Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to debug realm feature in Tomcat?

Tags:

java

tomcat

I have set the realm setting in server.xml host section to something like this:

<Realm  className="org.apache.catalina.realm.JDBCRealm"  driverName="org.gjt.mm.mysql.Driver"  
         connectionURL="jdbc:mysql://localhost:3306/test" connectionName="test" connectionPassword="test"  
             userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" 
       roleNameCol="user_role" />

Also in web.xml:

<security-role>
    <role-name>ADMIN</role-name>
</security-role>

<security-constraint>  
    <web-resource-collection>  
        <web-resource-name>critical</web-resource-name>  
        <url-pattern>/admin/*</url-pattern>  
        <http-method>GET</http-method>  
        <http-method>POST</http-method>  
    </web-resource-collection>  
    <auth-constraint>  
        <role-name>ADMIN</role-name>  
    </auth-constraint>  
</security-constraint>  

<login-config>  
    <auth-method>FORM</auth-method>  
    <form-login-config>  
        <form-login-page>/login.jsp</form-login-page>  
        <form-error-page>/error.jsp</form-error-page>  
    </form-login-config>  
</login-config> 

And I have the databased set up. However when login.jsp is envoked, even I entered the right password I was redirected to error.jsp

I want to know if there is a way to find what's wrong during the process. Can I do it in Eclipse or any other hints that may solve the problem?

like image 993
NSF Avatar asked Sep 07 '12 03:09

NSF


People also ask

Which file realm is configured in tomcat?

Realm Element Attributes To configure MemoryRealm, you will create a <Realm> element and nest it in your $CATALINA_BASE/conf/server. xml file, as described above.

What is a realm in tomcat?

Definition: Tomcat Realms is an interface for connecting Catalina to a existing database of usernames, passwords and roles to handle application authentication. You can manage your user access and their roles. Roles are grouping of users based on permissions you wish to grant to any group of users.

What is tomcat-users XML?

It is a simple XML file; the root element is tomcat-users and the only allowed child elements are role and user . Each role element has one attribute called rolename , and each user element has three attributes: name , password , and roles . The default tomcat-users. xml file contains the XML listed in Example 7-3.


2 Answers

To get the debug information from the Realm authentication steps, follow this procedure.

When you define your Realm in the server.xml, add debug="9" to the definition (you can of course use a lower number for less detail).

<Realm  className="org.apache.catalina.realm.JDBCRealm"  driverName="org.gjt.mm.mysql.Driver"  
   connectionURL="jdbc:mysql://localhost:3306/test" connectionName="test" connectionPassword="test"  
   userTable="users" userNameCol="user_name" userCredCol="user_pass" userRoleTable="user_roles" 
   roleNameCol="user_role" debug="9" />

You also need to add this to your logging.properties file:

org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true

You may also need to add this, to prevent bufferring of the logs. If you do, remember to remove it after you've finished debugging.

1catalina.org.apache.juli.FileHandler.bufferSize = -1

Now, the debug logs for the realms should end up in the catalina.out file.

like image 181
Steve Shipway Avatar answered Oct 13 '22 04:10

Steve Shipway


For others finding this issue, I found the following worked for Tomcat 8.5.40:

java.util.logging.ConsoleHandler.level = ALL
org.apache.catalina.level = FINEST
org.apache.catalina.realm.JNDIRealm.level = FINEST
org.apache.catalina.realm.JNDIRealm.useParentHandlers = true

The key fact appears to be that your logging travels through several layers of definitions and will be trimmed by the first one that has a lower level so you need to make sure that each bit it passes through is FINEST or ALL.

Hopefully this will save someone some time ;)

Ian.

like image 29
Ian Norton Avatar answered Oct 13 '22 02:10

Ian Norton