Menu
I have set the realm setting in server.xml host section to something like this:
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/test" connectionName="test" connectionPassword="test"
userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles"
roleNameCol="user_role" />
Also in web.xml:
<security-role>
<role-name>ADMIN</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>critical</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
And I have the databased set up. However when login.jsp is envoked, even I entered the right password I was redirected to error.jsp
I want to know if there is a way to find what's wrong during the process. Can I do it in Eclipse or any other hints that may solve the problem?
993
Realm Element Attributes To configure MemoryRealm, you will create a <Realm> element and nest it in your $CATALINA_BASE/conf/server. xml file, as described above.
Definition: Tomcat Realms is an interface for connecting Catalina to a existing database of usernames, passwords and roles to handle application authentication. You can manage your user access and their roles. Roles are grouping of users based on permissions you wish to grant to any group of users.
It is a simple XML file; the root element is tomcat-users and the only allowed child elements are role and user . Each role element has one attribute called rolename , and each user element has three attributes: name , password , and roles . The default tomcat-users. xml file contains the XML listed in Example 7-3.
To get the debug information from the Realm authentication steps, follow this procedure.
When you define your Realm in the server.xml, add debug="9" to the definition (you can of course use a lower number for less detail).
<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost:3306/test" connectionName="test" connectionPassword="test"
userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles"
roleNameCol="user_role" debug="9" />
You also need to add this to your logging.properties file:
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
You may also need to add this, to prevent bufferring of the logs. If you do, remember to remove it after you've finished debugging.
1catalina.org.apache.juli.FileHandler.bufferSize = -1
Now, the debug logs for the realms should end up in the catalina.out file.
181
For others finding this issue, I found the following worked for Tomcat 8.5.40:
java.util.logging.ConsoleHandler.level = ALL
org.apache.catalina.level = FINEST
org.apache.catalina.realm.JNDIRealm.level = FINEST
org.apache.catalina.realm.JNDIRealm.useParentHandlers = true
The key fact appears to be that your logging travels through several layers of definitions and will be trimmed by the first one that has a lower level so you need to make sure that each bit it passes through is FINEST or ALL.
Hopefully this will save someone some time ;)
Ian.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
