JSP RSS JSP RSS

security authentification using JDBCRealm under tomcat 6 and postgresql

Reply

Join Date: Nov 2008
Posts: 1
Reputation: artirt is an unknown quantity at this point 
Solved Threads: 0
artirt artirt is offline Offline
Newbie Poster

security authentification using JDBCRealm under tomcat 6 and postgresql

 
0
  #1
Nov 30th, 2008
I'm making a web site and need limiting customers' access to the website of my application.

I work under Apache Tomcat 6.0.18, postresql and of course i've put postgresql-8.3-603.jdbc4 in my lib file.

My context Apache-Tomcat's name is "hotel", and my database's name is AMDB.

I haven't a file sun-web.xml (I've learned in some websites that we shouls sometimes make it : but where and why ?)

My files are :

Web.xml:

JSP Syntax (Toggle Plain Text) 
  1. <?xml version="1.0" encoding="ISO-8859-1"?>
  2.  
  3.  
  4. <web-app xmlns="http://java.sun.com/xml/ns/javaee"
  5.    xmlns: xsi="http://www.w3.org/2001/XMLSchema-instance"
  6.    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  7.    version="2.5"> 
  8.  
  9.     <security-constraint>
  10. <display-name>Sécurité sous Tomcat</display-name>
  11.  
  12. <web-resource-collection>
  13. <web-resource-name>hotel</web-resource-name>
  14.  
  15.  
  16. <url-pattern>/*</url-pattern>
  17.             <http-method>GET</http-method>
  18.             <http-method>POST</http-method>
  19.             <http-method>HEAD</http-method>
  20.             <http-method>PUT</http-method>
  21.             <http-method>OPTIONS</http-method>
  22.             <http-method>TRACE</http-method>
  23.             <http-method>DELETE</http-method>
  24.  
  25.  
  26. </web-resource-collection>
  27.  
  28. <auth-constraint>
  29. <role-name>admin</role-name>
  30. </auth-constraint>
  31.  
  32. </security-constraint>
  33.    
  34.    
  35.    <login-config>
  36. <auth-method>BASIC</auth-method>
  37. <realm-name>Authentification pour Tomcat</realm-name>
  38. </login-config>
  39.  
  40.  
  41. 	<security-role>  
  42. <description/>	
  43.         <role-name>admin</role-name>
  44. 		 <role-name>user</role-name>
  45.     </security-role>
  46.  
  47.  
  48. </web-app>
  49.  



I've added the following code in my server.xml file inside the tag <Host>:

JSP Syntax (Toggle Plain Text) 
  1. <Context path="/hotel" docBase="hotel"
  2.    crossContext="true" reloadable="true" debug="1">
  3.  
  4. <Resource name="jdbc/AMDB" auth="root"
  5.           type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
  6.           url="jdbc:postgresql://127.0.0.1:5432/AMDB"
  7.           username="root" password="artirt" maxActive="20" maxIdle="10"
  8. maxWait="-1"/>
  9. 	</Context>
  10.  
  11.  
  12. 		<Realm className="org.apache.catalina.realm.JDBCRealm" 
  13. 	connectionName="root"
  14. 	connectionPassword="artirt"
  15. 	localDataSource="true"
  16. 	dataSourceName="jdbc/AMDB"
  17. 	driverName="org.postgresql.Driver"
  18.    connectionURL="jdbc:postgresql://127.0.0.1:5432/AMDB"
  19. 	userTable="users"
  20. 	userRoleTable="roles"
  21. 	userNameCol="username"
  22. 	userCredCol="password"
  23. 	roleNameCol="role-name"
  24. />

My database is created under postgresql using the following codes (that I've copied from pgAdmin):


JSP Syntax (Toggle Plain Text) 
  1. -- Table: roles
  2.  
  3. -- DROP TABLE roles;
  4.  
  5. CREATE TABLE roles
  6. (
  7.   username character varying(32) NOT NULL,
  8.   "role-name" character varying(32) NOT NULL,
  9.   CONSTRAINT cleprimroles PRIMARY KEY (username, "role-name"),
  10.   CONSTRAINT foreignckeyroles FOREIGN KEY (username)
  11.       REFERENCES users (username) MATCH SIMPLE
  12.       ON UPDATE NO ACTION ON DELETE NO ACTION
  13. )
  14. WITH (OIDS=FALSE);
  15. ALTER TABLE roles OWNER TO root;
  16.  
  17.  
  18.  
  19.  
  20. -- Table: users
  21.  
  22. -- DROP TABLE users;
  23.  
  24. CREATE TABLE users
  25. (
  26.   username character varying(32) NOT NULL,
  27.   "password" character varying(32) NOT NULL,
  28.   CONSTRAINT cleprimusers PRIMARY KEY (username)
  29. )
  30. WITH (OIDS=FALSE);
  31. ALTER TABLE users OWNER TO root;



Given that, when I start tomcat and open a page of my application, the firefox window authentification (with login and password)
appears. I type my login and pass, and even if they are correct, the following error page appears :



http://img78.imageshack.us/img78/5864/tomcatwn4.th.jpg


The error is :
JSP Syntax (Toggle Plain Text) 
  1. Etat HTTP 403 - L'acc�s � la ressource demand�e a �t� interdit
  2.  
that means in english : the access to the requested resource is denied.

Thanks in advance for any reply.
Last edited by artirt; Nov 30th, 2008 at 5:30 am.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the JSP Forum
Thread Tools Search this Thread



apache backbutton combobox connection database development directorystructure dynamicpagetitles eclipse frames glassfish imagetodatabse imageupload internet java javaee javascript jsf jsp jsppagetitles levels mvc2 mvcmodel2 network parameters passing ping printinserverinsteadofclient redirect request.getparameter response servlet servletdopost()readxml sessions software ssl state_saving_method stocks sun tomcat tutorial video web
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC