Configuring a Context specific Tomcat Security Realm

I am trying to get a context specific security Realm in Tomcat 6.0, but when I start Tomcat I get the following error:

09-Dec-2010 16:12:40 org.apache.catalina.startup.ContextConfig validateSecurityRoles
INFO: WARNING: Security role name myrole used in an <auth-constraint> without being defined in a <security-role>

I have created the following context.xml file:

<Context debug="0" reloadable="true">

  <Resource name="MyUserDatabase"
            type="org.apache.catalina.UserDatabase"
            description="User database that can be updated and saved"
            factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
            pathname="conf/my-users.xml" />

  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
         resourceName="MyUserDatabase"/>

</Context>

Created a file: my-users.xml which I have placed under WEB-INF/conf which contains the following:

<tomcat-users>
  <role rolename="myrole"/>
  <user username="test" password="changeit" roles="myrole" />
</tomcat-users>

Added the following lines to my web.xml file:

<web-app ...>
  ...
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Entire Application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection> 
    <auth-constraint>
      <role-name>myrole</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>
  ...
</web-app>

But seem to get the error wherever I put conf/my-users.xml. Do I have to specify an explicit PATH in the pathname or is it relative to somewhere? Ideally I would like to have it packaged up as part of my WAR file.

Any ideas?


I believe you need the following in your web.xml

<security-role>
    <role-name>myrole</role-name>
</security-role>

in order to define the role. Also, I think that you will need to reference the realm in the login-config

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>MyUserDatabase</realm-name>
 </login-config>

or similar.


Have a look at the tomcat-users.xml file in your Tomcat configuration directory that defines security roles as an example of what you need.

Also, refer to the following article for guidance.

链接地址: http://www.djcxy.com/p/49210.html

上一篇: TableAdapter向导没有连接字符串来自选择列表中的设置

下一篇: 配置特定于上下文的Tomcat安全领域