Multiple Realm Possible?

#1
Using MySQL 5.0 and Tomcat 5.5.20 along side with IIS 6.

Currently I have:
1. Security Constraint on a folder (WebApps -> Protected).
2. Realm under server.xml so I can authenticate users listed in MySQL database.

Everything stated above still works fine, however, now I have another MySQL database (To Avoid Confustion lets call it PersonalDB) for which I have to write an application. For obvious reasons, I have to protect the application, so I decided to use security constraint to authenticate users.

Here is the problem:
1. The username and password are listed in the PersonalDB
2. I am already using a Realm for my first application
3. I am not sure if it's possible to add another Realm

I don't know how I can properly authenticate the users for my second application. Any help or information will be greatly appreciated.
 

mqudsi

Mostly Harmless
Staff member
#2
Yeah, it's possible.

I'd recommend using LDAP instead though, there are several TomCat J2EE applications that serve as full-fledged LDAP servers, and since your on Windows Server 2003 you can just use the (much better) Active Directory LDAP module.

You are using encrypted passwords in teh DB?
 
#3
I am not familiar with LDAP.

Since I am familiar with tomcat and its features, I wanted to know if I can add another REALM in server.xml. The first REALM would refer to MySQL to authenticate users for my 1st application. The second REALM would refer to Access Database to authenticate users for 2nd Application.

I haven't created my 2nd application but in the first application I was using j_security_check, which I assume uses encription.

Any tutorials or instructions would be greatly appreciated. Thanks very much for reply.
 

mqudsi

Mostly Harmless
Staff member
#4
Yeah, you can easily do that.

Instead of putting it in Server.xml though, just create a separate XML for each application.

like tomcat/conf/localhost/app1.xml
define your realm there

tomcat/conf/localhost/app2.xml
define the second realm there

You can put whatever details you want and they'll stay separate.
 

mqudsi

Mostly Harmless
Staff member
#5
topic moved
 
#6
Thanks again.

Since I already have a realm configured for my 1st application, I am assuming I can simply copy and paste the realm from server.xml to app1.xml

Then repeat this process for my second realm.

However, how would my application know where to look and what realm to use? Is there a way to direct one <security-constraint> to app1.xml and another to app2.xml
 

mqudsi

Mostly Harmless
Staff member
#7
Well, the way it would work is each xml file takes the name of the context.

If application 1 is localhost:8080/commercial/
then it would be commercial.xml and the contents of commercial.xml are only for app1

app2 is localhost:8080/personal
then personal.xml has the realm details for app2

It's important to note that if you use this method you must remove the definitions from server.xml
 
#8
Thank you very much again..

Lastly, I have some include files under app1 (localhost:8080/commercial/) that I want to be able to use under app2 (localhost:8080/personal) . Do you know how I would be able to do that?

I tried few things but I keep on getting 500 error.

org.apache.jasper.JasperException: /login.jsp(39,4) File "/commercial/inc/menu.inc" not found
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)


I don't understand why Images would work but not the include statement.
 

mqudsi

Mostly Harmless
Staff member
#9
You can't include them like that - you have to remember that unlike PHP/Perl/Python/etc., Java EE is a compiled applications. When you say include /commercia/thisfile you're actually getting the compiled output.

Try using the absoloute path.

include c:/myapps/app1/includes/this.jsp does that do the trick?
 
#10
No it didn't work.

I tried the following

<!-- MENU BEGINS HERE //-->
<%@ include file ="c:/commercial/inc/menu.inc" %>
<!-- MENU ENDS HERE //-->

And I got the following

org.apache.jasper.JasperException: /login.jsp(39,4) File "/c:/commercial/inc/menu.inc" not found
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

The part that I find really intriguing is how come this works...
<IMG SRC="/commercial/images/title.jpg" USEMAP="#home" BORDER="0">
 

mqudsi

Mostly Harmless
Staff member
#11
You have to use backslashes

c:/eeee/eeeeee/eee.jsp
 

mqudsi

Mostly Harmless
Staff member
#12
The reason images work is because they're not compiled.
When you grab a .inc, you want the code.
When you grab an image, you want the binary data.

However, when you link an external JSP, you're actually getting HTML back, not Java code.
 
#13
Sorry earlier was a typo....I tried both slashes and I got the same error.

I was thinking...If I combined Apps1 and Apps2 so there is only one apps, would I be able to add multiple realms in apps1.xml or you think that would cause problem.

If that will cause problem then I might have to come up with another way of solving this issue.
 
#15
I just copied the folder and pasted it with apps2. So for now I am all set with that issue.

I am having trouble with my Apps2 though. I created a <Security-Constraint> in web.xml, added a ODBC Realm in Apps2.xml, and also created a MS Acesses Driver (Administrative Tools -> Data Sources).

However, everytime I try logging in, I am getting Login Fail page. I thought it was the database, so I created a new one but I still am getting Login Fail Page. I don't know what is going on and how I can fix it.

Please help.
 

mqudsi

Mostly Harmless
Staff member
#16
Which login is failing?
To the DB? to the app? to IIS?
 
#17
The login to the DB was failing.

I ended up finding the answer myself.
In Control Panel -> Administrative Tools -> ODBC
I had the driver in User DSN where as I should have put it in System DSN

Thanks for you all your help