Configuring a Context specific Tomcat Security Realm
- by Andy Mc
I am trying to get a context specific security Realm in Tomcat 6.0, but when I start Tomcat I get the following error:
09-Dec-2010 16:12:40 org.apache.catalina.startup.ContextConfig validateSecurityRoles
INFO: WARNING: Security role name myrole used in an <auth-constraint> without being defined in a <security-role>
I have created the following context.xml file:
<Context debug="0" reloadable="true">
<Resource name="MyUserDatabase"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/my-users.xml" />
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="MyUserDatabase"/>
</Context>
Created a file: my-users.xml which I have placed under WEB-INF/conf which contains the following:
<tomcat-users>
<role rolename="myrole"/>
<user username="test" password="changeit" roles="myrole" />
</tomcat-users>
Added the following lines to my web.xml file:
<web-app ...>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myrole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
...
</web-app>
But seem to get the error wherever I put conf/my-users.xml. Do I have to specify an explicit PATH in the pathname or is it relative to somewhere? Ideally I would like to have it packaged up as part of my WAR file.
Any ideas?
