JDBC realm of FORM authentication in Web AS 640

Hi, All,
We try to port a web application from Apache Tomcat to WebAS 6.40. In the application we use FORM authentication based on Tomcat JDBC Realm. The configuration in Tomcat server.xml is like:
<Context...>
  <Resource name="jdbc/mydb" auth="Container" type="javax.sql.DataSource" username="..." password="..." driverClassName="..." url="..."/>
  <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/mydb" digest="MD5" userTable="users"  userNameCol="userName" userCredCol="passwd" userRoleTable="roles" roleNameCol="roleType"/>
</Context>
In database there are 2 tables for authentication purpose: users and roles. There are column userName, passwd in table users and userName, roleType in table roles (correlated with column userName). Then in web.xml we define FORM authentication:
<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>...</realm-name>
  <form-login-config>
    <form-login-page>...</form-login-page>
    <form-error-page>...</form-error-page>
  </form-login-config>
</login-config>
Has anyone tried to port Tomcat JDBC realm mechanism of FORM authentication to WebAS 640? How do we need to configure J2EE server in Visual Administrator or deploy an application with DeployTool to implement the same features? And does WebAS support declarative MD5 digest algorithm in FORM Authentication?
Any help is highly appreciated.
Thanks in advance
John

evnafets wrote:
The way it works is that you declare which pages in your application have got security around them in your web.xml. Whenever a user tries to navigate to one of those pages, they are presented with the login screen. If they login successfully, then they are taken to the page they originally requested.
You should never actually have a link to your login page - the container will serve it when required.Ok, but how do i stop them entering the URL of the login page?
i get this error after logging in correctly if i directly access the login page:
"HTTP Status 400 - Invalid direct reference to form login page"
i tried adding this constraint but it still happens:
<security-constraint>
     <web-resource-collection>
          <web-resource-name>login</web-resource-name>
          <url-pattern>/staffLogin/login.jsp</url-pattern>
     </web-resource-collection>
     <auth-constraint/>
</security-constraint>
>
One possible way around this would be to create a database view which is a union of the two tables, thus giving you one "table" to query for the username/password/role combinations. That should satisfy the realm requirement.
Cheers,
evnafetsThats a good idea, il give that a shot. Thanks.

Similar Messages

  • Authentificaton - JDBC realm & Form Based in Jdeveloper 10.1.3 and OCJ4

    Dear Partners:
    Being new working with Jdeveloper 10.1.3 and embedded OC4J,
    I'm migrating an application from Tomcat and trying to
    setup authentication for my JSP pages: JDBC realm and Form Based.
    I succeeded only adding the security constraint to
    the application's server.xml file, and creating the
    user and user's roles tables. Yet, I got lost
    by using the Jdeveloper's menu option Tools->OC4J embedded
    OC4J server preferences.
    Any documentation or examples are appreciated.
    Thank you.

    Waheed - we aren't satisfied with our device coverage for mobile devices, hence we're focusing our efforts on Telnet/PDA and working with partners for ADF support for the broader class of mobile devices. Please send me an email or give me a call with any questions ([email protected], +1-408-687-8185).
    -Indu

  • Window for Form-Based Authentication in web.xml for JAZN.

    Whether probably to make so that the form-authorization in Form-Based Authentication in web.xml for JAZN opened in a separate window?
    Thanks,
    Alexandre

    this is what i have so far...in my web.xml deployment descriptor
    am using Jbuilder 6 with tomcat.....if i run it from IDE, will the featuresi have added to the web.xml file...eg Error page be used ...or only when i deplo the app ???
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
    <web-app>
    <display-name>Java Pet Store</display-name>
    <description>Web Application for Reseach</description>
    <session-config>
    <session-timeout>54</session-timeout>
    </session-config>
    <welcome-file-list>
    <welcome-file>Default.jsp</welcome-file>
    </welcome-file-list>
    <error-page>
    <error-code>500</error-code>
    <location>/</location>
    </error-page>
    <taglib>
    <taglib-uri>PetStoreTagLib</taglib-uri>
    <taglib-location>/WEB-INF/PetStoreTagLib.tld</taglib-location>
    </taglib>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>SecurePages</web-resource-name>
    <url-pattern>Checkout.jsp</url-pattern>
    <url-pattern>OrderList.jsp</url-pattern>
    <url-pattern>OrderDetails.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>LoggedInUser</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/Login.jsp</form-login-page>
    <form-error-page>/ErrorPage.jsp</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
    <description>Logged In User</description>
    <role-name>LoggedInUser</role-name>
    </security-role>
    </web-app>
    in setting up the tomcat-users.xml file am i to add table to my database, to relate the user to the role.......

  • JDBC Realm with facelets

    hi,Good evening ,this is my First post in sun.com.......
    I am trying to provide Form authentication and authorization in my we application (facelets,glashfish).For this I create one sample database with tables user and grouptable and finally created JDBC realm in glassfish server Successfully.
    so this authentication and auth with JSP pages I am success fully providing .But i want with .jsf(.xhtml).I am getting struggle in how to call j_security_check from .xhtml page.But this same method I am successfully calling from .jsp(action="j_security_check").so can u please help me how to call j_security_check from .xhtml. page And what is the configuration for displaying success.xhtml and fail.xhtml after click on submit button in login.xhtml
    web.xml
    <web-app>
      <context-param>
            <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
            <param-value>client</param-value>
        </context-param>
        <context-param>
            <param-name>com.sun.faces.validateXml</param-name>
            <param-value>true</param-value>
        </context-param>
        <context-param>
            <param-name>com.sun.faces.verifyObjects</param-name>
            <param-value>true</param-value>
        </context-param>
        <context-param>
            <param-name>facelets.SKIP_COMMENTS</param-name>
            <param-value>true</param-value>
        </context-param>
        <context-param>
            <param-name>facelets.DEVELOPMENT</param-name>
            <param-value>false</param-value>
        </context-param>
        <context-param>
            <param-name>org.richfaces.SKIN</param-name>
            <param-value>DEFAULT</param-value>
        </context-param>
       <context-param>
        <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
        <param-value>.xhtml</param-value>
      </context-param>
        <servlet>
            <servlet-name>Faces Servlet</servlet-name>
            <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>Faces Servlet</servlet-name>
            <url-pattern>*.jsf</url-pattern>
        </servlet-mapping>
        <error-page>
            <error-code>403</error-code>
            <location>/accesdenaid.jsp</location>
        </error-page>
        <filter>
            <display-name>RichFaces Filter</display-name>
            <filter-name>richfaces</filter-name>
            <filter-class>org.ajax4jsf.Filter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>richfaces</filter-name>
            <servlet-name>Faces Servlet</servlet-name>
            <dispatcher>REQUEST</dispatcher>
            <dispatcher>FORWARD</dispatcher>
            <dispatcher>INCLUDE</dispatcher>
        </filter-mapping>
       <welcome-file-list>
           <welcome-file>/forward.jsp</welcome-file>
       </welcome-file-list>
        <security-constraint>
            <web-resource-collection>
                <web-resource-name>Protected Area</web-resource-name>
                <url-pattern>/pages/cpdownloader/*</url-pattern>
                <http-method>POST</http-method>
                <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>admin</role-name>
            </auth-constraint>
          <!--  <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint> -->
        </security-constraint>
        <security-constraint>
            <web-resource-collection>
                <web-resource-name>Protected Area</web-resource-name>
                <url-pattern>/pages/cprequester/*</url-pattern>
                <http-method>POST</http-method>
                <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>user</role-name>
            </auth-constraint>
            <!--  <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint> -->
        </security-constraint>
        <login-config>
            <auth-method>FORM</auth-method>
        <!--<realm-name>default</realm-name>-->
            <realm-name>enrollmentsrealm</realm-name>
        </login-config>
        <security-role>
            <role-name>admin</role-name>
        </security-role>
        <security-role>
            <role-name>user</role-name>
        </security-role>
    </web-app>and login.xhtml
    <ui:composition template="/templates/login_layout.xhtml">
                <ui:define name="body">
                    <h:form id="loginForm1">
                        <table  align="center" cellspacing="0" cellpadding="0">
                             <tr>
                                <td  height="30px"></td>
                            </tr>
                            <tr align="center" >
                                <td align="center"  colspan="2"   class="pagetitle">Requester Login</td>
                            </tr>
                            <tr>
                                <td  height="10px" ></td>
                            </tr>
                            <tr>
                                <td  class="labelname">User Name *</td>
                                <td class="label"><h:inputText id="j_username"  value="#{LoginBean.userName}"/>
                                </td>
                            </tr>
                            <tr>
                                <td class="labelname">Password </td>
                                <td class="label"><h:inputSecret id="j_password" value="#{LoginBean.password}"/></td>
                            </tr><br/>
                             <tr>
                                <td colspan="2"  height="5px" ></td>
                            </tr>
                            <tr>
                                <td> </td>
                                <td class="buttonsalign">
                                    <h:commandButton  id="login1" value="Login" styleClass="buttonstyle" action="#{LoginBean.submit}"/>
                                </td>
                            </tr>
                               <tr>
                                <td colspan="2"  height="25px" ></td>
                            </tr>
                        </table>
                    </h:form>
                </ui:define>
            </ui:composition>can u please help me where i did mistake
    thanks in advance

    I am also having problems trying to get an appclient authenticated.
    Could someone post a working example app or provide a link to an example ?

  • Tomcat JDBC Realm Database Connection Error

    Hello all,
    I am trying to edit the server.xml file on Tomcat so I can use the JDBC Realm instead of the MemoryRealm. Hence, I will be able to read users, passwords and roles from a relational database instead of from the tomcat-users.xml.
    I have tried following all the guides on the net I can find, my server.xml looks as follows (after making changes to allow it to use JDBC realm). The only problem is, when I try to run the application the server outputs the following: (after all of these errors have been kicked up a pop-up box then appears titled "Tomcat Manager Application", it asks for a User Name and Password. I have tried the standard user name of "ide" and the password next to it in tomcat-users.xml but it won't accept it. (I am using the netbeans IDE)).
    Please could someone suggest any ideas of how I can get the server.xml to work with JDBC realm?
    Using CATALINA_BASE:   C:\Documents and Settings\Administrator\.netbeans\5.0beta\jakarta-tomcat-5.5.7_base
    Using CATALINA_HOME:   C:\Program Files\netbeans-5.0beta\enterprise2\jakarta-tomcat-5.5.7
    Using CATALINA_TMPDIR: C:\Documents and Settings\Administrator\.netbeans\5.0beta\jakarta-tomcat-5.5.7_base\temp
    Using JAVA_HOME:       C:\j2sdk1.4.2_08
    Created MBeanServer with ID: 1f934ad:107444b1d2b:-8000:ravinder-rdnzoa:1
    31-Oct-2005 01:29:33 org.apache.coyote.http11.Http11Protocol init
    INFO: Initializing Coyote HTTP/1.1 on http-8084
    31-Oct-2005 01:29:34 org.apache.coyote.http11.Http11Protocol init
    INFO: Initializing Coyote HTTP/1.1 on http-8443
    31-Oct-2005 01:29:34 org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 2174 ms
    31-Oct-2005 01:29:34 org.apache.catalina.core.StandardService start
    INFO: Starting service Catalina
    31-Oct-2005 01:29:34 org.apache.catalina.core.StandardEngine start
    INFO: Starting Servlet Engine: Apache Tomcat/5.5.7
    31-Oct-2005 01:29:34 org.apache.catalina.realm.JDBCRealm start
    SEVERE: Exception opening database connection
    java.sql.SQLException: org.gjt.mm.mysql.Driver
            at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:646)
            at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:720)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1003)
            at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:440)
            at org.apache.catalina.core.StandardService.start(StandardService.java:450)
            at org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
            at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
            at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
    31-Oct-2005 01:29:34 org.apache.catalina.core.StandardHost start
    INFO: XML validation disabled
    31-Oct-2005 01:29:36 org.apache.catalina.startup.ContextConfig validateSecurityRoles
    INFO: WARNING: Security role name IBM used in an <auth-constraint> without being defined in a <security-role>
    31-Oct-2005 01:29:36 org.apache.catalina.startup.ContextConfig validateSecurityRoles
    INFO: WARNING: Security role name Auditor used in an <auth-constraint> without being defined in a <security-role>
    31-Oct-2005 01:29:37 org.apache.struts.tiles.TilesPlugin initDefinitionsFactory
    INFO: Tiles definition factory loaded for module ''.
    31-Oct-2005 01:29:37 org.apache.struts.validator.ValidatorPlugIn initResources
    INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml'
    31-Oct-2005 01:29:37 org.apache.struts.validator.ValidatorPlugIn initResources
    INFO: Loading validation rules file from '/WEB-INF/validation.xml'
    31-Oct-2005 01:29:38 org.apache.catalina.startup.ContextConfig validateSecurityRoles
    INFO: WARNING: Security role name IBM used in an <auth-constraint> without being defined in a <security-role>
    31-Oct-2005 01:29:38 org.apache.struts.tiles.TilesPlugin initDefinitionsFactory
    INFO: Tiles definition factory loaded for module ''.
    31-Oct-2005 01:29:38 org.apache.struts.validator.ValidatorPlugIn initResources
    INFO: Loading validation rules file from '/WEB-INF/validator-rules.xml'
    31-Oct-2005 01:29:38 org.apache.struts.validator.ValidatorPlugIn initResources
    INFO: Loading validation rules file from '/WEB-INF/validation.xml'
    31-Oct-2005 01:29:39 org.apache.coyote.http11.Http11Protocol start
    INFO: Starting Coyote HTTP/1.1 on http-8084
    31-Oct-2005 01:29:39 org.apache.coyote.http11.Http11Protocol start
    INFO: Starting Coyote HTTP/1.1 on http-8443
    31-Oct-2005 01:29:40 org.apache.jk.common.ChannelSocket init
    INFO: JK2: ajp13 listening on /0.0.0.0:8009
    31-Oct-2005 01:29:40 org.apache.jk.server.JkMain start
    INFO: Jk running ID=0 time=0/60  config=null
    31-Oct-2005 01:29:40 org.apache.catalina.storeconfig.StoreLoader load
    INFO: Find registry server-registry.xml at classpath resource
    31-Oct-2005 01:29:40 org.apache.catalina.startup.Catalina start
    INFO: Server startup in 5738 ms
    31-Oct-2005 01:29:40 org.apache.catalina.realm.JDBCRealm authenticate
    SEVERE: Exception performing authentication
    java.sql.SQLException: org.gjt.mm.mysql.Driver
            at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:646)
            at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)
            at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
            at java.lang.Thread.run(Thread.java:534)
    31-Oct-2005 01:29:40 org.apache.catalina.realm.JDBCRealm authenticate
    SEVERE: Exception performing authentication
    java.sql.SQLException: org.gjt.mm.mysql.Driver
            at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:646)
            at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)
            at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
            at java.lang.Thread.run(Thread.java:534)The server.xml looks as follows:
    <?xml version="1.0" encoding="UTF-8"?>
    <!-- Example Server Configuration File -->
    <!-- Note that component elements are nested corresponding to their
         parent-child relationships with each other -->
    <!-- A "Server" is a singleton element that represents the entire JVM,
         which may contain one or more "Service" instances.  The Server
         listens for a shutdown command on the indicated port.
         Note:  A "Server" is not itself a "Container", so you may not
         define subcomponents such as "Valves" or "Loggers" at this level.
    -->
    <Server port="8025" shutdown="SHUTDOWN">
        <!-- Comment these entries out to disable JMX MBeans support used for the
        administration web application -->
        <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
        <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
        <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
        <!-- Global JNDI resources -->
        <GlobalNamingResources>
            <!-- Test entry for demonstration purposes -->
            <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
            <!-- Editable user database that can also be used by
            UserDatabaseRealm to authenticate users -->
       <!-- RAV
            <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml"/>
          -->
        </GlobalNamingResources>
        <!-- A "Service" is a collection of one or more "Connectors" that share
        a single "Container" (and therefore the web applications visible
        within that Container).  Normally, that Container is an "Engine",
        but this is not required.
        Note:  A "Service" is not itself a "Container", so you may not
        define subcomponents such as "Valves" or "Loggers" at this level.
        -->
        <!-- Define the Tomcat Stand-Alone Service -->
        <Service name="Catalina">
            <!-- A "Connector" represents an endpoint by which requests are received
            and responses are returned.  Each Connector passes requests on to the
            associated "Container" (normally an Engine) for processing.
            By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
            You can also enable an SSL HTTP/1.1 Connector on port 8443 by
            following the instructions below and uncommenting the second Connector
            entry.  SSL support requires the following steps (see the SSL Config
            HOWTO in the Tomcat 5 documentation bundle for more detailed
            instructions):
            * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
            later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
            * Execute:
            %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
            $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
            with a password value of "changeit" for both the certificate and
            the keystore itself.
            By default, DNS lookups are enabled when a web application calls
            request.getRemoteHost().  This can have an adverse impact on
            performance, so you can disable it by setting the
            "enableLookups" attribute to "false".  When DNS lookups are disabled,
            request.getRemoteHost() will return the String version of the
            IP address of the remote client.
            -->
            <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
            <Connector port="8084" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="utf-8"/>
            <!-- Note : To disable connection timeouts, set connectionTimeout value
            to 0 -->
            <!-- Note : To use gzip compression you could set the following properties :
            compression="on"
            compressionMinSize="2048"
            noCompressionUserAgents="gozilla, traviata"
            compressableMimeType="text/html,text/xml"
            -->
            <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
            <Connector port="8443"
            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
            enableLookups="false" disableUploadTimeout="true"
            acceptCount="100" scheme="https" secure="true"
            clientAuth="false" sslProtocol="TLS" />
            <!-- Define an AJP 1.3 Connector on port 8009 -->
            <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3"/>
            <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
            <!-- See proxy documentation for more information about using this. -->
            <!--
            <Connector port="8082"
            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
            enableLookups="false" acceptCount="100" connectionTimeout="20000"
            proxyPort="80" disableUploadTimeout="true" />
            -->
            <!-- An Engine represents the entry point (within Catalina) that processes
            every request.  The Engine implementation for Tomcat stand alone
            analyzes the HTTP headers included with the request, and passes them
            on to the appropriate Host (virtual host). -->
            <!-- You should set jvmRoute to support load-balancing via AJP ie :
            <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">        
            -->
            <!-- Define the top level container in our container hierarchy -->
            <Engine name="Catalina" defaultHost="localhost">
                <!-- The request dumper valve dumps useful debugging information about
                the request headers and cookies that were received, and the response
                headers and cookies that were sent, for all requests received by
                this instance of Tomcat.  If you care only about requests to a
                particular virtual host, or a particular application, nest this
                element inside the corresponding <Host> or <Context> entry instead.
                For a similar mechanism that is portable to all Servlet 2.4
                containers, check out the "RequestDumperFilter" Filter in the
                example application (the source for this filter may be found in
                "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
                Request dumping is disabled by default.  Uncomment the following
                element to enable it. -->
                <!--
                <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
                -->
                <!-- Because this Realm is here, an instance will be shared globally -->
                <!-- This Realm uses the UserDatabase configured in the global JNDI
                resources under the key "UserDatabase".  Any edits
                that are performed against this UserDatabase are immediately
                available for use by the Realm.  -->
                <!-- RAV
               <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
               -->
                <!-- Comment out the old realm but leave here for now in case we
                need to go back quickly -->
                <!--
                <Realm className="org.apache.catalina.realm.MemoryRealm" />
                -->
                <!-- Replace the above Realm with one of the following to get a Realm
                stored in a database and accessed via JDBC -->
                <Realm  className="org.apache.catalina.realm.JDBCRealm"
                driverName="org.gjt.mm.mysql.Driver"
                connectionURL="jdbc:mysql://localhost:3306/tomcatusers"
                connectionName="root" connectionPassword="sikhism1"
                userTable="users" userNameCol="user_name" userCredCol="user_pass"
                userRoleTable="user_roles" roleNameCol="role_name" />
                <!--
                <Realm  className="org.apache.catalina.realm.JDBCRealm"
                driverName="oracle.jdbc.driver.OracleDriver"
                connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
                connectionName="scott" connectionPassword="tiger"
                userTable="users" userNameCol="user_name" userCredCol="user_pass"
                userRoleTable="user_roles" roleNameCol="role_name" />
                -->
                <!--
                <Realm  className="org.apache.catalina.realm.JDBCRealm"
                driverName="sun.jdbc.odbc.JdbcOdbcDriver"
                connectionURL="jdbc:odbc:CATALINA"
                userTable="users" userNameCol="user_name" userCredCol="user_pass"
                userRoleTable="user_roles" roleNameCol="role_name" />
                -->
                <!-- Define the default virtual host
                Note: XML Schema validation will not work with Xerces 2.2.
                -->
                <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false">
                    <!-- Defines a cluster for this node,
                    By defining this element, means that every manager will be changed.
                    So when running a cluster, only make sure that you have webapps in there
                    that need to be clustered and remove the other ones.
                    A cluster has the following parameters:
                    className = the fully qualified name of the cluster class
                    name = a descriptive name for your cluster, can be anything
                    mcastAddr = the multicast address, has to be the same for all the nodes
                    mcastPort = the multicast port, has to be the same for all the nodes
                    mcastBindAddr = bind the multicast socket to a specific address
                    mcastTTL = the multicast TTL if you want to limit your broadcast
                    mcastSoTimeout = the multicast readtimeout
                    mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
                    mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
                    tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
                    tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
                    in case of multiple ethernet cards.
                    auto means that address becomes
                    InetAddress.getLocalHost().getHostAddress()
                    tcpListenPort = the tcp listen port
                    tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
                    has a wakup bug in java.nio. Set to 0 for no timeout
                    printToScreen = true means that managers will also print to std.out
                    expireSessionsOnShutdown = true means that
                    useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
                    false means to replicate the session after each request.
                    false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
                    <%
                    HashMap map = (HashMap)session.getAttribute("map");
                    map.put("key","value");
                    %>
                    replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
                    * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
                    * Synchronous means that the thread that executes the request, is also the
                    thread the replicates the data to the other nodes, and will not return until all
                    nodes have received the information.
                    * Asynchronous means that there is a specific 'sender' thread for each cluster node,
                    so the request thread will queue the replication request into a "smart" queue,
                    and then return to the client.
                    The "smart" queue is a queue where when a session is added to the queue, and the same session
                    already exists in the queue from a previous request, that session will be replaced
                    in the queue instead of replicating two requests. This almost never happens, unless there is a
                    large network delay.
                    -->
                    <!--
                    When configuring for clustering, you also add in a valve to catch all the requests
                    coming in, at the end of the request, the session may or may not be replicated.
                    A session is replicated if and only if all the conditions are met:
                    1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
                    2. a session exists (has been created)
                    3. the request is not trapped by the "filter" attribute
                    The filter attribute is to filter out requests that could not modify the session,
                    hence we don't replicate the session after the end of this request.
                    The filter is negative, ie, anything you put in the filter, you mean to filter out,
                    ie, no replication will be done on requests that match one of the filters.
                    The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
                    filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
                    ending with .gif and .js are intercepted.
                    The deployer element can be used to deploy apps cluster wide.
                    Currently the deployment only deploys/undeploys to working members in the cluster
                    so no WARs are copied upons startup of a broken node.
                    The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
                    When a new war file is added the war gets deployed to the local instance,
                    and then deployed to the other instances in the cluster.
                    When a war file is deleted from the watchDir the war is undeployed locally
                    and cluster wide
                    -->
                    <!--
                    <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
                    managerClassName="org.apache.catalina.cluster.session.DeltaManager"
                    expireSessionsOnShutdown="false"
                    useDirtyFlag="true"
                    notifyListenersOnReplication="true">
                    <Membership
                    className="org.apache.catalina.cluster.mcast.McastService"
                    mcastAddr="228.0.0.4"
                    mcastPort="45564"
                    mcastFrequency="500"
                    mcastDropTime="3000"/>
                    <Receiver
                    className="org.apache.catalina.cluster.tcp.ReplicationListener"
                    tcpListenAddress="auto"
                    tcpListenPort="4001"
                    tcpSelectorTimeout="100"
                    tcpThreadCount="6"/>
                    <Sender
                    className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
                    replicationMode="pooled"
                    ackTimeout="15000"/>
                    <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
                    filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
                    <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
                    tempDir="/tmp/war-temp/"
                    deployDir="/tmp/war-deploy/"
                    watchDir="/tmp/war-listen/"
                    watchEnabled="false"/>
                    </Cluster>
                    -->
                    <!-- Normally, users must authenticate themselves to each web app
                    individually.  Uncomment the following entry if you would like
                    a user to be authenticated the first time they encounter a
                    resource protected by a security constraint, and then have that
                    user identity maintained across *all* web applications contained
                    in this virtual host. -->
                    <!--
                    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
                    -->
                    <!-- Access log processes all requests for this virtual host.  By
                    default, log files are created in the "logs" directory relative to
                    $CATALINA_HOME.  If you wish, you can specify a different
                    directory with the "directory" attribute.  Specify either a relative
                    (to $CATALINA_HOME) or absolute path to the desired directory.
                    -->
                    <!--
                    <Valve className="org.apache.catalina.valves.AccessLogValve"
                    directory="logs"  prefix="localhost_access_log." suffix=".txt"
                    pattern="common" resolveHosts="false"/>
                    -->
                    <!-- Access log processes all requests for this virtual host.  By
                    default, log files are created in the "logs" directory relative to
                    $CATALINA_HOME.  If you wish, you can specify a different
                    directory with the "directory" attribute.  Specify either a relative
                    (to $CATALINA_HOME) or absolute path to the desired directory.
                    This access log implementation is optimized for maximum performance,
                    but is hardcoded to support only the "common" and "combined" patterns.
                    -->
                    <!--
                    <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
                    directory="logs"  prefix="localhost_access_log." suffix=".txt"
                    pattern="common" resolveHosts="false"/>
                    -->
                    <!-- Access log processes all requests for this virtual host.  By
                    default, log files are created in the "logs" directory relative to
                    $CATALINA_HOME.  If you wish, you can specify a different
                    directory with the "directory" attribute.  Specify either a relative
                    (to $CATALINA_HOME) or absolute path to the desired directory.
                    This access log implementation is optimized for maximum performance,
                    but is hardcoded to support only the "common" and "combined" patterns.
                    This valve use NIO direct Byte Buffer to asynchornously store the
                    log.
                    -->
                    <!--
                    <Valve className="org.apache.catalina.valves.ByteBufferAccessLogValve"
                    directory="logs"  prefix="localhost_access_log." suffix=".txt"
                    pattern="common" resolveHosts="false"/>
                    -->
                </Host>
            </Engine>
        </Service>
    </Server>Many thanks, and apologies for "dumping" all of the code here.

    So looking through the java api docs, I found that the tcUtilJDBCOperations has a connect string for the database. Below is the info it outlines. The questions I have it this. How do you specify the psdriver and URL along with do I need to do this as a persistent instance then add my selectstatement as a part of this or can I just specify this and the select statement will use this connection? Any help you can give would be appreciated.
    tcUtilJDBCOperations
    public tcUtilJDBCOperations(java.lang.String psDriver,
    java.lang.String psUrl,
    java.lang.String psUsername,
    java.lang.String psPassword)Contructor that sets the parameters for connecting to a database
    Parameters:
    psDriver - The class name of the jdbc driver
    psUrl - The URL of the database
    psUsername - The username required to access the database
    psPassword - The password for the above username
    Nick

  • JDBC Realms in Tomcat 6

    I have a few questions for you all. I don't know if this is the correct place to post this... I have been trying like a mad man to get JDBCrealms to work, but to no avail. I have sank into the tomcat documentation and also have an O'Reilly book here on tomcat. The book pretty much says the same thing as the Tomcat doc's. *(Thanks O'R.)*
    What I am trying to do is use tomcats security to allow different users (with different roles) to login through a form to some JSP's that I have built. What the user can see / do will vary depending on their role. If anyone can give me a hand on this I'd appreciate it, if this is not the correct place to post this, can someone point me to the right place? I'm not finding too many forums on apache tomcat out there.

    Thanks for the quick response. I didn't want to waste time and keystrokes, bandwidth, or database space if this was the wrong place to ask about tomcat and stuff.
    Ok, there actually are a NUMBER of issues I am having. First one's first. Can I use the tomcat JDBCRealms to login to the software via a form login? Secondly, I am having some issues on setting up a realm. I've been over and over the tomcat docs and also an O'Reilly book here and it basically says the same thing. It SEEMS it should be straight forward, but I must be missing something.
    Here is a snippet of my web.xml file (the portion that deals with what I need):
    <welcome-file-list>
    <welcome-file>Login.jsp</welcome-file>
         </welcome-file-list>
         <security-constraint>
         <web-resource-collection>
              <web-resource-name>my project name</web-resource-name>
              <url-pattern>/*</url-pattern>
              <http-method>DELETE</http-method>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
              <http-method>PUT</http-method>
         </web-resource-collection>
         <auth-constraint>
              <role-name>admin</role-name>
              <role-name>user</role-name>
              <role-name>manager</role-name>
              <role-name>trainer</role-name>
         </auth-constraint>
         </security-constraint>
         <login-config>
         <auth-method>FORM</auth-method>
         <realm-name>Training</realm-name>
         <form-login-config>
              <form-login-page>/Login.jsp</form-login-page>
              <form-error-page>/Login.jsp</form-error-page>
         </form-login-config>
         </login-config>
         <security-role>
         <role-name>manager</role-name>
         </security-role>
         <security-role>
         <role-name>user</role-name>
         </security-role>
         <security-role>
         <role-name>admin</role-name>
         </security-role>
         <security-role>
         <role-name>trainer</role-name>
         </security-role>
    Here is my server.xml file snippet:
    <Realm className="org.apache.catalina.realm.JDBCRealm" debug="0"
    driverName="com.mysql.jdbc.Driver"
    connectionURL="jdbc:mysql://localhost:3306/<myDBname>"
    connectionName="secret"
    connectionPassword="endeavor"
    userTable="tcuser" userNameCol="tcuser_name" userCredCol="password"
    userRoleTable="tcrole" roleNameCol="tcrole_name" />
    I have been getting a number of errors the first one that is most common is the j_security_check is unavailable.
    the Login.jsp calls j_security_check when the submit button is pressed. The database connection works because without the realm, I am able to run the other JSP's and edit / update / display / (your basic very flexible CRUD). I have two tables defined in the database setup as how tomcat suggests them to be except no PK definitions on the two tables (I really do not think that is the issue) I guess one of my first questions is: Does the web.xml snippet look correct? What about the server.xml snippet?
    Do you have to place any extra .jar files into the lib directory of tomcat or should the appropriate jar files already be there ready to go? Do I have to make any special calls to invoke the j_security_check or should all I have to do is call it in the action="" parameter of the form?
    Another thing that might be related is that I am running Enfinity Suite (Eclipse on roids) to build these jsp's, I'm just not using any of the custom functionality. I set a new instance of tomcat up as to not use the studio's customized tomcat. I noticed that there are 2 web.xml files. One in the WEB-INF folder of the project and one in the CATALINA_HOME/conf/directory. Also I have read that there should be a context.xml file in the META-INF folder of the project? I'm very sorry to dump what seems to be basic questions about this on to you all, but I am completely lost on this. Thanks in advance to everyone.
    warmest regards,
    Josh
    Edited by: TheWhiteKnight on Jul 8, 2008 6:43 PM

  • JDBC Realm help

    Hi,
    I have been trying to get the JDBC Realm to work, but with no success,
    I get the following error:
    Catalina.start: LifecycleException: Exception opening database connection: java.sql.SQLException
    LifecycleException: Exception opening database connection: java.sql.SQLException
    (see bottom of page for more detail)
    I have successfully connected to the database and retrieved data using the following code
    // Define the JDBP Driver and the database connection URL
    public static final String driver = "org.gjt.mm.mysql.Driver";
    public static final String url = "jdbc:mysql://localhost/db?user=un&password=pw";
    public static void main(String args[])
    Connection conn;
    try
    Class.forName(driver); // load the driver dynamically
    conn = DriverManager.getConnection(url); // connect to the database
    // perform a query. first create a Statement object from the connection
    Statement select = conn.createStatement();
    // next execute a query (SQL string) and return the results in a ResultSet object
    ResultSet result = select.executeQuery("select * from users");
    // print out the results
    while(result.next())
    String user = result.getString("user_name"); // note these match the columns in the
    String password = result.getString("user_pass"); // SELECT statement
    System.out.println(user + " " + password);
    select.close(); //Close the query
    conn.close(); //Close the database connection
    however I have no luck in connecting using the JDBC Realm, I am using j2re1.4.1_01, jwsdp-1_0_01 & mysql-connector-java-3.1.0-alpha and the com & org directories are in $JWSDP_HOME/common/lib/ I have also put a copy of the mysql-connector-java-3.1.0-alpha.jar in $JWSDP_HOME/server/lib/ in an effort to get this to work!!
    my $JWSDP_HOME/conf/server.xml contains
    <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driver="org.gjt.mm.mysql.Driver"
    connectionURL="jdbc:mysql://localhost/db?user=un;password=pw"
    userTable="users" usserNameCol="user_name" userCredCol="user_pass"
    userRoleTable="user_roles" roleNameCol="role_name" />
    I hope someone can shed some light on this as I have been reading a lot of threads about this however they all seem to have the driver name included in the Exception error and I don't get that in the error message, so I am assuming that the driver is working and there is another error.....
    Cheers in advance
    Contentents of $JWSDP_HOME/logs/catalina.outStarting service Internal Services
    Java Web Services Developer Pack/1.0_01-fcs
    Catalina.start: LifecycleException: Exception opening database connection: java.sql.SQLException
    LifecycleException: Exception opening database connection: java.sql.SQLException
    at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:683)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1175)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
    at org.apache.catalina.core.StandardService.start(StandardService.java:499)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:2187)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:504)
    at org.apache.catalina.startup.Catalina.execute(Catalina.java:399)
    at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at com.sun.launcher.Launcher.main(Launcher.java:208)
    ----- Root Cause -----
    java.sql.SQLException
    at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:606)
    at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:681)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1175)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
    at org.apache.catalina.core.StandardService.start(StandardService.java:499)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:2187)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:504)
    at org.apache.catalina.startup.Catalina.execute(Catalina.java:399)
    at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at com.sun.launcher.Launcher.main(Launcher.java:208)
    Stopping service Internal Services
    Catalina.stop: LifecycleException: Coyote connector has not been started
    LifecycleException: Coyote connector has not been started
    at org.apache.coyote.tomcat4.CoyoteConnector.stop(CoyoteConnector.java:1043)
    at org.apache.catalina.core.StandardService.stop(StandardService.java:549)
    at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2223)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:535)
    at org.apache.catalina.startup.Catalina.execute(Catalina.java:399)
    logs/catalina.out

    okayyyy.... now i got ur point. I think its not much
    difficult. Lets take it step-by-step.
    That's what I thought and it's still not working .....
    As a first step, you have to create 3 tables in your
    mySql database for authentication purposes. Lets name
    those tables: (1) user, (2) roles (3) user_roles.
    'user' will contain fields regarding user name and
    password, 'roles' will contain only 1 field specific
    to role names and finally 'user_roles' is a mapping
    table which contain user names and their
    corresponding role names (obviously from 'roles'
    table). This completes the database in mySQL that
    will help you to authenticate your users.
    I have added the roles table, not that they are referenced in the JDBC Realm connector ????
    >
    Now, its time to configure your web container, i.e.
    Tomcat to use this database (in terms of JDBCRealm).
    Make sure that tomcat services are stopped and then
    open server.xml file in any ANSII compliant editor.
    Search for any real tag (<Realm ... ) already placed
    in your xml file. If there would be any, then you
    should find under the <Engine> tag. Now place your own
    <Realm> tag under the <Engine> tag.
    It should be something like:
    <Realm className="org.apache.catalina.realm.JDBCRealm"
    debug="99"
    driverName="org.gjt.mm.mysql.Driver"
    connectionURL="jdbc:mysql://localhost:3306/tomcatusers"
    connectionName="root"
    connectionPassword=""
    userTable="users"
    userNameCol="user_name"
    userCredCol="user_pass"
    userRoleTable="user_roles"
    roleNameCol="role_name"/>
    Yup already done... now slightly modified
    >
    Plz double check "connectionName" and
    "connectionPassword" attributes to match your own
    user-name and passwords for your mySql db. This will
    complete the whole process, just start your Tomcat
    services again and see if that work. I hope it will
    help you, plz must tell me about progress -:)
    Raheel.
    mysql -u tomcat -p
    mysql> select a.user_name, b.role_name from users a, user_roles b
    -> where a.user_name=b.user_name;
    ----------------------+
    | user_name | role_name |
    ----------------------+
    | daren | employee |
    | tomcat | admin |
    | tomcat | manager |
    | tomcat | provider |
    ----------------------+
    can you guess what happened????
    IT DONT WORK :(

  • Configuring JDBC Realms and session mangement

    Hello All,
    I want to provide authentication to my application.
    Eg.
    There are users in "User" table in my Java DB.
    There is home page having login form and other features.
    When the user enter his credentials in the login form, his credentials will be checked against the "User" table. iIf the credentials are right then, the next page containing his account information and shopping cart will be displayed and his session ID will be maintained. This session id will be used for other operations performed by this user.
    I have achieved the above task easliy with my normal JDBC and JSP,Servlet.
    I am learning Securities, and i want to accomplish this task using JDBC Realm with Netbeans IDE. Means Credentials will be checked, Session will be maintined, session id will be tracked and user page(account information and shoping cart) will be displyed.
    How to achieve this?
    Please help me out with the codes or example.
    Please provide me the link if any article is mentioned for the same.
    Thans & Regards,
    Gaurav Dighe

    ok thanks....
    but thats what i exacltly need. How to configure Servlet Container and Glassfish server to achieve the task. Second thing is that by doing so i want to achieve the session management. To be precise i want to configure by glassfish server and application for JDBC Realm and then achieve Session management/tracking.
    I there any way to achieve this. I am new to Security.
    Please help..
    Edited by: user8687589 on Jan 27, 2011 11:33 AM

  • JDBC Realm issue on Tomcat 4.0.1

    Hi folks,
    Tried this one the Sun forum and haven't had luck yet getting a thorough reply.
    Trying to establish the JDBC realm config in Tomcat and am getting the following error:
    Starting service Tomcat-Standalone
    Apache Tomcat/4.0.1
    Catalina.start: LifecycleException: Exception opening database connection: jav
    a.sql.SQLException: [Microsoft][ODBC Driver Manager] Data source name too long
    LifecycleException: Exception opening database connection: java.sql.SQLExcepti
    on: [Microsoft][ODBC Driver Manager] Data source name too long
    at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)
    my configuration in the web.xml file is as follows;
    <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
    driverName="sun.jdbc.odbc.JdbcOdbcDriver"
    connectionURL="jdbc:odbc:DSNname@host_string:1521:ORCL?user=user_name;password=pwd_name"
    userTable="chg_users" userNameCol="user_name" userCredCol="user_pass"
    userRoleTable="chg_users_roles" roleNameCol="role_name" />
    does the above appear incorrect? If so, specifically how?
    Thanks!

    connectionURL="jdbc:odbc:CATALINA"
    in this case, where is CATALINA supposedly pointing
    to a DB connection? I don't have mine set, save for
    maybe the classpath, but why would you point the
    connURL through jdbc:odbc to CATALINA?
    That is the name of a DNS. The ODBC shell (nothing to do with java) has DNS names. The shell uses the passed in name to look up the attributes associated with the name.
    If you were using a DNS-less name then you would have to specify ODBC driver (nothing to do with java) and the associated attributes for that driver in the connection string.
    I'm a little confused by this. Any explanation would
    be great, as I have a driver that is jdbc:odbc,
    rather than an exclusive Oracle driver.
    Well, I've got the ojdbc14_g.jar file. But that's not
    exclusively Oracle, correct? Just for JDBC with
    Oracle?
    A jdbc driver lives somewhere. The bridge driver lives in the Sun VM. The Oracle driver lives in a jar (current ones.)
    The bridge driver talks to ODBC (which is outside of java.)
    The oracle drivers talk to oracle databases.

  • Sharepoint 2013 : Server was unable to process request. --- Site is not configured for Claims Forms Authentication.

    In our java web application trying  establish the connection for sharePoint 2013
    using  Windows claims authentication (NTLM ), I am getting error message "Server was unable to process request. ---> Site is not configured for Claims Forms Authentication". But In the Sharepoint 2013 our Site is is configured for Windows
    claims only.
    In the Sharepoint 2013 server in the IIS manager settings for authentication it is  enabled for both Windows claims and Forms authentication,
    but if I disable Forms authentication that I will be able to connect it through my application but with the direct access i.e., by running the URL in the browser I am not able to connect getting error message "sorry this site has not been shared with
    you" in the browser  Kindly help me on this.

    Hi,
    This issue is always caused that you had missed FBA configuration in web config of your web application.
    You can configure the FBA authentication then check whether it works.
    http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
    http://chrisbarba.com/2013/07/16/sharepoint-2013-forms-based-authentication-fba/
    more reference:
    http://stackoverflow.com/questions/5686378/sharepoint-2010-claim-base-authentication-error
    http://social.msdn.microsoft.com/Forums/sharepoint/en-US/2d82dcd4-0e57-4de5-81bc-60ffc3cb9a9f/sharepoint-2010-claim-authentication-and-authenticationasmx?forum=sharepointgeneralprevious
    Thanks & Regards,
    Jason
    Jason Guo
    TechNet Community Support

  • How to get the identity claim encoding types of windows and forms authentication providers using API?

    Hi,
    We have to get all the claims providers associated with a web application and its identity claim encoding type using API.
    For example:
    If the identity claim of windows authentication is user name and the user name is a string, then we should get
    "i:0#.w".
    If the identity claim of forms authentication is
    email and the provider name is "fba" , then we should get "i:0!.f|fba|".
    The below link shows us to get all claims providers associated with a web application, but how do we get the identity claim encoding type of each provider?
    http://msdn.microsoft.com/en-us/library/gg650432(v=office.14).aspx#SP_WCP_Tip3
    using (SPSite theSite = new SPSite("http://someContosoUrl"))
    // Get the web application.
        SPWebApplication wa = theSite.WebApplication;
        // Get the zone for the site.
        SPUrlZone theZone = theSite.Zone;
        // Get the settings that are associated with the zone.
        SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
        // Get the list of authentication providers that are associated with the zone.
        foreach (SPAuthenticationProvider prov in
            theSettings.ClaimsAuthenticationProviders)
        {   // Need to get the identity claims encoding type using the SPAuthenticationProvider
    Is windows authentication's identity claim encoding type always i.0#.w or the identity claim is always the user name?
    Thanks & Regards,
    Kalai.

    If the requirement is to be able to convert claim identities to windows identities that can be used with other LOB/legacy application that still relies on NTLM/Windows Auth, then I would recommend to explore C2WTS.
    Here are some references:
    http://msdn.microsoft.com/en-us/library/office/ee539739(v=office.14).aspx
    http://blah.winsmarts.com/2013-11-Use_C2WTS_to_get_a_classic_windows_identity_from_a_claims_identity.aspx
    http://henrymcclain.blogspot.in/2013/05/claims-to-windows-token-service-c2wts.html
    http://blogs.msdn.com/b/rodneyviana/archive/2011/02/20/claims-to-windows-token-service-c2wts-may-not-start-automatically-when-you-reboot-your-server-don-t-blame-sharepoint-for-that.aspx
    http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx
    Thanks!
    These postings are provided "AS IS" with no warranties, and confers no rights.

  • Site is not configured for Claims Forms Authentication

    Hi All
    I have one custom login page for my Sharepoint 2013 site where i am trying to use
    SPClaimsUtility.AuthenticateFormsUser(uri, strUserName, strPwd);
    But i am getting this exception ---> Site is not configured for Claims Forms Authentication
    I checked ULS long and there it is --> Not in claims forms auth for url 'https://domain/sitecollection/'.
    Web.config enteries are 
    <authentication mode="Forms">
          <forms loginUrl="/_layouts/TarsForwardLogin.aspx" />
        </authentication>
    <membership defaultProvider="i">
          <providers>
            <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
            <add name="membership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA"
    connectionPassword="spad1n2" server="10.100.5.119" port="389" useSSL="false" userDNAttribute="entryDN" userNameAttribute="cn" userContainer="o=toyota" userObjectClass="Inetorgperson"
    userFilter="(ObjectClass=Inetorgperson)" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn,fullname,language,mail" enablePasswordReset="false" enablePasswordRetrieval="false" passwordFormat="Clear"
    requiresQuestionAndAnswer="false" requiresUniqueEmail="false" />
          </providers>
        </membership>
        <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
          <providers>
            <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
     <add name="rolemanager" connectionUsername="cn=sharepointadmin,ou=GSP,ou=Applications,o=TOYOTA" connectionPassword="spad1n2" type="Microsoft.Office.Server.Security.LDAPRoleProvider, Microsoft.Office.Server, Version=15.0.0.0,
    Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="10.100.5.119" port="389" useSSL="false" groupContainer="ou=groups,ou=GSP,ou=Applications,o=toyota" groupNameAttribute="cn" groupMemberAttribute="member"
    userContainer="o=toyota" userNameAttribute="cn" userDNAttribute="entryDN" dnAttribute="entryDN" groupFilter="(ObjectClass=groupOfNames)" userFilter="(ObjectClass=Inetorgperson)" scope="Subtree"
    />     
    </providers>
        </roleManager>
    Can
    someone please help/Guide
    Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |

    Hi All
    I tried like this and it worked...
    SPIisSettings iisSettings = SPContext.Current.Site.WebApplication.IisSettings[SPUrlZone.Internet];
    SPFormsAuthenticationProvider formsClaimsAuthenticationProvider = iisSettings.FormsClaimsAuthenticationProvider;
    SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
    formsClaimsAuthenticationProvider.MembershipProvider, formsClaimsAuthenticationProvider.RoleProvider, strUserName, "", SPFormsAuthenticationOption.PersistentSignInRequest);
    if (null != token)
    base.EstablishSessionWithToken(token, SPSessionTokenWriteType.WriteSessionCookie);
    base.RedirectToSuccessUrl();
    Manoj Gangwar | Sharepoint MCPD | Sharepoint MCTS |

  • Migrate User from Classic mode to Forms Authentication in SharePoint 2013

    Hi All,
    I have upgraded a SharePoint 2010 classic mode site to SharePoint 2013 claims authentication. I have executed the command MgrateUser($true) and the user account is updated to Claims mode and I am able to login to the site.
    Now I have extended the site to use forms authentication against Active Directory. How do I update the accounts to Form Authentcation mode using Powershell, is there any command available.
    Thanks & Regards
    pankaj

    Okay, I would suggest instead to use Web Application Proxy and ADFS 3.0 (using an NTLM connection to SharePoint). This way you get your forms experience for those users who require it (or all, your choice) and you do not have to change anything with SharePoint.
    More info here: http://thesharepointfarm.com/2014/02/sharepoint-and-the-web-application-proxy-role/
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • BASIC authentication and web client problems

    I have a very simple web service that is working. Now before attempting to use
    SSL, I want to test authenticating using BASIC authentication. I’ve made the
    changes to web.xml and even though the other web service pages authenticate ok
    (ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
    for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
    Has anyone completed this and if so, how does it work? I must have missed something
    simple.
    First, I setup the security constraint as follows:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>file-exchange-resources</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Administrators</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>myrealm</realm-name>
    </login-config>
    <security-role>
    <description>An administrators</description>
    <role-name>Administrators</role-name>
    </security-role>
    That allows me to secure / authenticate to the JSPs in the web service test app
    provided. Then I tried working with the admin server console to setup roles /
    privileges. I couldn’t get this to work but I easily could have done something
    wrong since there are no step by step examples other than the general docs in
    the programming guide.
    Next, since the web service deploys as a web application, I figured the problem
    must be that the internal WLS servlet needs security information defined in web.xml.
    I saw the programming guide listed the servlet name and discussed servlet mapping
    so I added the normal security entries for a servlet as follows and re-jarred
    the WAR and EAR.
    <servlet>
    <servlet-name>WebServiceServlet</servlet-name>
    <servlet-class>
    weblogic.webservice.server.servlet.WebServiceServlet
    </servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>WebServiceServlet</servlet-name>
    <url-pattern>/FileExchangeFacade/*</url-pattern>
    <security-role-ref>
    <role-name>Administrators</role-name>
    <role-link>Administrators</role-link>
    </security-role-ref>
    </servlet-mapping>
    It still doesn’t work. Any idea on how to get it to authenticate?
    Thanks,
    Dave

    Ok, this looks like an issue with the test page.
    When the test page gets a request to invoke a
    web service, it creates a client proxy and call invoke
    on the proxy. This will case the client proxy to
    create a new HTTP post connection to the server.
    Test page pulls out the username/passwd from the
    GET request from the browser and pass it to the
    POST request it makes to the web service. I think,
    the test page needs to do the same for realm. I will
    file a CR for this (CR105320).
    Please contact support with the case number if you
    need a patch for this.
    http://manojc.com
    "Malcolm Robbins" <[email protected]> wrote in message
    news:[email protected]...
    "Malcolm Robbins" <[email protected]> wrote in message
    news:[email protected]...
    One more thing.
    I took out explicit realm mapping and noticed that the firstauthentication
    challenge was for the WebLogic standard realm which was fine and
    authentication was successful. (i.e. I got to the web service "homepage").
    Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
    When I stepped into the web service method and pressed the Invoke buttonon
    the web service methods the realm was "default" and authenticationfailed.
    Why does the domain change and how do I cover this?Is was actually listed as "Default".
    However this is the same domain I believe because I've done a further
    experiment and set the domains explicitely
    in the deployment WAR deployment (Other tab) and in the web.xml file. The
    second challange is then asking for re-authentication in the correctdomain
    (myrealm) but it does not accept the valid user/password and just re
    challenges until 3 attempts then it displays the SOAP message and theserver
    log file has the following exception:
    java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
    'http://localhost:7001/webservice/TraderService?WSDL'
    at
    weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
    2)
    at java.net.URL.openStream(URL.java:793)
    at
    weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
    nFactory.java:73)
    at
    weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
    at
    weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
    108)
    at
    weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
    84)
    at
    weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
    ava:230)
    at
    weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
    iceServlet.java:306)
    at
    weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
    8)
    at
    weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
    at
    weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
    .java:224)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at
    weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
    tStubImpl.java:1058)
    at
    weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
    :401)
    at
    weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
    :306)
    at
    weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
    ebAppServletContext.java:5412)
    at
    weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
    r.java:744)
    at
    weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
    ntext.java:3086)
    at
    weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
    :2544)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134)

  • Form Authenticating the portal or jsp page

    Before accessing a jsp page, I want the user to authenticate using login.jsp using the user role I created in console.
    But when I hit the page, its not going to login.jsp. Instead its going directly to it. Please find the web.xml and weblogic.xml that I changed below,
    --web.xml
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>webtest</web-resource-name>
    <url-pattern>/portlets/tools/wnxinterface/wnxInterface.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>wnuser</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    <!--turn on identity assertion-->
    <login-config>
    <auth-method>CLIENT-CERT,FORM</auth-method>
              <realm-name>myrealm</realm-name>
    <form-login-config>
    <form-login-page>login.jsp</form-login-page>
    <form-error-page>error.jsp</form-error-page>
    </form-login-config>
    </login-config>
    <security-role>
              <role-name>AuthenticatedUserRole</role-name>
    </security-role>
    <security-role>
              <role-name>wnuser</role-name>
    </security-role>
    --weblogic.xml
    <wls:security-role-assignment>
    <wls:role-name>AuthenticatedUserRole</wls:role-name>
    <wls:principal-name>AuthenticatedUsers</wls:principal-name>
    </wls:security-role-assignment>
    <wls:security-role-assignment>
         <wls:role-name>wnuser</wls:role-name>
         <wls:principal-name>wngroup</wls:principal-name>
    </wls:security-role-assignment>
    I created the wnuser in myrealm in my console. So I am trying to password protect the wnxInterface.jsp page.
    Actually I have this wnxInterface.jsp as a portlet inside my portal. Is it similarly possible to authenticate the portal itself?
    Thanks in advance

    1. yes: URL u = new URL(this.getCodeBase(),"../relativeFolder/file.whatever");
    http://javaalmanac.com/cgi-bin/search/find.pl?words=URL
    2. yes: using JSObject you can call javaScript methods that can do it for you or retreive the
    componenet directly.
    http://forum.java.sun.com/thread.jspa?threadID=598123&messageID=3180053

Maybe you are looking for

  • Finder Window closes when File is Deleted in 10.6 Server

    I'm running OSX 10.6 (Snow Leopard) on an XServe serving 50 Mac Pros. I work with two finder windows open in column view with no side bar. This allows me to navigate and move files from any of 50 computers I have mounted to my server to another compu

  • How do we change the default profile folder location?

    I work for a university in Manhattan. We are trying to install Firefox 5 for our users but Firefox profiles are stored in the AppData folder which is a problem for us as it exceeds the user profile space. We need a way to have Firefox create the prof

  • Data retrieval failed

    Greetings all, i'm having a problem in order to retrieve data from oracle 10g views. Notes: Data retrieval from other tables are just fine. Some views are created for me in order to share some data from other databases. As far as i concern, we actual

  • How to use cursor function for nested xml

    Hi, i have a query for XMLQuery like select * from bills where bill_id=???? it results in something like <bills> <bill> <city>london</city> <amount>44</amount> </bill> <bill> <city>london</city> <amount>988</amount> </bill> <bill> <city>new york</cit

  • Authorization objects for FM (EA-PS) after upgrade

    Hi, We are upgrading from ERP 4.6c to ECC 6.0 (IS-PS 462 to EA-PS 6.00). On preliminary tests we have found that we need to add a few authorization objects to the users, but we want to minimize that. We opted to deactivate BAdi implementation "FMBS_A