Tomcat 7.11 JDBCRealm and UserDatabaseRealm dont work together

Question

I'm trying to set a container managerd security a realm for my web app (JSF 2.1 + hibernate). I have noticed that Tomcat 7 can only use one type of realm at a time.

To use Tomcat in netbeans (7.0) i have to create an accout of manager-script role. In addition to work with Tomcat manager I also need another role. This is a big problem for me because the tables I'm using for JDBCRealm are viewes from actual tables that store users and roles and I would like not to store both of the roles in the same db that my program uses.

Is there a way to make JDBCRealm and UserDBRealm work together? That would be a relief.

here is the code from server.config:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>

<Realm className="org.apache.catalina.realm.JDBCRealm"
    driverName="org.gjt.mm.mysql.Driver"
    connectionURL="jdbc:mysql://localhost:3306/realm?user=login&amp;password=pass" 
    userTable="users"
    userNameCol="user_name"
    userCredCol="user_pass"
    userRoleTable="user_roles" 
    roleNameCol="role_name" /> 

tomcat uses only the last one he finds in the file. They work fine separetly

Answer 1

Use a CombinedRealm (doc, javadoc):

Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they were configured. If any realm authenticates the user then the authentication succeeds. When combining realms usernames should be unique across all combined realms.

Maybe you are already using the LockOutRealm (doc, javadoc) which is a subclass of CombinedRealm and it's in the default config of Tomcat.