larry - 2005-08-29

Hi, I am using securityfilter1.1 with one of my application running on tomcat. The tomcat is configed to use jdbc realm to talk to a SQL server 7 database. We also using a connection pool in this application (a 3rd party freeware).

Here is the problem I have. Every time when the data base down for a while, or there is a network disruption (Like the network between the app server and db server disrupted), looks like the jdbc realm can recover itself (since I can login the tomcat/manager/html) without restart tomcat server or restart the application context from the tomcat manager. The coonection pool I am using also can recover it self (since other part of the application still be able to run and get data from db to display on the web page), but the securityfilter failed every time I try to sign in to the restricted part of the application.

The jdbc realm defined in server.xml as:

    <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="net.sourceforge.jtds.jdbc.Driver"
          connectionURL="jdbc:jtds:sqlserver://XXX.XXXXXX.com:1433/Genelink"
         connectionName="xxxxxxxx" connectionPassword="xxxxxxxx"
    userTable="xxxxxx_users" userNameCol="user_name" userCredCol="user_pass"
    userRoleTable="xxxxxx_group_user_roles" roleNameCol="role_name" />

Here is part of my web.xml for that applcaition:
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app PUBLIC
        "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

   <display-name>xxxxxxxx Application</display-name>

   <filter>
      <filter-name>Security Filter</filter-name>
      <filter-class>org.securityfilter.filter.SecurityFilter</filter-class>
      <init-param>
         <param-name>config</param-name>
         <param-value>/WEB-INF/classes/securityfilter-config.xml</param-value>
         <description>Configuration file location (this is the default value)</description>
      </init-param>
      <init-param>
         <param-name>validate</param-name>
         <param-value>true</param-value>
         <description>Validate config file if set to true</description>
      </init-param>
   </filter>

   <!-- map all requests to the SecurityFilter, control what it does with configuration settings -->

   <filter-mapping>
      <filter-name>Security Filter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>

  <servlet-mapping>
     <servlet-name>action</servlet-name>
     <url-pattern>*.do</url-pattern>
  </servlet-mapping>

   <!-- make the session time-out after 8 hours per mark-->
   <session-config>
      <session-timeout>480</session-timeout>
   </session-config>

   <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
   </welcome-file-list>

   <!-- SecurityFilter works with custom error pages -->
   <error-page>
      <error-code>403</error-code>
      <location>/error/403.jsp</location>
   </error-page>
</web-app>

Here is part of the securityfilter-config.xml

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE securityfilter-config PUBLIC
    "-//SecurityFilter.org//DTD Security Filter Configuration 1.1//EN"
    "http://www.securityfilter.org/dtd/securityfilter-config_1_1.dtd">

<securityfilter-config>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>xxxxxxxx Application Home</web-resource-name>
            <url-pattern>/main.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>xxxxuser</role-name>
            <role-name>xxxxdev</role-name>
            .
        </auth-constraint>
    </security-constraint>

   <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
         <form-login-page>/index.jsp</form-login-page>
         <form-error-page>/loginerror.jsp</form-error-page>
         <form-default-page>/main.jsp</form-default-page>
      </form-login-config>
   </login-config>

   <!-- start with a Catalina realm adapter to wrap the Catalina realm defined below -->
   <realm className="org.securityfilter.realm.catalina.CatalinaRealmAdapter" />

    <realm
          className="org.apache.catalina.realm.JDBCRealm" >
          <realm-param name="debug" value="99" />
          <realm-param name="driverName" value="net.sourceforge.jtds.jdbc.Driver" />
          <realm-param name="connectionURL" value="jdbc:jtds:sqlserver://db-dev.unitedis.com:1433/Genelink" />
          <realm-param name="connectionName" value="GeneLink-web" />
          <realm-param name="connectionPassword" value="littlebluepeople" />
          <realm-param name="userTable" value="gene_users" />
          <realm-param name="userNameCol" value="user_name" />
          <realm-param name="userCredCol" value="user_pass" />
          <realm-param name="userRoleTable" value="gene_group_user_roles" />
          <realm-param name="roleNameCol" value="role_name" />
     </realm>

</securityfilter-config>

Here is the error I get every time:
Aug 23, 2005 9:07:06 AM org.apache.catalina.realm.JDBCRealm getPassword
SEVERE: Exception performing authentication
java.sql.SQLException: Network errorConnection reset by peer: socket write error
at net.sourceforge.jtds.jdbc.Tds.submitProcedure(Unknown Source)
at net.sourceforge.jtds.jdbc.Tds.commit(Unknown Source)
at net.sourceforge.jtds.jdbc.TdsConnection.commitOrRollback(Unknown Source)
at net.sourceforge.jtds.jdbc.TdsConnection.commit(Unknown Source)
at org.apache.catalina.realm.JDBCRealm.getPassword(JDBCRealm.java:563)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:399)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:347)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Aug 23, 2005 9:07:06 AM org.apache.catalina.connector.CoyoteAdapter service
SEVERE: An exception or error occurred in the container during the request processing
java.lang.NullPointerException
at net.sourceforge.jtds.jdbc.TdsConnection.close(Unknown Source)
at org.apache.catalina.realm.JDBCRealm.close(JDBCRealm.java:459)
at org.apache.catalina.realm.JDBCRealm.getPassword(JDBCRealm.java:573)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:399)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:347)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)

Can anybody point to me what I need to do to make the securifyfilter recover itself. (The securityfilter will recover if I stop/start the application context from manager).

Would it help if I upgrade to securityfilter2.0.

Thanks in advance!
larry