Bug 55888

Summary: Not clear that a container may only contain a single Realm in server.xml
Product: Tomcat 7 Reporter: psfung
Component: DocumentationAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 7.0.47   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description psfung 2013-12-16 08:39:25 UTC 
I defined a realm in server.xml...

inside
<Engine name="Catalina" defaultHost="localhost">

below the block
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
     via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
  <!-- This Realm uses the UserDatabase configured in the global JNDI
       resources under the key "UserDatabase".  Any edits
       that are performed against this UserDatabase are immediately
       available for use by the Realm.  -->
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
         resourceName="UserDatabase"/>
</Realm>

add
<Realm className="org.apache.catalina.realm.MemoryRealm"
    digest="MD5" pathname="conf/my-realm.xml"/>

It works fine initially. Later, I move the realm def above that block. The config is not changed logically, but then authentication of my realm fails.
Comment 1 Konstantin Kolinko 2013-12-16 09:21:19 UTC 
A Container can have only one Realm.

http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/Container.html#getRealm%28%29
Comment 2 psfung 2013-12-16 09:30:13 UTC 
Please mention this in documentation / server logs.
Comment 3 Mark Thomas 2014-01-09 10:45:46 UTC 
Docs updated for 7.0.51 onwards.