RE : AW: Load all JSP pages on startup
Hi, For WebLogic you can use: - ANT task (wlappc); - appc compiler; - setting the precompile parameter to true in the jsp-descriptor element of the weblogic.xml deployment descriptor to configure WebLogic Server to precompile your JSPs when a Web Application is deployed or re-deployed or when WebLogic Server starts up; -Message d'origine- De : Bernhard Slominski [mailto:[EMAIL PROTECTED] Envoyé : mercredi 29 juin 2005 15:40 À : 'Tomcat Users List' Objet : AW: AW: Load all JSP pages on startup We have a custom (non-generated) web.xml, with some taglibs and servlets defined in there. Precompilation is tomcat dependend I suppose? You're right precompliation is tomcat dependent, but it works like this that the ant task takes your (non-tomcat dependent) web.xml and just adds the mappings for the precompiled JSPs, so it would still be possible to use one single web.xml and then have a jsp server target-dependent precomplitation task, but I don't know how that works in resin or Weblogic, and I see your point now. Sorry, but I don't have a better solution for you! Bernhard I was hoping there was a simple way in the web deployment descriptor to load them all on startup, in a webserver independed way. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : AW: Load all JSP pages on startup
I think the simplest way is to write a custom ant task for each deployment (one for weblogic, another for tomcat et jboss). -Message d'origine- De : news [mailto:[EMAIL PROTECTED] De la part de Geoffrey Envoyé : mercredi 29 juin 2005 16:29 À : tomcat-user@jakarta.apache.org Objet : Re: RE : AW: Load all JSP pages on startup - setting the precompile parameter to true in the jsp-descriptor element of the weblogic.xml deployment descriptor to configure WebLogic Server to precompile your JSPs when a Web Application is deployed or re-deployed or when WebLogic Server starts up; Can I do that on Tomcat too? :) Tomcat will ignore weblogic.xml and Weblogic will ignore jboss-web.xml, unlike Tomcat compiled JSP's in weblogic or visa versa. Thanks for any help, Geoffrey LERBSCHER Jean-Pierre wrote: Hi, For WebLogic you can use: - ANT task (wlappc); - appc compiler; - setting the precompile parameter to true in the jsp-descriptor element of the weblogic.xml deployment descriptor to configure WebLogic Server to precompile your JSPs when a Web Application is deployed or re-deployed or when WebLogic Server starts up; -Message d'origine- De : Bernhard Slominski [mailto:[EMAIL PROTECTED] Envoyé : mercredi 29 juin 2005 15:40 À : 'Tomcat Users List' Objet : AW: AW: Load all JSP pages on startup We have a custom (non-generated) web.xml, with some taglibs and servlets defined in there. Precompilation is tomcat dependend I suppose? You're right precompliation is tomcat dependent, but it works like this that the ant task takes your (non-tomcat dependent) web.xml and just adds the mappings for the precompiled JSPs, so it would still be possible to use one single web.xml and then have a jsp server target-dependent precomplitation task, but I don't know how that works in resin or Weblogic, and I see your point now. Sorry, but I don't have a better solution for you! Bernhard I was hoping there was a simple way in the web deployment descriptor to load them all on startup, in a webserver independed way. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Tomcat vs Apache
See comment in message. -Message d'origine- De : Tim Diggins [mailto:[EMAIL PROTECTED] Envoyé : jeudi 19 mai 2005 13:24 À : Tomcat Users List Objet : Re: Tomcat vs Apache (Er, and sorry I just realised I posted __some__ of this as part of a question on the list last week, but the question I have is now posed more concretely and wasn't answered then)! Tim Diggins wrote: This has been a great and informative thread... I'm wondering now, how to accomplish what I want to do in Tomcat alone, rather than looking for a Tomcat+Apache solution (sounds simpler). The issue is that I want ALL directory-like urls resolved by a particular servlet (which is a Spring dispatcher servlet, but never mind that), but I would like very few kinds of static files (which I could name explictly *.gif, *.png, *.css or put under a static place) served statically (ie by the default servlet. The problem is that the url-pattern for a directory-like urls covers all urls. Is there a way to do the reverse of normal, state that you want a particular url-pattern (e.g. /static/*) to go to the default servlet , and everything else (e.g. /*) to go to a particular servlet. If so, how do I indicate the default servlet in my web.xml? SRV.11.2 Specification of Mappings In the web application deployment descriptor, the following syntax is used to define mappings: * A string beginning with a '/' character and ending with a '/*' postfix is used for path mapping. * A string beginning with a '*.' prefix is used as an extension mapping. * A string containing only the '/' character indicates the default servlet of the application. In this case the servlet path is the request URI minus the context pth and the path info is null. * All other strings are used for exact matches only. (And I've already had recommendations from people to change the URLs for the dynamic stuff to something else, but that's not what the client/customer/user/design wants -- the url is very much part of the user interface in this application). thanks Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Common vs. Shared
-Message d'origine- De : Ron Heeb [mailto:[EMAIL PROTECTED] Envoyé : vendredi 6 mai 2005 18:18 À : tomcat-user@jakarta.apache.org Objet : RE: Common vs. Shared my understanding comes from this book i got: 'common is responsible for classes that are used by Tomcat and publicly available to all Web apps'. shared is like common, except that 'developers can place their own classes and JAR files into the shared class loader domain'. developers shouldn't put anything into common. False. Typically if you plan to use JAASRealm and specific login module your have to put your library in common/lib. this is from Professional Apache Tomcat 5 from Wrox. for what it's worth...ron -- Ron Heeb, Project Leader Applications Development - Information Technology Resources California State University, Northridge - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Form Based Authentication
If the authentication is realized by the container (the realm), you can't access the request before the authentication takes over. If you really want to do it, don't define the security constraint in your web.xml, and make your own application security mechanism (use filter, and forward or redirect on login page). -Message d'origine- De : Wade Chandler [mailto:[EMAIL PROTECTED] Envoyé : mercredi 11 mai 2005 07:10 À : Tomcat Users List Objet : Re: Form Based Authentication Wade Chandler wrote: I have form based authentication working. But, I need the login form to be a little more dynamic. For instance, I want to use different forms for different areas and not always use the same form. Is this possible? For instance, under one site I want to limit URLs to different logins. I realize I should just have a login and have a userid and a password, but my customer wants to simply have an access code to certain pages or directories. I would like to use form based authentication then I can have the userid as a hidden variable, and then have a password entered by the user, but for some admin screens I need the user to actually enter the userid and password both I hope that makes sense. I can't figure out how to setup a security constraint which can force a particular login form to be used if the user is not logged in yet. Thanks, Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Ok, So I think I should be able to do this with a filter, but I need some help. Basically it looks like I should be able to use a filter to some how get the original target before the authentication form is displayedis this correct? Basically I need to some how know when a particular URL pattern is being displayed or is attempted to be accessed...before the login form is displayed. When it is displayed I'll set an attribute in the request in the filters doFilter method. However, now I need to know how I can access the Request before the authentication mechanism takes over I suppose because from my login form accessing the getPathInfo() method is returning the login form information when I really need to know the actual path the user was attempting to access. So, can I use a filter to do this, and if so how do I make sure my filter is called in time to give me the information I need? Thanks, Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Restrict access to webapps for IPs
See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/host.html#Automatic Application Deployment When using automatic deployment, the docBase defined by an XML Context file should be outside of the appBase directory. If this is not the case difficulties may be experienced deploying the web application or the application may be deployed twice. -Message d'origine- De : Altrock, Jens [mailto:[EMAIL PROTECTED] Envoyé : mercredi 11 mai 2005 09:01 À : 'Tomcat Users List' Objet : AW: Restrict access to webapps for IPs -Ursprüngliche Nachricht- Von: Lutz Zetzsche [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 11. Mai 2005 08:50 An: Tomcat Users List Betreff: Re: Restrict access to webapps for IPs Hi Jens, Am Mittwoch, 11. Mai 2005 08:17 schrieb Altrock, Jens: Ok tried it again.. first some more information: I am using Tomcat 5.0.28 on Redhat Fedora Core 3, installed in /usr/local/tomcat I created a XML file called application.xml in /usr/local/tomcat/conf/Catalina/localhost where application is the name of the webapp. That worked so far. The file consisted just of a few lines: Context path=/NetAdmin docBase=${catalina.home}/webapps/NetAdmin debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=192.100.46.*,172.16.*.*,194.25.29.*,127.0.0.1/ /Context I have to mention that I did neither write that app nor know much about it anyway.. it uses a JDBC connection to a mysql database to write data to that db. But after creating that config file mentioned above, the JDBC driver didn't work anymore... Anyone can help me with that? It looks like your new Context definition is overriding an existing Context definition for this web application which contains the resource definition for the MySQL database. So you should have a look at your $CATALINA_HOME/conf/server.xml if there might be a existing Context definition inside the related Host element. I looked at the $CATALINA_HOME/conf/server.xml file, but can't find anything like that inside the HOST element. It's the standard server.xml file though, I don't know in what way a servlet itself can change that file; but I don't think it can. You should also look for a context.xml in the $CATALINA_HOME/webapps/[webapp]/META-INF/ directory for the same reason. I did, but there is none, and there never was one. That's what I thought first, but there's just a MANIFEST.MF file inside. If you will find an existing Context definition, then insert your valve filter there and delete you newly created application.xml. Best wishes Lutz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I attached the server.xml and the application's xml file to the mail though. Regards, Jens ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Digester / vector usage
Hi, I don't understand exactly what is your question but if it is how to get a magazine, you have to : - parse your xml with digester.parse(); - this method returns a Catalog object for example myCatalog - then call myCatalog.getMagazines() and find you magazine mag1. For example for (Enumeration e = myCatalog.elements() ; e.hasMoreElements() ;) { ... e.nextElement(); } -Message d'origine- De : Anto Paul [mailto:[EMAIL PROTECTED] Envoyé : mardi 3 mai 2005 10:06 À : Tomcat Users List Cc : Henrique, Manuel Objet : Re: Digester / vector usage On 5/3/05, Henrique, Manuel [EMAIL PROTECTED] wrote: Nobody can help me? Nobody knows? Nobody uses XML files? Everybody knows how to do a digester but nobody knows how to use it? I hope you can help me. Regards, Manuel -Original Message- From: Henrique, Manuel To: 'tomcat-user@jakarta.apache.org' Sent: 02/05/2005 17:12 Subject: Digester / vector usage Hello all, It made now 2 weeks that I have a little issue with the XML parsing. I use examples founds in the net. My question is very simple, if I have for example an XML file like that: catalog library=somewhere book authorAuthor 1/author titleTitle 1/title /book book authorAuthor 2/author titleHis One Book/title /book magazine nameMag Title 1/name article page=5 headlineSome Headline/headline /article article page=9 headlineAnother Headline/headline /article /magazine book authorAuthor 2/author titleHis Other Book/title /book magazine nameMag Title 2/name article page=17 headlineSecond Headline/headline /article /magazine /catalog I have the catalog.class: package com.erdv.logicacmg.control; import java.util.Vector; public class Catalog { private Vector books; private Vector magazines; //constructeur de catalog public Catalog() { books = new Vector(); magazines = new Vector(); } //gestion des livres public void addBook(Book newBook) { books.addElement(newBook); } public void setBooks(Vector books){ this.books = books; } public Vector getBooks(){ return books; } //gestion des magazines public void addMagazine(Magazine newMagazine) { magazines.addElement(newMagazine); } public void setMagazines(Vector magazines){ this.magazines = magazines; } public Vector getMagazines(){ return magazines; } } book class: package com.erdv.logicacmg.control; public class Book { private String author; private String title; public Book() {} public void setAuthor(String newAuthor) {author = newAuthor;} public void setTitle(String newTitle) {title = newTitle;} public String getAuthor(){ return author; } public string getTitle(){ return title; } } the magazine class: package com.erdv.logicacmg.control; import java.util.Vector; public class Magazine { private String name; private Vector articles; public Magazine() { articles = new Vector(); } public void setName(String newName) {name = newName;} public String getName(){ return name; } public void addArticle(Article a) { articles.addElement(a); } public void setArticles(Vector articles){ this.articles = articles; } public Vector getArticles(){ return articles; } } and so on... I have also a digester class that create the rules and parse the file as I want. All is ok into the log file. It indicates no issue. Now what I what is to get my values from my java code. I dont know how to do. I search help with the vector usage but nothing helps me to get my values. For example: in a java code how can I get the Headline value for the magazine called Mag 1 for the article page 5. I tried in my java code to create a c as new catalog and after? How can I do. In all examples they uses Vectors but nobody explains how to do after. What it seems is that everybody talks about parsing, about digester but nobody gives how to get the wanted value from the XML. Each time I ask to someone always the same answers digest.parse(), now catch your object and it's finished. Yes, it's exactly what I want but how can I do?? Could somebody help me please? Regards, Manuel PS: I know I am a newbee in Tomcat/Java so no need to mock at me. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please
RE : Find login information from tomcat security
Hi, To my knowledge, you have no way to access GenericPrincipal object except if to develop your own realm. In general, you do not need to reach Principal, you have to define security constraint, or roles, authentication methods... -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : mardi 19 avril 2005 05:41 À : Tomcat Users List Cc : Gia Thornton Objet : Re: Find login information from tomcat security I'm also interested in how to get that principal info and maybe how to overwrite or add methods. -- Original message -- From: Gia Thornton [EMAIL PROTECTED] Hi, I am using Form-based tomcat security. I use a servlet to find login information such as the principal name, all the role names for this principal. I can use request.getUserPrincipal() from javax.servlet.http.HttpServletRequest. Is there anyway I can use GenericPrincipal class from package org.apache.catalina.realm of Tomcat in servlet? Thank you for your help. regards, - Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat CallBackHandler
Hi, In Tomcat 5.0, is there a mean to register or use our own CallbackHandler in JAASRealm.? Thanks.
RE : Jass Login Module not found
Hi Sara, Your login module library (and all it's dependencies) must be deployed in common/lib if you setup JAASRealm with your own component. -Message d'origine- De : Sara Blauman [mailto:[EMAIL PROTECTED] Envoyé : jeudi 17 février 2005 23:22 À : tomcat-user@jakarta.apache.org Objet : Jass Login Module not found Hi, I am running Tomcat 5.5.4 and am wanting to use Jaas with my own custom login module. My Jaas config file is being found but my login module is not. If I run with one of Sun's login modules everything works fine so I think that my Jass configuration file, JASSRealm specification in my app.xml file, and -D options are ok. I wondered if my login module was even being loaded so I instanciated it in a part of my application code to verify and sure enough it is there, but, when it is called from the LoginContext it isn't found. I am trying this from an Mbean and also a servlet and the results are the same. I am not running a security manager. I tried putting the login module in a separate jar from the rest of my application as well as having it in the same jar but the results are the same. Does anyone have any ideas? Regards, Sara - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : RE : RE : RE : Tomcat configuration
Hi, I'm not sure but you could try to rename the ldsecure.xml file in context.xml. -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:51 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : RE : Tomcat configuration I know the database connection works, because if I include the realm as part of the engine or host, then I can login correctly. As far as reading the realm how-to, I've done that several times. The second .xml file I sent you is named ldsecure.xml (part of the ldsecure webapp), and I placed it in $CATALINA_HOME/conf/[enginename]/[hostname]/ldsecure.xml. I'm not creating a WAR file, just a directory structure. Any additional ideas? [EMAIL PROTECTED] 02/15/05 10:43AM Check your configuration with http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JDBCRealm (database configuration, driver, url access, user et password access, and log files). Try to setup Memory realm. Try to validate database url connection with simple java class. import java.sql.*; import your driver; class JDBCVersion { public static void main (String args []) throws SQLException { // Load the JDBC driver DriverManager.registerDriver(new com.microsoft.jdbc.sqlserver.SQLServerDriver()); // Something like this (probably) Connection conn = DriverManager.getConnection(jdbc:microsoft:sqlserver://LDSERVER:1433;databa sename=ldbugtracker, abc,abc); // Create Oracle DatabaseMetaData object DatabaseMetaData meta = conn.getMetaData (); // get driver info: System.out.println(JDBC driver version is + meta.getDriverVersion()); } } I assume that you have deployed your context configuration in : - META-INF/context.xml directory of your WAR file - $CATALINA_HOME/conf/[enginename]/[hostname]/ directory -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:14 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : Tomcat configuration According to the tomcat docs, the preferred method of describing a context realm is to place it in it's own xml file. Here's what I have: !-- Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false -- Context reloadable=true path=/ldsecure docbase=${catalina.home}/server/webapps/ldsecure Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver://LDSERVER:1433;databasename=ldbugtr acker;selectmethod=cursor connectionName=abc connectionPassword=abc userTable=LDUsers userNameCol=username userCredCol=password userRoleTable=LDUserRoles roleNameCol=role debug=99/ /Context If I place this context statement in the server.xml file, under the described host, I get the same problem. Curtis [EMAIL PROTECTED] 02/15/05 10:09AM There is no realm describe into it! Have you declared your realm in your META-INF/context.xml directory of your WAR file? Could you send us your context.xml file? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:03 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : Tomcat configuration With pleasure. Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server Thanks for you help. [EMAIL PROTECTED] 02/15/05 09:51AM JAASRealm is not a default! Could you send us your server.xml? -Message d'origine- De :
RE : RE : RE : RE : RE : RE : Tomcat configuration
I remember the first exception Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration Perhaps can you verify that you don't have a default host application or could you confirm us that you access your application with the url http://host:port/ ldsecure/path and/or page -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:51 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : RE : Tomcat configuration I know the database connection works, because if I include the realm as part of the engine or host, then I can login correctly. As far as reading the realm how-to, I've done that several times. The second .xml file I sent you is named ldsecure.xml (part of the ldsecure webapp), and I placed it in $CATALINA_HOME/conf/[enginename]/[hostname]/ldsecure.xml. I'm not creating a WAR file, just a directory structure. Any additional ideas? [EMAIL PROTECTED] 02/15/05 10:43AM Check your configuration with http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JDBCRealm (database configuration, driver, url access, user et password access, and log files). Try to setup Memory realm. Try to validate database url connection with simple java class. import java.sql.*; import your driver; class JDBCVersion { public static void main (String args []) throws SQLException { // Load the JDBC driver DriverManager.registerDriver(new com.microsoft.jdbc.sqlserver.SQLServerDriver()); // Something like this (probably) Connection conn = DriverManager.getConnection(jdbc:microsoft:sqlserver://LDSERVER:1433;databa sename=ldbugtracker, abc,abc); // Create Oracle DatabaseMetaData object DatabaseMetaData meta = conn.getMetaData (); // get driver info: System.out.println(JDBC driver version is + meta.getDriverVersion()); } } I assume that you have deployed your context configuration in : - META-INF/context.xml directory of your WAR file - $CATALINA_HOME/conf/[enginename]/[hostname]/ directory -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:14 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : Tomcat configuration According to the tomcat docs, the preferred method of describing a context realm is to place it in it's own xml file. Here's what I have: !-- Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false -- Context reloadable=true path=/ldsecure docbase=${catalina.home}/server/webapps/ldsecure Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver://LDSERVER:1433;databasename=ldbugtr acker;selectmethod=cursor connectionName=abc connectionPassword=abc userTable=LDUsers userNameCol=username userCredCol=password userRoleTable=LDUserRoles roleNameCol=role debug=99/ /Context If I place this context statement in the server.xml file, under the described host, I get the same problem. Curtis [EMAIL PROTECTED] 02/15/05 10:09AM There is no realm describe into it! Have you declared your realm in your META-INF/context.xml directory of your WAR file? Could you send us your context.xml file? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:03 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : Tomcat configuration With pleasure. Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost Host name=localhost appBase=webapps unpackWARs=true
RE : RE : HTTP Status 408 Error when i login
I saw different information on it! 408 The Request timed out. For some reason the Server took too much time processing your Request. Net congestion is the most likely reason. Le client n'a pas présenté une requête complète pendant le délai maximal qui lui était imparti, et le serveur a abandonné la connexion. The 408 (Request Time-out) code means that the client's request wasn't completed, and the server gave up waiting for the client to finish. A client might receive this code if it did not supply the entity-body properly, or (under HTTP 1.1) if it neglected to supply a Connection: Close header. 408 Request Time-out This response code means the client did not produce a full request within some predetermined time (usually specified in the server's configuration), and the server is disconnecting the network connection. Perhaps you can track something on the server log. Or see at tcp parameter on client or server system (I don't know precisely). Can you use netstat utility to track tcp state info on socket? Change your browser to exclude bug in browser! For the moment I have no other idea! -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mercredi 16 février 2005 12:16 À : Tomcat Users List Objet : Re: RE : HTTP Status 408 Error when i login Jean-Pierre, do you have any idea what causes the 408 error? Humm... Bruno Gonçalves wrote: humm.. the trace don't give me much more information! --- *The POST:* XXX: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://localhost:8082/jcms/web/jsp/das/j_security_check Content-Type: application/x-www-form-urlencoded Content-Length: 33 j_username=adminj_password=adminGET /favicon.ico HTTP/1.1 Host: localhost:8082 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.5) Gecko/20041110 Firefox/1.0 Accept: image/png,*/*;q=0.5 Accept-Language: en-gb,en;q=0.5 XXX: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive *The response:* HTTP/1.1 408 The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser Content-Type: text/html;charset=utf-8 Content-Length: 1554 Date: Tue, 15 Feb 2005 18:37:09 GMT Server: Apache-Coyote/1.1 Connection: close htmlheadtitleApache Tomcat/5.0.28 - Error report/titlestyle!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;fo nt-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;fo nt-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;fo nt-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size: 12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--/style /headbodyh1HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser/h1HR size=1 noshade=noshadepbtype/b Status report/ppbmessage/b uThe time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser/u/ppbdescription/b uThe client did not produce a request within the time that the server was prepared to wait (The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser)./u/pHR size=1 noshade=noshadeh3Apache Tomcat/5.0.28/h3/body/htmlHTTP/1.1 404 /favicon.ico Content-Type: text/html;charset=utf-8 Content-Length: 988 Date: Tue, 15 Feb 2005 18:37:09 GMT Server: Apache-Coyote/1.1 htmlheadtitleApache Tomcat/5.0.28 - Error report/titlestyle!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;fo nt-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;fo nt-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;fo nt-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size: 12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--/style /headbodyh1HTTP Status 404 - /favicon.ico/h1HR
RE : RE : RE : RE : RE : RE : RE : Tomcat configuration
Yes! Because the name of the file is tomcat specific (it isn't a standard)! -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mercredi 16 février 2005 19:30 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : RE : RE : Tomcat configuration I'm not sure I understand - are you saying to rename ldsecure.xml - context.xml? Curtis [EMAIL PROTECTED] 02/16/05 01:35AM Hi, I'm not sure but you could try to rename the ldsecure.xml file in context.xml. -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:51 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : RE : Tomcat configuration I know the database connection works, because if I include the realm as part of the engine or host, then I can login correctly. As far as reading the realm how-to, I've done that several times. The second .xml file I sent you is named ldsecure.xml (part of the ldsecure webapp), and I placed it in $CATALINA_HOME/conf/[enginename]/[hostname]/ldsecure.xml. I'm not creating a WAR file, just a directory structure. Any additional ideas? [EMAIL PROTECTED] 02/15/05 10:43AM Check your configuration with http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JDBCRealm (database configuration, driver, url access, user et password access, and log files). Try to setup Memory realm. Try to validate database url connection with simple java class. import java.sql.*; import your driver; class JDBCVersion { public static void main (String args []) throws SQLException { // Load the JDBC driver DriverManager.registerDriver(new com.microsoft.jdbc.sqlserver.SQLServerDriver()); // Something like this (probably) Connection conn = DriverManager.getConnection(jdbc:microsoft:sqlserver://LDSERVER:1433;databa sename=ldbugtracker, abc,abc); // Create Oracle DatabaseMetaData object DatabaseMetaData meta = conn.getMetaData (); // get driver info: System.out.println(JDBC driver version is + meta.getDriverVersion()); } } I assume that you have deployed your context configuration in : - META-INF/context.xml directory of your WAR file - $CATALINA_HOME/conf/[enginename]/[hostname]/ directory -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:14 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : Tomcat configuration According to the tomcat docs, the preferred method of describing a context realm is to place it in it's own xml file. Here's what I have: !-- Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false -- Context reloadable=true path=/ldsecure docbase=${catalina.home}/server/webapps/ldsecure Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver://LDSERVER:1433;databasename=ldbugtr acker;selectmethod=cursor connectionName=abc connectionPassword=abc userTable=LDUsers userNameCol=username userCredCol=password userRoleTable=LDUserRoles roleNameCol=role debug=99/ /Context If I place this context statement in the server.xml file, under the described host, I get the same problem. Curtis [EMAIL PROTECTED] 02/15/05 10:09AM There is no realm describe into it! Have you declared your realm in your META-INF/context.xml directory of your WAR file? Could you send us your context.xml file? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:03 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : Tomcat configuration With pleasure. Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / !-- Define the top level container in our container hierarchy --
RE : HTTP Status 408 Error when i login
Hi, It's a Request timeout. -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 12:46 À : tomcat-user@jakarta.apache.org Objet : HTTP Status 408 Error when i login I there! I'm using JAAS on Tomcat 5.0.28 to make a authentication process for my web aplication. When I submit a wrong username/password the server redirects to an error page, that's correct, but when I submit the correct username/password I got a HTTP Status 408 Error! I don't know what's the problem :( Any help? Thanks... --- Bruno V. Gonçalves - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : HTTP Status 408 Error when i login
With session-timeout element you specify a session timeout not a request timeout. See http://www.checkupdown.com/status/E408.html for explanation! -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 13:36 À : Tomcat Users List Objet : Re: RE : HTTP Status 408 Error when i login Yes, I know! But I don't understand where is the problem :( In the web.xml the value of timeout is 30minutes: !-- session timeout -- session-config session-timeout30/session-timeout /session-config I do a quick login, not more than 1minute!!! :( I need some help with this... Thanks.. LERBSCHER Jean-Pierre wrote: Hi, It's a Request timeout. -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 12:46 À : tomcat-user@jakarta.apache.org Objet : HTTP Status 408 Error when i login I there! I'm using JAAS on Tomcat 5.0.28 to make a authentication process for my web aplication. When I submit a wrong username/password the server redirects to an error page, that's correct, but when I submit the correct username/password I got a HTTP Status 408 Error! I don't know what's the problem :( Any help? Thanks... --- Bruno V. Gonçalves - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : HTTP Status 408 Error when i login
Do you have proxy in front of Tomcat ? What's your system configuration ? Enable trace on tomcat, and track http request and response. You can use org.apache.soap.util.net.TcpTunnelGui (it's a little http proxy packaged with axis (?) - I don't remember exactly) to check http request and response. Settings : set CLASSPATH=%CLASPATH%;lib/soap.jar java org.apache.soap.util.net.TcpTunnelGui 8080 localhost 8082 where 8080 utility listen port localhost 8082 your tomcat server address and port -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 13:59 À : Tomcat Users List Objet : Re: RE : RE : HTTP Status 408 Error when i login Humm... I see. So what can I do on Tomcat to resolve this problem? There's any config file? This problem it's very strange!! Thanks Pierre! LERBSCHER Jean-Pierre wrote: With session-timeout element you specify a session timeout not a request timeout. See http://www.checkupdown.com/status/E408.html for explanation! -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 13:36 À : Tomcat Users List Objet : Re: RE : HTTP Status 408 Error when i login Yes, I know! But I don't understand where is the problem :( In the web.xml the value of timeout is 30minutes: !-- session timeout -- session-config session-timeout30/session-timeout /session-config I do a quick login, not more than 1minute!!! :( I need some help with this... Thanks.. LERBSCHER Jean-Pierre wrote: Hi, It's a Request timeout. -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 12:46 À : tomcat-user@jakarta.apache.org Objet : HTTP Status 408 Error when i login I there! I'm using JAAS on Tomcat 5.0.28 to make a authentication process for my web aplication. When I submit a wrong username/password the server redirects to an error page, that's correct, but when I submit the correct username/password I got a HTTP Status 408 Error! I don't know what's the problem :( Any help? Thanks... --- Bruno V. Gonçalves - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Tomcat configuration
Hi, Do you use JdbcRealm or JaasRealm ? If you use JAASRealm you have to setup your jaas config file (for example using java.security.auth.login.config system property. This file specifies application by application your login module. In your case, it seems that you have to declare Realm in your application context. -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 16:41 À : tomcat-user@jakarta.apache.org Objet : Tomcat configuration If I want to host several different web apps in Tomcat, each having it's own user database using FORM authentication, how would I configure Tomcat? I tried putting the jdbcRealm in the /engine/hostname/nnn.xml file, yet when I try to log into one of my pages I get the error: Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration Can anyone please help me with this? I've spent about a week on it already. Please note: If I put the JdbcRealm in the engine or host element of server.xml, everything works fine - except then I can't have a 1-to-1 mapping between webapp and login database. Thanks, Curtis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : Tomcat configuration
If I look at this log, it seems that you are using JAAS Realm ! Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 17:15 À : tomcat-user@jakarta.apache.org Objet : Re: RE : Tomcat configuration Thanks for the reply. I'm not using (to the best of my knowledge) JAASRealm. I just want to use JdbcRealm, but define it at the context level. Curtis [EMAIL PROTECTED] 02/15/05 09:08AM Hi, Do you use JdbcRealm or JaasRealm ? If you use JAASRealm you have to setup your jaas config file (for example using java.security.auth.login.config system property. This file specifies application by application your login module. In your case, it seems that you have to declare Realm in your application context. -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 16:41 À : tomcat-user@jakarta.apache.org Objet : Tomcat configuration If I want to host several different web apps in Tomcat, each having it's own user database using FORM authentication, how would I configure Tomcat? I tried putting the jdbcRealm in the /engine/hostname/nnn.xml file, yet when I try to log into one of my pages I get the error: Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration Can anyone please help me with this? I've spent about a week on it already. Please note: If I put the JdbcRealm in the engine or host element of server.xml, everything works fine - except then I can't have a 1-to-1 mapping between webapp and login database. Thanks, Curtis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : Tomcat configuration
JAASRealm is not a default! Could you send us your server.xml? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 17:43 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : Tomcat configuration How can I configure Tomcat to not use JAASRealm? Like I said earlier, if my JDBCRealm is associated with the engine or host element of server.xml, the login forms work. It's only when I move it into it's own .xml file or add it as part of the context element that I run into problems. Does doing that automatically require JAASRealm? Thanks [EMAIL PROTECTED] 02/15/05 09:39AM If I look at this log, it seems that you are using JAAS Realm ! Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 17:15 À : tomcat-user@jakarta.apache.org Objet : Re: RE : Tomcat configuration Thanks for the reply. I'm not using (to the best of my knowledge) JAASRealm. I just want to use JdbcRealm, but define it at the context level. Curtis [EMAIL PROTECTED] 02/15/05 09:08AM Hi, Do you use JdbcRealm or JaasRealm ? If you use JAASRealm you have to setup your jaas config file (for example using java.security.auth.login.config system property. This file specifies application by application your login module. In your case, it seems that you have to declare Realm in your application context. -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 16:41 À : tomcat-user@jakarta.apache.org Objet : Tomcat configuration If I want to host several different web apps in Tomcat, each having it's own user database using FORM authentication, how would I configure Tomcat? I tried putting the jdbcRealm in the /engine/hostname/nnn.xml file, yet when I try to log into one of my pages I get the error: Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration Can anyone please help me with this? I've spent about a week on it already. Please note: If I put the JdbcRealm in the engine or host element of server.xml, everything works fine - except then I can't have a 1-to-1 mapping between webapp and login database. Thanks, Curtis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : RE : Tomcat configuration
There is no realm describe into it! Have you declared your realm in your META-INF/context.xml directory of your WAR file? Could you send us your context.xml file? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:03 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : Tomcat configuration With pleasure. Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server Thanks for you help. [EMAIL PROTECTED] 02/15/05 09:51AM JAASRealm is not a default! Could you send us your server.xml? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 17:43 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : Tomcat configuration How can I configure Tomcat to not use JAASRealm? Like I said earlier, if my JDBCRealm is associated with the engine or host element of server.xml, the login forms work. It's only when I move it into it's own .xml file or add it as part of the context element that I run into problems. Does doing that automatically require JAASRealm? Thanks [EMAIL PROTECTED] 02/15/05 09:39AM If I look at this log, it seems that you are using JAAS Realm ! Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 17:15 À : tomcat-user@jakarta.apache.org Objet : Re: RE : Tomcat configuration Thanks for the reply. I'm not using (to the best of my knowledge) JAASRealm. I just want to use JdbcRealm, but define it at the context level. Curtis [EMAIL PROTECTED] 02/15/05 09:08AM Hi, Do you use JdbcRealm or JaasRealm ? If you use JAASRealm you have to setup your jaas config file (for example using java.security.auth.login.config system property. This file specifies application by application your login module. In your case, it seems that you have to declare Realm in your application context. -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 16:41 À : tomcat-user@jakarta.apache.org Objet : Tomcat configuration If I want to host several different web apps in Tomcat, each having it's own user database using FORM authentication, how would I configure Tomcat? I tried putting the jdbcRealm in the /engine/hostname/nnn.xml file, yet when I try to log into one of my pages I get the error: Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login configuration Can anyone please help me with this? I've spent about a week on it already. Please note: If I put the JdbcRealm in the engine or host element of server.xml, everything works fine - except then I can't have a 1-to-1 mapping between webapp and login database. Thanks, Curtis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : RE : HTTP Status 408 Error when i login
set CLASSPATH=%CLASSPATH%;your library path/soap.jar -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:03 À : Tomcat Users List Objet : Re: RE : RE : RE : HTTP Status 408 Error when i login If I run java org.apache.soap.util.net.TcpTunnelGui 8080 localhost 8082 I get Exception in thread main java.lang.NoClassDefFoundError: org/apache/soap/util/net/TcpTunnelGui humm.. but i think my CLASSPATH is correct! LERBSCHER Jean-Pierre wrote: Do you have proxy in front of Tomcat ? What's your system configuration ? Enable trace on tomcat, and track http request and response. You can use org.apache.soap.util.net.TcpTunnelGui (it's a little http proxy packaged with axis (?) - I don't remember exactly) to check http request and response. Settings : set CLASSPATH=%CLASPATH%;lib/soap.jar java org.apache.soap.util.net.TcpTunnelGui 8080 localhost 8082 where 8080 utility listen port localhost 8082 your tomcat server address and port -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 13:59 À : Tomcat Users List Objet : Re: RE : RE : HTTP Status 408 Error when i login Humm... I see. So what can I do on Tomcat to resolve this problem? There's any config file? This problem it's very strange!! Thanks Pierre! LERBSCHER Jean-Pierre wrote: With session-timeout element you specify a session timeout not a request timeout. See http://www.checkupdown.com/status/E408.html for explanation! -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 13:36 À : Tomcat Users List Objet : Re: RE : HTTP Status 408 Error when i login Yes, I know! But I don't understand where is the problem :( In the web.xml the value of timeout is 30minutes: !-- session timeout -- session-config session-timeout30/session-timeout /session-config I do a quick login, not more than 1minute!!! :( I need some help with this... Thanks.. LERBSCHER Jean-Pierre wrote: Hi, It's a Request timeout. -Message d'origine- De : Bruno Gonçalves [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 12:46 À : tomcat-user@jakarta.apache.org Objet : HTTP Status 408 Error when i login I there! I'm using JAAS on Tomcat 5.0.28 to make a authentication process for my web aplication. When I submit a wrong username/password the server redirects to an error page, that's correct, but when I submit the correct username/password I got a HTTP Status 408 Error! I don't know what's the problem :( Any help? Thanks... --- Bruno V. Gonçalves - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : RE : RE : Tomcat configuration
Check your configuration with http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JDBCRealm (database configuration, driver, url access, user et password access, and log files). Try to setup Memory realm. Try to validate database url connection with simple java class. import java.sql.*; import your driver; class JDBCVersion { public static void main (String args []) throws SQLException { // Load the JDBC driver DriverManager.registerDriver(new com.microsoft.jdbc.sqlserver.SQLServerDriver()); // Something like this (probably) Connection conn = DriverManager.getConnection(jdbc:microsoft:sqlserver://LDSERVER:1433;databa sename=ldbugtracker, abc,abc); // Create Oracle DatabaseMetaData object DatabaseMetaData meta = conn.getMetaData (); // get driver info: System.out.println(JDBC driver version is + meta.getDriverVersion()); } } I assume that you have deployed your context configuration in : - META-INF/context.xml directory of your WAR file - $CATALINA_HOME/conf/[enginename]/[hostname]/ directory -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:14 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : RE : Tomcat configuration According to the tomcat docs, the preferred method of describing a context realm is to place it in it's own xml file. Here's what I have: !-- Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false -- Context reloadable=true path=/ldsecure docbase=${catalina.home}/server/webapps/ldsecure Realm className=org.apache.catalina.realm.JDBCRealm driverName=com.microsoft.jdbc.sqlserver.SQLServerDriver connectionURL=jdbc:microsoft:sqlserver://LDSERVER:1433;databasename=ldbugtr acker;selectmethod=cursor connectionName=abc connectionPassword=abc userTable=LDUsers userNameCol=username userCredCol=password userRoleTable=LDUserRoles roleNameCol=role debug=99/ /Context If I place this context statement in the server.xml file, under the described host, I get the same problem. Curtis [EMAIL PROTECTED] 02/15/05 10:09AM There is no realm describe into it! Have you declared your realm in your META-INF/context.xml directory of your WAR file? Could you send us your context.xml file? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 18:03 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : RE : Tomcat configuration With pleasure. Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server Thanks for you help. [EMAIL PROTECTED] 02/15/05 09:51AM JAASRealm is not a default! Could you send us your server.xml? -Message d'origine- De : Curtis Nelson [mailto:[EMAIL PROTECTED] Envoyé : mardi 15 février 2005 17:43 À : tomcat-user@jakarta.apache.org Objet : Re: RE : RE : Tomcat configuration How can I configure Tomcat to not use JAASRealm? Like I said earlier, if my JDBCRealm is associated with the engine or host element of server.xml, the login forms work. It's only when I move it into it's own .xml file or add it as part of the context element that I run into problems. Does doing that automatically require JAASRealm? Thanks [EMAIL PROTECTED] 02/15/05 09:39AM If I look at this log, it seems that you are using JAAS Realm ! Feb 14, 2005 4:20:39 PM org.apache.catalina.realm.JAASRealm authenticate SEVERE: Unexpected error java.lang.SecurityException: Unable to locate a login
RE : RE : Security Newbie - Need Help
): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Security Newbie - Need Help
Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Security Newbie - Need Help
It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : Security Newbie - Need Help
-Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE : RE : RE : Security Newbie - Need Help
Sorry, i understand what you mean. Your role table seems ok. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 17:40 À : 'Tomcat Users List' Objet : RE : RE : Security Newbie - Need Help -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED
RE : jaas with wlclient.jar returns no principals
Hi, You have to : configure your realm for example, Realm className=org.apache.catalina.realm.JAASRealm appName=Sample userClassNames=weblogic.security.principal.WLSUserImpl roleClassNames=weblogic.security.principal.WLSGroupImpl debug=99/ in this case your can't access easily to subject Configure your jaas config file. app { myLoginModule option debug=true params }; use the system property to declare jaas login file. -Djava.security.auth.login.config=your path Deploy your wlclient.jar in common/lib. Configure your webapp to secure urls. I think its all. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : lundi 7 février 2005 16:18 À : tomcat-user@jakarta.apache.org Objet : jaas with wlclient.jar returns no principals We are developing a j2ee app using tomcat for the web container and weblogic for the ejb container. We are using jaas for authentication with weblogic. When our war is deployed on tomcat, using the wlclient.jar, the jaas authentication returns no principals with the subject. When we deploy our war on weblogic (or test a jaas client using weblogic.jar), the jaas authentication returns principlas. What can we do to make the jaas authentication with a war deployed on tomcat work with weblogic? Using WLClient.jar: Subject is: Subject: Private Credential: [EMAIL PROTECTED] Private Credential: SubjectProxy[23994289] Size of Principals: 0 Principals: Using Weblogic.jar: Subject is: Subject: Principal: mjLDAP Private Credential: [EMAIL PROTECTED] Private Credential: [EMAIL PROTECTED] Size of Principals: 1 Principals: mjLDAP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : set default web application
If i understand what you want to do, you have to edit your web.xml file and specify your url-pattern element in servlet-mapping section. For example : servlet-mapping servlet-nameyour servlet classe/servlet-name url-pattern//url-pattern /servlet-mapping Servlet specification specification of mappings indicates * A string containing only the '/' character indicates the default servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null. -Message d'origine- De : Parsons Technical Services [mailto:[EMAIL PROTECTED] Envoyé : mercredi 12 janvier 2005 05:51 À : Tomcat Users List Objet : Re: set default web application Turn up debugging and check your logs. It should report on startup what is processed. Look for errors. Move the ROOT folder out of the webapps folder. After step 3 would step 1 still work? Doug - Original Message - From: xhu1 [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Tuesday, January 11, 2005 8:42 PM Subject: set default web application Hi, I just downloaded Tomcat5.5 and Struts1.2.4. I would like to make struts-mailreader app to be the default application in Tomcat. However I could not make it. What I did (I didn't touch any configuration yet): 1. copy struts-mailreader.war and put in webapps directory. it got deployed and I can go to http://localhost:8080/struts-mailreader 2. I add context.xml under webapps/struts-mailreader/META-INFO with the following line: Context path= docbase=${catalina.home}/webapps/struts-mailreader/Context. When I go to http://localhost:8080, it still points to welcome one. 3. I rename ROOT under webapps to be ROOT1, now http://localhost:8080 becomes blank screen 4, I add struts-mailreader.xml under conf\Catalina\localhost with the same line as in context.xml, it still a blank screen when I request http://localhost:8080. set the default web app should be very commom task, but it's so difficult for me. Please help. Thanks. __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Oracle 9i client connection to 8i database
If you get this log 27-DEC-2004 16:58:11 * (CONNECT_DATA=(SID=test)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.0.0.4)(PORT=33244)) * establish * Perhaps you have to try jdbc:oracle:thin:@10.0.0.4:33244:test with thin driver and jdbc:oracle:oci:@service_name with oci driver. -Message d'origine- De : Phillip Qin [mailto:[EMAIL PROTECTED] Envoyé : mardi 4 janvier 2005 22:39 À : 'Tomcat Users List' Objet : RE: Oracle 9i client connection to 8i database There is nothing to do with Oracle client. All you need is the jdbc driver. -Original Message- From: Brad Rhoads [mailto:[EMAIL PROTECTED] Sent: December 27, 2004 5:11 PM To: 'Tomcat Users List' Subject: RE: Oracle 9i client connection to 8i database I always assumed the Oracle client was required. . . I uninstalled the client and get the same results. With the sid syntax I at least get an entry in the listener.log: 27-DEC-2004 16:58:11 * (CONNECT_DATA=(SID=test)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=oracle))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.0.0.4)(PORT=33244)) * establish * But the app doesn't get a connection. And with the service_name syntax I only get a connection error: DatabaseMessageresources: Loading all the messages for the messageMap NVFactory: _readNVPair expected ) DatabaseMessageresources: SQL EXCEPTION FETCHING MESSAGE java.sql.SQLException: Io exception: NL Exception was generated at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:187) I've run into a similar problem where the db server was behind the firewall and the firewall didn't allow high-ports, but in this case both machines are behind the firewall. Any other ideas why I might not be able to get a connection? -Original Message- From: Michael Echerer [mailto:[EMAIL PROTECTED] Sent: Saturday, December 25, 2004 4:08 AM To: Tomcat Users List Subject: Re: Oracle 9i client connection to 8i database How come that you need an Oracle client installation at all when you just want to use the Oracle thin JDBC driver? IHMO the client installation is only required for OCI thick drivers... Brad Rhoads wrote: We have an (struts) app that talks to an Oracle 8i database. Our latest installation wants to run the app on Fedora Core 2. I couldn't get the Oracle 8i client install, so I installed the 9i client. With the 9i client, you have to use a service_name instead of a sid in the connection. Normally my connection string (in my web.xml) looks like: param-valuejdbc:oracle:thin:@10.0.0.7:1521:test/param-value But it seems to get a service_name instead of a sid I have to use something like: param-valuejdbc:oracle:thin:@jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS =(PROT OCOL=TCP)(HOST=10.0.0.7)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=test)) )/par am-value My problem is I'm getting this error: NVFactory: _readNVPair expected It doesn't seem to make any difference if I use the 8i or the 9i drivers. I've also tried param-valuejdbc:oracle:thin:@//10.0.0.7:1521/test/param-value But that just gave me a format error. I can connect fine using sqlplus. What am I doing wrong? Thanks for the help. Merry Christmas! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:41d08896130622933416230! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : OCI Driver Usage [RE: Oracle 9i client connection to 8i data base]
To use thin driver, you just have to put jdbc library on your classpath (ojdbc14.jar for oracle9), depending on your configuration, deploy this jar in common/lib, or war file. You can try this code. I did not compile it but I think that it must run. import java.sql.*; import java.util.*; public class Test { static String _url = jdbc:oracle:thin:@host:port:sid; static String url; String login ; String password ; Connection con; PreparedStatement stmt; /** * MAIN() * @param args */ public static void main(String args[]) { if (args.length 3 ) { System.out.println(usage: java Test -Durl=url login password); System.exit(1); } url = System.getProperty( url , _url ); Test ts = new Test(); ts.login = args[0]; ts.password = args[1]; ts.doTest(); } /** * Constructeur par défaut. * */ public Test() { try { Class.forName(oracle.jdbc.driver.OracleDriver).newInstance(); } catch(Exception e) { System.out.println(Exception: ); System.out.println(e.getMessage()); } } /** * * */ public void doTest() { System.out.println(--- parameters -); System.out.println(URL : + url ); System.out.println(login : + login ); System.out.println(password : + password ); System.out.println(---); try { con = DriverManager.getConnection( url, login, password ); // Create Oracle DatabaseMetaData object DatabaseMetaData meta = con.getMetaData (); // get driver info: System.out.println(JDBC driver version is + meta.getDriverVersion()); } catch(SQLException ex) { System.out.println(SQLException: + ex.getMessage()); } finally { try { if ( stmt != null ) stmt.close(); if ( con != null ) con.close(); } catch (SQLException e) { e.printStackTrace(); } } } } -Message d'origine- De : Brad Rhoads [mailto:[EMAIL PROTECTED] Envoyé : mercredi 5 janvier 2005 14:05 À : 'Tomcat Users List' Objet : OCI Driver Usage [RE: Oracle 9i client connection to 8i database] -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 05, 2005 3:14 AM * Perhaps you have to try jdbc:oracle:oci:@service_name with oci driver. -Original Message- From: Michael Echerer [mailto:[EMAIL PROTECTED] Sent: Saturday, December 25, 2004 4:08 AM To: Tomcat Users List Subject: Re: Oracle 9i client connection to 8i database How come that you need an Oracle client installation at all when you just want to use the Oracle thin JDBC driver? IHMO the client installation is only required for OCI thick drivers... What do I need to do to try out the OCI drivers? Will my existing code work? Anyone have an example? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Server refuse connection with many TIME_WAIT
TIME_WAIT means client enters this state after active close. It's normal to have a socket in this state for a period of time. This time is specified by the rfc 793 as twice the MSL (Maximum Segment Lifetime). Some systems implement different values but the specification is 2 mn. I read this comment from internet... I think it could help you! Setting the TCP TIME_WAIT time When you expect to serve many TCP/IP connections, it is important to check the time your Server OS waits before releasing a logically closed TCP/IP socket. If this time is too long, those died sockets can consume all OS TCP/IP resources, and all new connections will be rejected on the OS level, so the CommuniGate Pro Server will not be able to warn you. This problem can be seen even on the sites that have just few hundred accounts. This indicates that some of the clients have configured their mailers to check the server too often. If client mailers connect to the server every minute, and the OS TIME_WAIT time is set to 2 minutes, the number of died sockets will grow, and eventually, they will consume all OS TCP/IP resources. It is recommended to set the TIME_WAIT time to 20-30 seconds. The TIME_WAIT problem is a very common one for Windows NT systems. Unlike most Unix systems, Windows NT does not have a generic setting for the TIME_WAIT interval modification. To modify this setting, you should create an entry in the Windows NT Registry (the information below is taken from the http://www.microsoft.com site: Run Registry Editor (RegEdit.exe). Go to the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpip\Parameters Choose Add Value from the Edit menu and create the following entry: Value Name: TcpTimedWaitDelay Data Type: REG_DWORD Value: 30-300 (decimal) - time in seconds Default: 0xF0 (240 decimal) not in registry by default Quit the Registry Editor Restart the computer for the registry change to take effect. Description: This parameter determines the length of time that a connection will stay in the TIME_WAIT state when being closed. While a connection is in the TIME_WAIT state, the socket pair cannot be reused. This is also known as the 2MSL state, as by RFC the value should be twice the maximum segment lifetime on the network. See RFC793 for further details. -Message d'origine- De : V D [mailto:[EMAIL PROTECTED] Envoyé : mercredi 15 décembre 2004 05:17 À : [EMAIL PROTECTED] Objet : Server refuse connection with many TIME_WAIT I have an Axis service that runs under Tomcat 5.5.4. I use gSoap client to connect to the server. After about 3960 requests from the clients, the Tomcat stops accepting connection. I have to wait for serveral minutes for it to accept connections again. This is under MS Windows XP system. Using the command line: netstat -aenter I have about 5000 TIMEWAIT: TCPvd:5000localhost:http TIME_WAIT Looking through TcpMonitor, both the client and server send in close message: CLIENT MESSAGE: POST /axis/services/TestService HTTP/1.1 Host: 127.0.0.1:82 User-Agent: gSOAP/2.7 Content-Type: text/xml; charset=utf-8 Content-Length: 552 Connection: close SOAPAction: SERVER MESSAGE: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=utf-8 Date: Wed, 15 Dec 2004 04:04:52 GMT Connection: close What's going on? Is there any flag I can set in Tomcat to close these TIMEWAIT connections? Looking at the clients's memory foot print, the memory does not go up at all after all these connections. The strange thing is this: using Java's client to repeatedly request the server for many thousand times, and I don't have any problem with the server. Using the command line netstat -a, and I still see many TIMEWAIT. Could this have something to do with gSoap, not Tomcat? Thanks, V D - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Manually Populate Request Object Name/Value Parameters?
why don't you protect the form ? -Message d'origine- De : Joe Reger, Jr. [mailto:[EMAIL PROTECTED] Envoyé : lundi 13 décembre 2004 17:15 À : [EMAIL PROTECTED] Objet : Manually Populate Request Object Name/Value Parameters? The scenario is a timed-out login session: The user writes a wonderful something in a web page form. They finally submit it but I have to redirect to the login page to collect credentials because the session has timed out. Question: Is there any way to restore that original request (with the user's hard work in it) and throw it back at the page the user was trying to hit after I collect credentials? If not then prior to redirecting for login I'd like to store the name/value pairs from the request in the session, collect login credentials and then rebuild the request manually by setting the URL and name/value request parameters? I'm using a homebrew login scheme. Would switching to form-based authentication automatically restore the original request once the user is logged-in? Thanks, Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Threads issues in Tomcat 5.0.28
2. you can use kill -3 command to dump the thread stack and execute the same command few seconds later. You obtain two stack trace that you can compare to identify the potential source of inativity. -Message d'origine- De : Matt Robinson [mailto:[EMAIL PROTECTED] Envoyé : mercredi 8 décembre 2004 03:32 À : [EMAIL PROTECTED] Objet : Threads issues in Tomcat 5.0.28 Hi, We have 5 instances of Tomcat 5.0.28 running on their own high performance servers (dual XEON / 2GB RAM, etc) receiving AJP13 connector requests via our main web server which has IIS 5, IIS redirector, and Tomcat4. This works great even under high loads except for one thing: after several hours of usage (could be 3 hours or up 24 hours), the number of Tomcat threads on the 5.0.28 systems will suddenly increase at a rapid rate until Tomcat no longer responds to requests. It will hit the max # threads (which defaults to 200) and essentially freeze until it is restarted. This is strange because this behavior does not seem to correspond to increased usage of the particular server it occurs on. We are not sure what is triggering this and what those Tomcat threads are waiting on [they remain busy, waiting and unable to be reused by Tomcat]. My questions are: 1. Has anyone else experienced this kind of Thread explosion problem? 2. Is there a way to find out exactly what each Tomcat Thread is doing/waiting for? 3. Is there a way to periodically clear Tomcat's threadpool -- i.e. get rid of waiting/busy/unusued threads. We are working on ways to automatically restart Tomcat once a certain # of threads is reached, but this is not an acceptable solution, only a temporary workaround of course. Many thanks in advance __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Problem with JAAS
Use tomcat env JAVA_OPTS=-Djava.security.auth.login.config=java config file to declare your login module. -Message d'origine- De : Julian Templeman [mailto:[EMAIL PROTECTED] Envoyé : jeudi 2 décembre 2004 09:56 À : [EMAIL PROTECTED] Objet : Problem with JAAS I'm evaluating an ISP that uses Tomcat to host webapps, and am running into a security problem. Any webapp that uses FORM authentication triggers an error from JAAS, saying that it can't find a login configuration. I'm certainly not using JAAS, and have just been adding users to the tomcat-users.xml file. I've been able to confirm that this happens with even the simplest apps. Can anyone give me any idea of what's going on here? My guess is that somehow Tomcat is configured to use JAAS by default, but since I've not used JAAS before now, I'm not sure where to look... Thanks, julian in london - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : Problem with JAAS
Perhaps because your configure your jaas realm in engine/host configuration. -Message d'origine- De : Julian Templeman [mailto:[EMAIL PROTECTED] Envoyé : jeudi 2 décembre 2004 11:53 À : Tomcat Users List Objet : Re: RE : Problem with JAAS On Thu, 2 Dec 2004 11:36:48 +0100, LERBSCHER Jean-Pierre [EMAIL PROTECTED] wrote: Use tomcat env JAVA_OPTS=-Djava.security.auth.login.config=java config file to declare your login module. Thanks... But what I want to know is *why* it wants to use JAAS at all. *I* certainly don't want to have to, because a simple form authentication will work fine for me... julian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem clustering tomcat when a failed server is restarting
We have a cluster Tomcat composed of two servers (default configuration of the cluster is used). When the first server is stopped, the cluster continues to work fine (requests are handled by the server that is running). But when the stopped server is restarting we can see these exceptions. Could you comment this log and explain us what is wrong. Thanks. The server that handle the requests log this exception Server 02 10 nov. 2004 17:13:54 org.apache.catalina.cluster.tcp.SimpleTcpCluster memberAdded INFO: Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://w.x.y.z:41001,w.x. y.z,41001, alive=35] 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager messageReceived GRAVE: Unable to receive message through TCP channel java.lang.NullPointerException at java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(ObjectOutputSt ream.java:1898) at java.io.ObjectOutputStream$BlockDataOutputStream.writeUTF(ObjectOutputStream .java:1769) at java.io.ObjectOutputStream.writeUTF(ObjectOutputStream.java:787) at org.apache.catalina.cluster.session.SerializablePrincipal.writePrincipal(Ser ializablePrincipal.java:180) at org.apache.catalina.cluster.session.DeltaSession.writeObject(DeltaSession.ja va:1457) at org.apache.catalina.cluster.session.DeltaSession.writeObjectData(DeltaSessio n.java:930) at org.apache.catalina.cluster.session.DeltaManager.doUnload(DeltaManager.java: 539) at org.apache.catalina.cluster.session.DeltaManager.messageReceived(DeltaManage r.java:854) at org.apache.catalina.cluster.session.DeltaManager.messageDataReceived(DeltaMa nager.java:762) at org.apache.catalina.cluster.tcp.SimpleTcpCluster.messageDataReceived(SimpleT cpCluster.java:576) at org.apache.catalina.cluster.io.ObjectReader.execute(ObjectReader.java:70) at org.apache.catalina.cluster.tcp.TcpReplicationThread.drainChannel(TcpReplica tionThread.java:129) at org.apache.catalina.cluster.tcp.TcpReplicationThread.run(TcpReplicationThrea d.java:67) In the same time the server restarting logs this information. server 01 Creating ClusterManager for context /myapp using class org.apache.catalina.cluster.session.DeltaManager 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager start INFO: Starting clustering manager...:/myapp 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager start ATTENTION: Manager[/myapp], requesting session state from org.apache.catalina.cluster.mcast.McastMember[tcp://w.x.y.z:42001,w.x.y.z,42 001, alive=111640]. This operation will timeout if no session state has been received within 60 seconds After a delay, server 01 logs this information. 10 nov. 2004 17:14:54 org.apache.catalina.cluster.session.DeltaManager start GRAVE: Manager[/myapp], No session state received, timing out. 10 nov. 2004 17:14:54 org.apache.catalina.core.StandardHostDeployer install INFO: Installation d'une application pour le chemin de contexte depuis l'URL file:/opt/tomcat-tst01/webapps/ROOT ... INFO: Server startup in 62980 ms server 01 handle the application requests, new session is created.
RE : Problem clustering tomcat when a failed server is restarting
We are using Tomcat 5.0.27. -Message d'origine- De : Filip Hanik - Dev [mailto:[EMAIL PROTECTED] Envoyé : mercredi 17 novembre 2004 18:27 À : Tomcat Users List Objet : Re: Problem clustering tomcat when a failed server is restarting What version of tomcat? It fails when it tries to write the principal information to the stream. Since I don't know what version of tomcat you are using, I can't tell you exactly what went wrong. maybe something in the principal returns null Filip - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 4:41 AM Subject: Problem clustering tomcat when a failed server is restarting We have a cluster Tomcat composed of two servers (default configuration of the cluster is used). When the first server is stopped, the cluster continues to work fine (requests are handled by the server that is running). But when the stopped server is restarting we can see these exceptions. Could you comment this log and explain us what is wrong. Thanks. The server that handle the requests log this exception Server 02 10 nov. 2004 17:13:54 org.apache.catalina.cluster.tcp.SimpleTcpCluster memberAdded INFO: Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://w.x.y.z:41001,w.x. y.z,41001, alive=35] 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager messageReceived GRAVE: Unable to receive message through TCP channel java.lang.NullPointerException at java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(ObjectOutputSt ream.java:1898) at java.io.ObjectOutputStream$BlockDataOutputStream.writeUTF(ObjectOutputStream .java:1769) at java.io.ObjectOutputStream.writeUTF(ObjectOutputStream.java:787) at org.apache.catalina.cluster.session.SerializablePrincipal.writePrincipal(Ser ializablePrincipal.java:180) at org.apache.catalina.cluster.session.DeltaSession.writeObject(DeltaSession.ja va:1457) at org.apache.catalina.cluster.session.DeltaSession.writeObjectData(DeltaSessio n.java:930) at org.apache.catalina.cluster.session.DeltaManager.doUnload(DeltaManager.java: 539) at org.apache.catalina.cluster.session.DeltaManager.messageReceived(DeltaManage r.java:854) at org.apache.catalina.cluster.session.DeltaManager.messageDataReceived(DeltaMa nager.java:762) at org.apache.catalina.cluster.tcp.SimpleTcpCluster.messageDataReceived(SimpleT cpCluster.java:576) at org.apache.catalina.cluster.io.ObjectReader.execute(ObjectReader.java:70) at org.apache.catalina.cluster.tcp.TcpReplicationThread.drainChannel(TcpReplica tionThread.java:129) at org.apache.catalina.cluster.tcp.TcpReplicationThread.run(TcpReplicationThrea d.java:67) In the same time the server restarting logs this information. server 01 Creating ClusterManager for context /myapp using class org.apache.catalina.cluster.session.DeltaManager 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager start INFO: Starting clustering manager...:/myapp 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager start ATTENTION: Manager[/myapp], requesting session state from org.apache.catalina.cluster.mcast.McastMember[tcp://w.x.y.z:42001,w.x.y.z,42 001, alive=111640]. This operation will timeout if no session state has been received within 60 seconds After a delay, server 01 logs this information. 10 nov. 2004 17:14:54 org.apache.catalina.cluster.session.DeltaManager start GRAVE: Manager[/myapp], No session state received, timing out. 10 nov. 2004 17:14:54 org.apache.catalina.core.StandardHostDeployer install INFO: Installation d'une application pour le chemin de contexte depuis l'URL file:/opt/tomcat-tst01/webapps/ROOT ... INFO: Server startup in 62980 ms server 01 handle the application requests, new session is created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Problem clustering tomcat when a failed server is restarting
Could you give me a link to open bugzilla report? Or more recent versions of Tomcat can they correct this problem ? -Message d'origine- De : Filip Hanik - Dev [mailto:[EMAIL PROTECTED] Envoyé : mercredi 17 novembre 2004 19:10 À : Tomcat Users List Objet : Re: Problem clustering tomcat when a failed server is restarting the GenericPrincipal.getPassword() returns null that is why you get this error, you can open a bugzilla report so that we can track it Filip - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 11:55 AM Subject: RE : Problem clustering tomcat when a failed server is restarting We are using Tomcat 5.0.27. -Message d'origine- De : Filip Hanik - Dev [mailto:[EMAIL PROTECTED] Envoyé : mercredi 17 novembre 2004 18:27 À : Tomcat Users List Objet : Re: Problem clustering tomcat when a failed server is restarting What version of tomcat? It fails when it tries to write the principal information to the stream. Since I don't know what version of tomcat you are using, I can't tell you exactly what went wrong. maybe something in the principal returns null Filip - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 4:41 AM Subject: Problem clustering tomcat when a failed server is restarting We have a cluster Tomcat composed of two servers (default configuration of the cluster is used). When the first server is stopped, the cluster continues to work fine (requests are handled by the server that is running). But when the stopped server is restarting we can see these exceptions. Could you comment this log and explain us what is wrong. Thanks. The server that handle the requests log this exception Server 02 10 nov. 2004 17:13:54 org.apache.catalina.cluster.tcp.SimpleTcpCluster memberAdded INFO: Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://w.x.y.z:41001,w.x. y.z,41001, alive=35] 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager messageReceived GRAVE: Unable to receive message through TCP channel java.lang.NullPointerException at java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(ObjectOutputSt ream.java:1898) at java.io.ObjectOutputStream$BlockDataOutputStream.writeUTF(ObjectOutputStream .java:1769) at java.io.ObjectOutputStream.writeUTF(ObjectOutputStream.java:787) at org.apache.catalina.cluster.session.SerializablePrincipal.writePrincipal(Ser ializablePrincipal.java:180) at org.apache.catalina.cluster.session.DeltaSession.writeObject(DeltaSession.ja va:1457) at org.apache.catalina.cluster.session.DeltaSession.writeObjectData(DeltaSessio n.java:930) at org.apache.catalina.cluster.session.DeltaManager.doUnload(DeltaManager.java: 539) at org.apache.catalina.cluster.session.DeltaManager.messageReceived(DeltaManage r.java:854) at org.apache.catalina.cluster.session.DeltaManager.messageDataReceived(DeltaMa nager.java:762) at org.apache.catalina.cluster.tcp.SimpleTcpCluster.messageDataReceived(SimpleT cpCluster.java:576) at org.apache.catalina.cluster.io.ObjectReader.execute(ObjectReader.java:70) at org.apache.catalina.cluster.tcp.TcpReplicationThread.drainChannel(TcpReplica tionThread.java:129) at org.apache.catalina.cluster.tcp.TcpReplicationThread.run(TcpReplicationThrea d.java:67) In the same time the server restarting logs this information. server 01 Creating ClusterManager for context /myapp using class org.apache.catalina.cluster.session.DeltaManager 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager start INFO: Starting clustering manager...:/myapp 10 nov. 2004 17:13:54 org.apache.catalina.cluster.session.DeltaManager start ATTENTION: Manager[/myapp], requesting session state from org.apache.catalina.cluster.mcast.McastMember[tcp://w.x.y.z:42001,w.x.y.z,42 001, alive=111640]. This operation will timeout if no session state has been received within 60 seconds After a delay, server 01 logs this information. 10 nov. 2004 17:14:54 org.apache.catalina.cluster.session.DeltaManager start GRAVE: Manager[/myapp], No session state received, timing out. 10 nov. 2004 17:14:54 org.apache.catalina.core.StandardHostDeployer install INFO: Installation d'une application pour le chemin de contexte depuis l'URL file:/opt/tomcat-tst01/webapps/ROOT ... INFO: Server startup in 62980 ms server 01 handle the application requests, new session is created. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail
RE : Declarative security example
Define a realm element for your Engine/Host/Context node in your server.xml configuration file. For example : Realm className=org.apache.catalina.realm.MemoryRealm / -Message d'origine- De : Freddy Villalba A. [mailto:[EMAIL PROTECTED] Envoyé : vendredi 12 novembre 2004 18:44 À : [EMAIL PROTECTED] Objet : Declarative security example Hello everybody, I'm trying to run the following test application on a Tomcat v4.1 that comes along with JBuilder X. web-app servlet servlet-nameSecureServlet/servlet-name servlet-classSecureServlet/servlet-class /servlet security-constraint web-resource-collection web-resource-nameprueba de seguridad declarativa/web-resource-name url-pattern/servlet/SecureServlet/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-namesupervisor/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/formlogin.html/form-login-page form-error-page/formerror.html/form-error-page /form-login-config /login-config security-role role-namesupervisor/role-name /security-role /web-app When I launch the server, it is not able to initialize the web app. This is the trace I get from Tomcat: 12-nov-2004 18:30:05 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 8080 Starting service Tomcat-Standalone Apache Tomcat/4.1.27-LE-jdk14 HostConfig[localhost]: Deploying configuration descriptor jb-cursoj2ee.xml WebappLoader[/cursoj2ee]: Deploying class repositories to work directory C:\cursoj2ee\seguridadDeclarativa\seguridadDeclarativa\Tomcat\work\cursoj2ee WebappLoader[/cursoj2ee]: Deploy class files /WEB-INF/classes to C:\cursoj2ee\seguridadDeclarativa\seguridadDeclarativa\modulo1\WEB-INF\class es WebappLoader[/cursoj2ee]: Reloading checks are enabled for this Context ContextConfig[/cursoj2ee]: No Realm has been configured to authenticate against ContextConfig[/cursoj2ee]: Marking this application unavailable due to previous error(s) StandardManager[/cursoj2ee]: Seeding random number generator class java.security.SecureRandom StandardManager[/cursoj2ee]: Seeding of random number generator has been completed StandardContext[/cursoj2ee]: Context startup failed due to previous errors 12-nov-2004 18:30:07 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 It seems like I've got to define some realm on Tomcat in order for this silly example to work. However, I've read (Sun's material) this example should be straightforward, just deploy the webapp anywhere and run, without defining anything particular to the servlet container. What am I missing? Am I required to define a realm in order for it to work? Thanx everybody, F. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Clustering and Load balancing
You have to follow the rules included in the document (http://jakarta.apache.org/tomcat/tomcat-5.0-doc/cluster-howto.html ) . All your session attributes must implement java.io.Serializable . Uncomment the Cluster element in server.xml Define multicast address and port for your cluster communication (for cluster heart beat). Define tcp parameter (tcpListenAddress/tcpListenport) for each host of your cluster (for session replication). . Uncomment the Valve(ReplicationValve) element in server.xml . If your Tomcat instances are running on the same machine, make sure the tcpListenPort attribute is unique for each instance. . Make sure your web.xml has the distributable/ element Use, for example, Apache and the native connector JK to implement the load balancing. -Message d'origine- De : Vinayagam [mailto:[EMAIL PROTECTED] Envoyé : mercredi 10 novembre 2004 05:41 À : Tomcat Users List Cc : [EMAIL PROTECTED] Objet : Clustering and Load balancing Hi All! Can any one help me abt clustering and Loadbalancing using Tomcat 5.0/later. We have an application, Which is run on Tomcat 4.0. Now we are going to run this application in Tomcat 5.0. Also we are going to implements the clustering technology to our appl. So that i need som help, How to do this. Thanx Regards Vinayagam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Compression - problematic?
I am surprised because if you search for compress in the source code of Tomcat 5.0.27 and you can see only get/set method in CoyoteConnector. More information would be welcome. -Message d'origine- De : Shapira, Yoav [mailto:[EMAIL PROTECTED] Envoyé : mercredi 10 novembre 2004 14:45 À : Tomcat Users List Objet : RE: Compression - problematic? Hi, From my experience, compression works fine. I haven't seen strange adverse effects from it, but then again I'm only one data point. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Carl Olivier [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 10, 2004 8:34 AM To: Tomcat Users List Subject: Compression - problematic? Greetings. I am trying out the compression feature on the HTTP Connector in Tomcat 5.0.27 and 5.0.28. I have simply set the connector attribute compression=on - everything else like buffering, socketBuffer etc has been left as default. The default list of MIME types to compress I have also left as per the default. There are some strange things happening - pretty random at this stage. I even had some content from A DIFFERENT HOST (using the same connector) appearing in the output!!! Not sure if this HAS to do with the compression being turned on for the connect - but that is the only major thing that has changed on the server! Anyone have any thoughts/insights? Thanks in advance. Carl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Many many unclosed connections, their state is CLOSE_WAIT
What's your question? This state indicates that the client sends a FIN signal. The client doesn't receive any data on this socket but it can receive data from the server. The connection is half-closed. -Message d'origine- De : David Zhung [mailto:[EMAIL PROTECTED] Envoyé : mardi 9 novembre 2004 06:42 À : [EMAIL PROTECTED] Objet : Many many unclosed connections, their state is CLOSE_WAIT We developed a web application in Tomcat4.1. Recently, when we did test for this application, sometimes we can get many many unclosed connections. The detail environment is: - Server OS is Win2000 server or win2003 ES - Tomcat4.1 - Mysql4.0 We deployed it in the computer named Server_1 and started it, then open several MS IE windows in local and remote hosts to login the application with different accounts. Sometimes, when we check the net state using command netstat -an, we will find many many unclosed connections ... See the following: C:\Documents and Settings\Administratornetstat -na Active Connections Proto Local Address Foreign AddressState TCP0.0.0.0:3870 0.0.0.0:0 LISTENING TCP0.0.0.0:3873 0.0.0.0:0 LISTENING TCP0.0.0.0:3876 0.0.0.0:0 LISTENING TCP0.0.0.0:3879 0.0.0.0:0 LISTENING TCP0.0.0.0:3882 0.0.0.0:0 LISTENING TCP0.0.0.0:3887 0.0.0.0:0 LISTENING TCP0.0.0.0:3890 0.0.0.0:0 LISTENING TCP0.0.0.0:3894 0.0.0.0:0 LISTENING TCP0.0.0.0:3897 0.0.0.0:0 LISTENING TCP0.0.0.0:3900 0.0.0.0:0 LISTENING TCP0.0.0.0:3903 0.0.0.0:0 LISTENING TCP0.0.0.0:3906 0.0.0.0:0 LISTENING TCP0.0.0.0:3909 0.0.0.0:0 LISTENING TCP0.0.0.0:3912 0.0.0.0:0 LISTENING TCP0.0.0.0:3915 0.0.0.0:0 LISTENING TCP0.0.0.0:3918 0.0.0.0:0 LISTENING TCP0.0.0.0:3921 0.0.0.0:0 LISTENING TCP0.0.0.0:3924 0.0.0.0:0 LISTENING TCP0.0.0.0:3927 0.0.0.0:0 LISTENING TCP0.0.0.0:3930 0.0.0.0:0 LISTENING TCP0.0.0.0:3934 0.0.0.0:0 LISTENING TCP0.0.0.0:3937 0.0.0.0:0 LISTENING TCP0.0.0.0:3940 0.0.0.0:0 LISTENING TCP0.0.0.0:3944 0.0.0.0:0 LISTENING TCP0.0.0.0:3947 0.0.0.0:0 LISTENING TCP0.0.0.0:3952 0.0.0.0:0 LISTENING TCP0.0.0.0:3955 0.0.0.0:0 LISTENING TCP0.0.0.0:3958 0.0.0.0:0 LISTENING TCP0.0.0.0:3961 0.0.0.0:0 LISTENING TCP0.0.0.0:3964 0.0.0.0:0 LISTENING TCP0.0.0.0:3967 0.0.0.0:0 LISTENING TCP0.0.0.0:3970 0.0.0.0:0 LISTENING TCP0.0.0.0:3974 0.0.0.0:0 LISTENING TCP0.0.0.0:3977 0.0.0.0:0 LISTENING TCP0.0.0.0:3980 0.0.0.0:0 LISTENING TCP0.0.0.0:3983 0.0.0.0:0 LISTENING TCP0.0.0.0:3986 0.0.0.0:0 LISTENING TCP0.0.0.0:3989 0.0.0.0:0 LISTENING TCP0.0.0.0:3992 0.0.0.0:0 LISTENING TCP0.0.0.0:3996 0.0.0.0:0 LISTENING TCP0.0.0.0:4000 0.0.0.0:0 LISTENING TCP0.0.0.0:4003 0.0.0.0:0 LISTENING TCP0.0.0.0:4006 0.0.0.0:0 LISTENING TCP0.0.0.0:4009 0.0.0.0:0 LISTENING TCP0.0.0.0:4012 0.0.0.0:0 LISTENING TCP0.0.0.0:4015 0.0.0.0:0 LISTENING TCP0.0.0.0:4020 0.0.0.0:0 LISTENING TCP0.0.0.0:4023 0.0.0.0:0 LISTENING TCP0.0.0.0:4026 0.0.0.0:0 LISTENING TCP0.0.0.0:4029 0.0.0.0:0 LISTENING TCP0.0.0.0:4032 0.0.0.0:0 LISTENING TCP0.0.0.0:4035 0.0.0.0:0 LISTENING TCP0.0.0.0:4038 0.0.0.0:0 LISTENING TCP0.0.0.0:4041 0.0.0.0:0 LISTENING TCP0.0.0.0:4044 0.0.0.0:0 LISTENING TCP0.0.0.0:4047 0.0.0.0:0 LISTENING TCP0.0.0.0:4051 0.0.0.0:0 LISTENING TCP0.0.0.0:4054 0.0.0.0:0 LISTENING TCP0.0.0.0:4057 0.0.0.0:0 LISTENING TCP0.0.0.0:4060 0.0.0.0:0 LISTENING TCP0.0.0.0:4063 0.0.0.0:0 LISTENING TCP0.0.0.0:4067 0.0.0.0:0 LISTENING TCP
RE : Jakarta-Tomcat and Image Tag Library - SOLUTION
This is an extract of taglib directive definition (http://java.sun.com/products/jsp/syntax/1.2/syntaxref1211.html ) Taglib Directive Defines a tag library and prefix for the custom tags used in the JSP page. JSP Syntax %@ taglib uri=URIForLibrary prefix=tagPrefix % XML Syntax None. However, see jsp:root. Examples %@ taglib uri=http://www.jspcentral.com/tags; prefix=public % public:loop ... /public:loop Description The taglib directive declares that the JSP page uses custom tags, names the tag library that defines them, and specifies their tag prefix. You must use a taglib directive before you use the custom tag in a JSP page. You can use more than one taglib directive in a JSP page, but the prefix defined in each must be unique. Tutorials on creating custom tags are available at http://java.sun.com/products/jsp/taglibraries.html#tutorials. Attributes uri=URIForLibrary The Uniform Resource Identifier (URI) that uniquely locates the TLD that describes the set of custom tags associated with the named tag prefix. A URI can be any of the following: A Uniform Resource Locator (URL), as defined in RFC 2396, available at http://www.hut.fi/u/jkorpela/rfc/2396/full.html A Uniform Resource Name (URN), as defined in RFC 2396 An absolute or relative pathname If the URI is a URL or URN, then the TLD is located by consulting the mapping indicated in web.xml extended using the implicit maps in the packaged tag libraries. If URI is pathname, it is interpreted relative to the root of the web application and should resolve to a TLD file directly, or to a JAR file that has a TLD file at location META-INF/taglib.tld. prefix=tagPrefix The prefix that precedes the custom tag name, for example, public in public:loop. Empty prefixes are illegal. If you are developing or using custom tags, you cannot use the tag prefixes jsp, jspx, java, javax, servlet, sun, and sunw, as they are reserved by Sun Microsystems. -Message d'origine- De : Lars Nielsen Lind [mailto:[EMAIL PROTECTED] Envoyé : lundi 25 octobre 2004 21:37 À : 'Tomcat Users List' Objet : RE: Jakarta-Tomcat and Image Tag Library - SOLUTION Hi. I have found a solution to my problem. In web.xml (webapp)/WEB-INF/web.xml I changed: taglib-urihttp://jakarta.apache.org/taglibs/image-1.0/taglib-uri to taglib-uriTEST/taglib-uri and now it is working... Lars Nielsen Lind -Original Message- From: Lars Nielsen Lind [mailto:[EMAIL PROTECTED] Sent: 24. oktober 2004 17:50 To: 'Tomcat Users List' Subject: RE: Jakarta-Tomcat and Image Tag Library Hi. I have now located an error msg in jakarta-tomcat: StandardContext[]ImageTag error: Cannot get ../../../images/employees/%= employee_image % StandardContext[]The exception was: - Javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found Lars Nielsen Lind -Original Message- From: Lars Nielsen Lind [mailto:[EMAIL PROTECTED] Sent: 24. oktober 2004 16:27 To: 'Tomcat Users List'; [EMAIL PROTECTED] Subject: RE: Jakarta-Tomcat and Image Tag Library Hi. It was not that... I also have tried with this, but it will not display any images... img:image src=../../../images/employees/%= employee_image % name=%= employee_image % img:resize scale=50% / /img:image Lars Nielsen Lind -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: 24. oktober 2004 16:19 To: Tomcat Users List Subject: RE: Jakarta-Tomcat and Image Tag Library Not familiar with the tag-lib but try: src=images/employees/%= employee_image % NOTE: no / at the beginning of the relative url On Sun, 2004-10-24 at 10:13, Lars Nielsen Lind wrote: Hi. I use: Jakarta-Tomcat-5.0.25 J2SDK1.4.2_04 Image Taglib 1.0 (from binaries) There is no error msg. I have copied taglibs-image.jar to /WEB-INF/lib. I have copied pjatools.jar to /WEB-INF/lib I have copied com.mullasseny.imaging... to /WEB-INF/classes/com/... I have copied taglibs-image.tld to /WEB-INF I have added the following lines to /WEB-INF/web.xml: taglib taglib-urihttp://jakarta.apache.org/taglibs/image-1.0/taglib-uri taglib-location/WEB-INF/taglibs-image.tld/taglib-location /taglib At the top of the *.jsp page: %@ taglib uri=http://jakarta.apache.org/taglibs/image-1.0 prefix=img % Below at the same *.jsp page: img:image src=/images/employees/%= employee_image % name=%= employee_image % img:resize scale=50% / /img:image Lars Nielsen Lind -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: 24. oktober 2004 15:56 To: Tomcat Users List Subject: Re: Jakarta-Tomcat and Image Tag Library On Sun, Oct 24, 2004 at 03:42:28PM +0200, Lars Nielsen Lind wrote: : I am having some trouble making the Jakarta Image Tag Library work. I do as : outlined in the documentation but I am not apple to display any images. As we're not clairvoyant,
RE : Synchronization in cluster
Hi, What are your needs? Why distributed singleton or distributed locking are so important ? Perhaps you can use Database to implement locking functionality and Jgroups library to replicate state (or distributed singleton) across members of a group (see www.jgroups.org). -Message d'origine- De : Igor [mailto:[EMAIL PROTECTED] Envoyé : mercredi 29 septembre 2004 20:42 À : [EMAIL PROTECTED] Objet : Re: Synchronization in cluster Hello! if you are talking about distributed locking, then the answer is no Thank you for reply ! Our web application uses locking and Singleton pattern. I am making researches - is there a possibility to move to cluster architecture or load balancing. Distributed locking is not possible. Distiributed Singleton (static variables) seems not to be possible too. So web applications, that use locking or Singleton cannot use cluster architecture or load balancing. Maybe there is indirect way of implementing distributed locking or distributed Singleton? For example, code that needs synchronization may be concentrated in main Tomcat, and other Tomcats will call this code via http or SOAP? Is there any way to move web application with locking and Singleton to cluster or load balancing? Thank you, Igor - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : User authentication in multi repositories
Hi, Yes, it's typically the object of the JAAS API. You can configure the JAASRealm and develop your login modules to access multiple LDAP services. You have to think at the rules to use to authenticate sub-group of users in corporate domain and others in other repository. -Message d'origine- De : QM [mailto:[EMAIL PROTECTED] Envoyé : mercredi 29 septembre 2004 23:52 À : Tomcat Users List Objet : Re: User authentication in multi repositories On Wed, Sep 29, 2004 at 01:50:31PM -0300, Ac?cio Furtado Costa wrote: : We would like to know, if it is possible for an application to authenticate : users in multiple LDAP Services. For instance, one sub-group of users will : authenticate on our corporate domain (Active Directory) and another : sub-group (clients, supliers) in other repository (ADAM- Active Directory : Application Mode, NDS, etc). An application, perhaps. ;) Tomcat's JNDI-based Realm, out of the box, likely no. This thread came up a few weeks ago. You can search the archive for details; the highlights boiled down to: sync'ing up your AD setups[1] or writing custom code. [1] = I'm not an AD expert; but I understand one offered solution involved creating some sort of master AD instance that delegated to the others on the backend. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Tomcat and LDAP
It's automatic. When the user tries to access a protected resource, the server asks him to authenticate himself. -Message d'origine- De : SARMIENTO Claudia COGA [mailto:[EMAIL PROTECTED] Envoyé : mercredi 22 septembre 2004 23:46 À : 'Tomcat Users List' Objet : Tomcat and LDAP Hello all: I have a question, i'm new in JNDIRealm Configuration, actually i'm connecting succesfully with my LDAP server with BASIC authentication, i read that BASIC authentication is valid until user closes the browser, how i can re-login? if i'm not using login.jsp, i only set in my web.xml this: security-constraint web-resource-collection web-resource-nameIntranet/web-resource-name url-pattern/*/url-pattern url-pattern/servlet/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameCN/role-name role-name*/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameMy Secure Realm/realm-name /login-config Best Regards Claudia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : too many JAAS...
Why do you have a ClassCastException exception ? Could you give us more detail on your realm configuration ? Do you configured a jass realm with custom userClassNames and roleClassNames attributes ? or any thing else. -Message d'origine- De : Rene Paulokat [mailto:[EMAIL PROTECTED] Envoyé : mercredi 22 septembre 2004 16:18 À : Tomcat Users List Objet : Re: too many JAAS... On Wed, Sep 22, 2004 at 03:47:08PM +0200, Michiel Toneman wrote: You can have a look at http://www.kopz.org/public/documents/tomcat/jaasintomcat.html It contains a known-good approach so it may be of some use to you. hi michiel, yes, i found that already, but i thought this is not *very* different from my approach: in this example 'SecurityFilter' does the same thing like my Login-servlet: creates new LoginContext - passes over the CallBackhandler - here 'HttpAuthCallBackhandler' and finally calls login-method of loginModule. additionally it puts 'Subject' into user's Session, to be reused when needed. fine thing. i think i am missing some more basic thing - cause of my beloved ClassCastException, when my loginModule starts to act... or - is it the only way to accomplish the task with that kind of 'SecurityFilter' - which in the example acts upon every request? thanks for your hint, i'am gonna implement it test-wise... greetings rene -- gpg-key 8FC78254 http://www.so36.net/keys/rene.asc fingerprint: E883 D359 3F56 51AF 0294 8BEB 16B3 15BD 8FC7 8254 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Customizing BASIC authentication
For example, Spec 2.3 specifies The getRemoteUser method returns the user name the client used for authentication. If no user has been authenticated, the getRemoteUser method returns null. getRemoteUser(): ... Whether the user name is sent with each subsequent request depends on the browser and type of authentication. -Message d'origine- De : Robert Bateman [mailto:[EMAIL PROTECTED] Envoyé : lundi 16 août 2004 20:42 À : Tomcat Users List Objet : Re: Customizing BASIC authentication Someone please correct me if I'm wrong here... Also be aware that non-protected pages will not provide you with a value to request.getRemoteUser(). I had assumed I could get the remote user from any page once the user logged in, but it doesn't work as I expected. I believe there *was* a bug report over on the TC bugzilla system and the response I remember was that the system was working as designed. Bob On Saturday 14 August 2004 12:13 am, Jacob Kjome wrote: You can use request.getRemoteUser() to obtain the username. The password is not really accessible except by examining the http headers. Jake At 11:21 PM 8/13/2004 -0400, you wrote: Hi all, I've been spending the last few hours reading about realms, valves, authenticators and the like, and I'm totally confused. I'm hoping if I describe my situation, someone can help me cut through the fog. I'm working on a simple web app that will feed custom RSS XML to clients that must use basic authentication. In my application, I need to do more than just look up users somewhere. Instead, the login/password values returned via basic authentication headers will be used in some fairly complex ways to both authenticate and then construct the custom response. What is the simplest way to customize basic authentication in Tomcat 4? It seems that realms are not the way to go, since they just handle authentication and have nothing to do with the request/response. Valves/authenticators seem like overkill. Form based authentication is not an option. Can I have Tomcat manage basic authentication headers but pass the login/password values to my code? And can I then have access to that information in the servlet that creates the response? Many thanks, Fred - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : TR : [jaas integration between tomcat/weblogic]
Any responses? Does somebody think that it could be a bug or like an improvement? Thanks. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mardi 27 juillet 2004 19:07 À : '[EMAIL PROTECTED]' Objet : [jaas integration between tomcat/weblogic] Hi, I would like to make EJB-calls from Tomcat to EJB in Weblogic in secure environment (using j2ee roles). I configure a custom JAAS Realm that uses client side LoginModule connecting to WLS (weblogic.security.auth.login.UsernamePasswordLoginModule). I put weblogic.jar into common/lib directory and my login module classes in common/classes. I configure webapp context like this : Realm className=org.apache.catalina.realm.JAASRealm appName=Sample userClassNames=weblogic.security.principal.WLSUserImpl roleClassNames=weblogic.security.principal.WLSGroupImpl debug=99/ I grant all permission (for test only) in Catalina.policy. And I run Catalina with -security option. At this stage tomcat uses login module (and weblogic authentification provider) to authenticate the user. Everything works fine. The subject build by weblogic is used to create a GenericPrincipal used internally by Tomcat. My problem is that I need to use weblogic security api to propagate implicitly the subject when i call the ejb component with the security data provided by weblogic authentification provider (the subject). First I try to run Tomcat with the security option and the permission, enables me to get the tomcat subject (for example like this javax.security.auth.Subject mySubject = javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); ) and call the weblogic security api with that subject. However the Tomcat GenericPrincipal is not serializable and I get an exception [java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal]... Secondly I try to rebuild the weblogic subject with the subject generated by javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); I get an java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[my_username] exception generated by weblogic. It seems obviously that there are problems of integration! My suggestions are to keep a trace of original subject (for example in session with a specific key) or in a classe that is accessible to application classes (and not dependent on tomcat specific api). Do you have any others suggestions ? Environment: Tomcat 5.0.27 (full install), running on xp, java 1.4.2_02 WLS 8 sp2, running on w2k, java 1.4.2_02 (= both on same machine, same environment) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TR : [jaas integration between tomcat/weblogic]
Hi, Does somebody have more suggestions on this topic? Thanks. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mardi 27 juillet 2004 19:07 À : '[EMAIL PROTECTED]' Objet : [jaas integration between tomcat/weblogic] Hi, I would like to make EJB-calls from Tomcat to EJB in Weblogic in secure environment (using j2ee roles). I configure a custom JAAS Realm that uses client side LoginModule connecting to WLS (weblogic.security.auth.login.UsernamePasswordLoginModule). I put weblogic.jar into common/lib directory and my login module classes in common/classes. I configure webapp context like this : Realm className=org.apache.catalina.realm.JAASRealm appName=Sample userClassNames=weblogic.security.principal.WLSUserImpl roleClassNames=weblogic.security.principal.WLSGroupImpl debug=99/ I grant all permission (for test only) in Catalina.policy. And I run Catalina with -security option. At this stage tomcat uses login module (and weblogic authentification provider) to authenticate the user. Everything works fine. The subject build by weblogic is used to create a GenericPrincipal used internally by Tomcat. My problem is that I need to use weblogic security api to propagate implicitly the subject when i call the ejb component with the security data provided by weblogic authentification provider (the subject). First I try to run Tomcat with the security option and the permission, enables me to get the tomcat subject (for example like this javax.security.auth.Subject mySubject = javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); ) and call the weblogic security api with that subject. However the Tomcat GenericPrincipal is not serializable and I get an exception [java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal]... Secondly I try to rebuild the weblogic subject with the subject generated by javax.security.auth.Subject.getSubject(java.security.AccessController.getCon text()); I get an java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[my_username] exception generated by weblogic. It seems obviously that there are problems of integration! My suggestions are to keep a trace of original subject (for example in session with a specific key) or in a classe that is accessible to application classes (and not dependent on tomcat specific api). Do you have any others suggestions ? Environment: Tomcat 5.0.27 (full install), running on xp, java 1.4.2_02 WLS 8 sp2, running on w2k, java 1.4.2_02 (= both on same machine, same environment) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : RE : RE : RE : how to access Subject after authent ifica tion
Now i can access to the subject (thanks to Jean Francois and Matt)!! In my use case, tomcat uses jaas (and specific login module) first to authenticate users (it runs)... and secondly to authorize the access to resources (EJB) deployed in weblogic server. I use weblogic API to propagate implicitly the subject (or principals) information from tomcat to weblogic, and use j2ee roles to secure access to resources. At this stage, i get the exception : [java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal]... caused because the GenericPrincipal in Catalina isn't serializable. Somebody (or Craig R. McClanahan, the author) could explain for which reason this class is not serializable. Thanks. -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mercredi 21 juillet 2004 17:58 À : Tomcat Users List Objet : Re: RE : RE : RE : RE : RE : how to access Subject after authentifica tion LERBSCHER Jean-Pierre wrote: In fact my java options are : JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf\Sample_jaa s .config -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mercredi 21 juillet 2004 12:13 À : 'Tomcat Users List' Cc : 'Jeanfrancois Arcand' Objet : RE : RE : RE : RE : how to access Subject after authentification The command line is ok ! But I have an exception : Caused by: java.io.IOException: Impossible de trouver une configuration de connexion Hehe :-) Pas mal comme message d'erreur ;-) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:95) ... 33 more I set JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\con f \Sample_jaas.config I never used JAAS this way so I cannot help you. Are you trying to load the file from your webapp? Hav eyou try to put the file inside the war? -- Jeanfrancois The classe that instantiates the login context is located in common/classes The standard Catalina.policy containts this permission grant codeBase file:${catalina.home}/common/- { permission java.security.AllPermission; }; Any ideas ? Thanks in advance! -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 19:52 À : Tomcat Users List Objet : Re: RE : RE : RE : how to access Subject after authentification LERBSCHER Jean-Pierre wrote: Could you tell me what is the correct configuration to access the jaas login file with this security manager. You need to start Tomcat using the -security ./catalina.sh start -security -- Jeanfrancois Thanks -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 18:42 À : Tomcat Users List Objet : Re: RE : RE : how to access Subject after authentification Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat
RE : RE : RE : RE : how to access Subject after authentification
The command line is ok ! But I have an exception : Caused by: java.io.IOException: Impossible de trouver une configuration de connexion at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:95) ... 33 more I set JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf \Sample_jaas.config The classe that instantiates the login context is located in common/classes The standard Catalina.policy containts this permission grant codeBase file:${catalina.home}/common/- { permission java.security.AllPermission; }; Any ideas ? Thanks in advance! -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 19:52 À : Tomcat Users List Objet : Re: RE : RE : RE : how to access Subject after authentification LERBSCHER Jean-Pierre wrote: Could you tell me what is the correct configuration to access the jaas login file with this security manager. You need to start Tomcat using the -security ./catalina.sh start -security -- Jeanfrancois Thanks -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 18:42 À : Tomcat Users List Objet : Re: RE : RE : how to access Subject after authentification Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42
RE : RE : RE : RE : RE : how to access Subject after authentifica tion
In fact my java options are : JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf\Sample_jaas .config -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : mercredi 21 juillet 2004 12:13 À : 'Tomcat Users List' Cc : 'Jeanfrancois Arcand' Objet : RE : RE : RE : RE : how to access Subject after authentification The command line is ok ! But I have an exception : Caused by: java.io.IOException: Impossible de trouver une configuration de connexion at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206) at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:95) ... 33 more I set JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf \Sample_jaas.config The classe that instantiates the login context is located in common/classes The standard Catalina.policy containts this permission grant codeBase file:${catalina.home}/common/- { permission java.security.AllPermission; }; Any ideas ? Thanks in advance! -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 19:52 À : Tomcat Users List Objet : Re: RE : RE : RE : how to access Subject after authentification LERBSCHER Jean-Pierre wrote: Could you tell me what is the correct configuration to access the jaas login file with this security manager. You need to start Tomcat using the -security ./catalina.sh start -security -- Jeanfrancois Thanks -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 18:42 À : Tomcat Users List Objet : Re: RE : RE : how to access Subject after authentification Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection
how to access Subject after authentification
Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks,
RE : how to access Subject after authentification
Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42 To: '[EMAIL PROTECTED]' Subject: how to access Subject after authentification Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : how to access Subject after authentification
Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42 To: '[EMAIL PROTECTED]' Subject: how to access Subject after authentification Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e
RE : RE : RE : how to access Subject after authentification
Could you tell me what is the correct configuration to access the jaas login file with this security manager. Thanks -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 18:42 À : Tomcat Users List Objet : Re: RE : RE : how to access Subject after authentification Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42 To: '[EMAIL PROTECTED]' Subject: how to access Subject after authentification Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED