authentication,
but if I disable Forms authentication that I will be able to connect it through my application but with the direct access i.e., by running the URL in the browser I am not able to connect getting error message "sorry this site has not been shared with
you" in the browser Kindly help me on this.Hi,
This issue is always caused that you had missed FBA configuration in web config of your web application.
You can configure the FBA authentication then check whether it works.
http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
http://chrisbarba.com/2013/07/16/sharepoint-2013-forms-based-authentication-fba/
more reference:
http://stackoverflow.com/questions/5686378/sharepoint-2010-claim-base-authentication-error
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/2d82dcd4-0e57-4de5-81bc-60ffc3cb9a9f/sharepoint-2010-claim-authentication-and-authenticationasmx?forum=sharepointgeneralprevious
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support -
Hi,
We have to get all the claims providers associated with a web application and its identity claim encoding type using API.
For example:
If the identity claim of windows authentication is user name and the user name is a string, then we should get
"i:0#.w".
If the identity claim of forms authentication is
email and the provider name is "fba" , then we should get "i:0!.f|fba|".
The below link shows us to get all claims providers associated with a web application, but how do we get the identity claim encoding type of each provider?
http://msdn.microsoft.com/en-us/library/gg650432(v=office.14).aspx#SP_WCP_Tip3
using (SPSite theSite = new SPSite("http://someContosoUrl"))
// Get the web application.
SPWebApplication wa = theSite.WebApplication;
// Get the zone for the site.
SPUrlZone theZone = theSite.Zone;
// Get the settings that are associated with the zone.
SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
// Get the list of authentication providers that are associated with the zone.
foreach (SPAuthenticationProvider prov in
theSettings.ClaimsAuthenticationProviders)
{ // Need to get the identity claims encoding type using the SPAuthenticationProvider
Is windows authentication's identity claim encoding type always i.0#.w or the identity claim is always the user name?
Thanks & Regards,
Kalai.If the requirement is to be able to convert claim identities to windows identities that can be used with other LOB/legacy application that still relies on NTLM/Windows Auth, then I would recommend to explore C2WTS.
Here are some references:
http://msdn.microsoft.com/en-us/library/office/ee539739(v=office.14).aspx
http://blah.winsmarts.com/2013-11-Use_C2WTS_to_get_a_classic_windows_identity_from_a_claims_identity.aspx
http://henrymcclain.blogspot.in/2013/05/claims-to-windows-token-service-c2wts.html
http://blogs.msdn.com/b/rodneyviana/archive/2011/02/20/claims-to-windows-token-service-c2wts-may-not-start-automatically-when-you-reboot-your-server-don-t-blame-sharepoint-for-that.aspx
http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx
Thanks!
These postings are provided "AS IS" with no warranties, and confers no rights. -
Site is not configured for Claims Forms Authentication
Hi All
I have one custom login page for my Sharepoint 2013 site where i am trying to use
SPClaimsUtility.AuthenticateFormsUser(uri, strUserName, strPwd);
But i am getting this exception ---> Site is not configured for Claims Forms Authentication
I checked ULS long and there it is --> Not in claims forms auth for url 'https://domain/sitecollection/'.
Web.config enteries are
<authentication mode="Forms">
<forms loginUrl="/_layouts/TarsForwardLogin.aspx" />
</authentication>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA"
connectionPassword="spad1n2" server="10.100.5.119" port="389" useSSL="false" userDNAttribute="entryDN" userNameAttribute="cn" userContainer="o=toyota" userObjectClass="Inetorgperson"
userFilter="(ObjectClass=Inetorgperson)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn,fullname,language,mail" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="rolemanager" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA" connectionPassword="spad1n2" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=15.0.0.0,
Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="10.100.5.119" port="389" useSSL="false" groupContainer="ou=groups,ou=GSP,ou=Applications,o=toyota" groupNameAttribute="cn" groupMemberAttribute="member"
userContainer="o=toyota" userNameAttribute="cn" userDNAttribute="entryDN" dnAttribute="entryDN" groupFilter="(ObjectClass=groupOfNames)" userFilter="(ObjectClass=Inetorgperson)" scope="Subtree"
/>
</providers>
</roleManager>
Can
someone please help/Guide
Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |Hi All
I tried like this and it worked...
SPIisSettings iisSettings = SPContext.Current.Site.WebApplication.IisSettings[SPUrlZone.Internet];
SPFormsAuthenticationProvider formsClaimsAuthenticationProvider = iisSettings.FormsClaimsAuthenticationProvider;
SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
formsClaimsAuthenticationProvider.MembershipProvider, formsClaimsAuthenticationProvider.RoleProvider, strUserName, "", SPFormsAuthenticationOption.PersistentSignInRequest);
if (null != token)
base.EstablishSessionWithToken(token, SPSessionTokenWriteType.WriteSessionCookie);
base.RedirectToSuccessUrl();
Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS | -
Migrate User from Classic mode to Forms Authentication in SharePoint 2013
Hi All,
I have upgraded a SharePoint 2010 classic mode site to SharePoint 2013 claims authentication. I have executed the command MgrateUser($true) and the user account is updated to Claims mode and I am able to login to the site.
Now I have extended the site to use forms authentication against Active Directory. How do I update the accounts to Form Authentcation mode using Powershell, is there any command available.
Thanks & Regards
pankajOkay, I would suggest instead to use Web Application Proxy and ADFS 3.0 (using an NTLM connection to SharePoint). This way you get your forms experience for those users who require it (or all, your choice) and you do not have to change anything with SharePoint.
More info here: http://thesharepointfarm.com/2014/02/sharepoint-and-the-web-application-proxy-role/
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
BASIC authentication and web client problems
I have a very simple web service that is working. Now before attempting to use
SSL, I want to test authenticating using BASIC authentication. I’ve made the
changes to web.xml and even though the other web service pages authenticate ok
(ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
Has anyone completed this and if so, how does it work? I must have missed something
simple.
First, I setup the security constraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>file-exchange-resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<description>An administrators</description>
<role-name>Administrators</role-name>
</security-role>
That allows me to secure / authenticate to the JSPs in the web service test app
provided. Then I tried working with the admin server console to setup roles /
privileges. I couldn’t get this to work but I easily could have done something
wrong since there are no step by step examples other than the general docs in
the programming guide.
Next, since the web service deploys as a web application, I figured the problem
must be that the internal WLS servlet needs security information defined in web.xml.
I saw the programming guide listed the servlet name and discussed servlet mapping
so I added the normal security entries for a servlet as follows and re-jarred
the WAR and EAR.
<servlet>
<servlet-name>WebServiceServlet</servlet-name>
<servlet-class>
weblogic.webservice.server.servlet.WebServiceServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>WebServiceServlet</servlet-name>
<url-pattern>/FileExchangeFacade/*</url-pattern>
<security-role-ref>
<role-name>Administrators</role-name>
<role-link>Administrators</role-link>
</security-role-ref>
</servlet-mapping>
It still doesn’t work. Any idea on how to get it to authenticate?
Thanks,
DaveOk, this looks like an issue with the test page.
When the test page gets a request to invoke a
web service, it creates a client proxy and call invoke
on the proxy. This will case the client proxy to
create a new HTTP post connection to the server.
Test page pulls out the username/passwd from the
GET request from the browser and pass it to the
POST request it makes to the web service. I think,
the test page needs to do the same for realm. I will
file a CR for this (CR105320).
Please contact support with the case number if you
need a patch for this.
http://manojc.com
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
One more thing.
I took out explicit realm mapping and noticed that the firstauthentication
challenge was for the WebLogic standard realm which was fine and
authentication was successful. (i.e. I got to the web service "homepage").
Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
When I stepped into the web service method and pressed the Invoke buttonon
the web service methods the realm was "default" and authenticationfailed.
Why does the domain change and how do I cover this?Is was actually listed as "Default".
However this is the same domain I believe because I've done a further
experiment and set the domains explicitely
in the deployment WAR deployment (Other tab) and in the web.xml file. The
second challange is then asking for re-authentication in the correctdomain
(myrealm) but it does not accept the valid user/password and just re
challenges until 3 attempts then it displays the SOAP message and theserver
log file has the following exception:
java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
'http://localhost:7001/webservice/TraderService?WSDL'
at
weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
2)
at java.net.URL.openStream(URL.java:793)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:73)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
108)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
84)
at
weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
ava:230)
at
weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
iceServlet.java:306)
at
weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
8)
at
weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
at
weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
.java:224)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5412)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3086)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134) -
Form Authenticating the portal or jsp page
Before accessing a jsp page, I want the user to authenticate using login.jsp using the user role I created in console.
But when I hit the page, its not going to login.jsp. Instead its going directly to it. Please find the web.xml and weblogic.xml that I changed below,
--web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>webtest</web-resource-name>
<url-pattern>/portlets/tools/wnxinterface/wnxInterface.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>wnuser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!--turn on identity assertion-->
<login-config>
<auth-method>CLIENT-CERT,FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>AuthenticatedUserRole</role-name>
</security-role>
<security-role>
<role-name>wnuser</role-name>
</security-role>
--weblogic.xml
<wls:security-role-assignment>
<wls:role-name>AuthenticatedUserRole</wls:role-name>
<wls:principal-name>AuthenticatedUsers</wls:principal-name>
</wls:security-role-assignment>
<wls:security-role-assignment>
<wls:role-name>wnuser</wls:role-name>
<wls:principal-name>wngroup</wls:principal-name>
</wls:security-role-assignment>
I created the wnuser in myrealm in my console. So I am trying to password protect the wnxInterface.jsp page.
Actually I have this wnxInterface.jsp as a portlet inside my portal. Is it similarly possible to authenticate the portal itself?
Thanks in advance1. yes: URL u = new URL(this.getCodeBase(),"../relativeFolder/file.whatever");
http://javaalmanac.com/cgi-bin/search/find.pl?words=URL
2. yes: using JSObject you can call javaScript methods that can do it for you or retreive the
componenet directly.
http://forum.java.sun.com/thread.jspa?threadID=598123&messageID=3180053
Maybe you are looking for
-
Finder Window closes when File is Deleted in 10.6 Server
I'm running OSX 10.6 (Snow Leopard) on an XServe serving 50 Mac Pros. I work with two finder windows open in column view with no side bar. This allows me to navigate and move files from any of 50 computers I have mounted to my server to another compu
-
How do we change the default profile folder location?
I work for a university in Manhattan. We are trying to install Firefox 5 for our users but Firefox profiles are stored in the AppData folder which is a problem for us as it exceeds the user profile space. We need a way to have Firefox create the prof
-
Greetings all, i'm having a problem in order to retrieve data from oracle 10g views. Notes: Data retrieval from other tables are just fine. Some views are created for me in order to share some data from other databases. As far as i concern, we actual
-
How to use cursor function for nested xml
Hi, i have a query for XMLQuery like select * from bills where bill_id=???? it results in something like <bills> <bill> <city>london</city> <amount>44</amount> </bill> <bill> <city>london</city> <amount>988</amount> </bill> <bill> <city>new york</cit
-
Authorization objects for FM (EA-PS) after upgrade
Hi, We are upgrading from ERP 4.6c to ECC 6.0 (IS-PS 462 to EA-PS 6.00). On preliminary tests we have found that we need to add a few authorization objects to the users, but we want to minimize that. We opted to deactivate BAdi implementation "FMBS_A