WARNING: User database is not persistable - no write permissions on directory
Hi, I've installed an Ubuntu Server 8.10 with the Tomcat6 package. When I start it this msg appears on the Catalina log: WARNING: User database is not persistable - no write permissions on directory Do you know why? Anyway the Tomcat starts OK, but when I deploy an application (JasperServer 3.0) it doesn't start with more permissions errors on the log: Catalina log Nov 7, 2008 2:48:10 PM org.apache.catalina.core.NamingContextListener addResource WARNING: Failed to register in JMX: javax.naming.NamingException: Could not create resource factory instance [Root exception is java.lang.ClassNotFoundException: org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory] ... Nov 7, 2008 2:48:13 PM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart Nov 7, 2008 2:48:13 PM org.apache.catalina.core.StandardContext start SEVERE: Context [/jasperserver] startup failed due to previous errors Localhost log SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.util.Log4jConfigListener java.security.AccessControlException: access denied (java.util.PropertyPermission jasperserver.root read) ... SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanDefinitionStoreException: Error registering bean with name 'fileVirtualizerFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Could not resolve placeholder 'java.io.tmpdir' ... SEVERE: Exception sending context initialized event to listener instance of class com.tonbeller.tbutils.res.ResourcesFactoryContextListener java.lang.ExceptionInInitializerError ... Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission tbeller.InitialResourceProvider read) ... SEVERE: Exception sending context initialized event to listener instance of class com.jaspersoft.jasperserver.war.util.SecurityContextHolderStrategyInitializer java.lang.ExceptionInInitializerError ... SEVERE: Exception sending context destroyed event to listener instance of class org.springframework.web.util.Log4jConfigListener java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write) I tried to chown all tomcat6 directory to the tomcat6 user, and make a 777 pemission folder, but no result :( Any suggestion? Thx! -- Dimas Streich i Colomeda dimas.sc http://dimas.sc ARROVA gmail.com http://gmail.com http://www.dimas.cat
Re: encrypting passwords in tomcat-users.xml
Hi Christopher, I've been trying to figure out this issues as well, thank you for your answer, it has clarified some questions of my own. I still have a question about your answer though, see below: On 11/20/17 10:53 PM, Christopher Schultz wrote: >Guy, > >On 11/20/17 1:23 PM, Guy Mac wrote: >> I'm failing to figure out how to encrypt passwords for (slightly) >> different versions of Tomcat 8.0.x on different platforms. > >Some background: older versions of Tomcat only supported single-round >hashing such as MD5, SHA-1, SHA-256, etc. and the newer versions >support many more options including pluggable modules to do whatever >you want. Most people will be able to use the baked-in modules to get >what they want, but you can build your own if you need something special >. > >> With Tomcat 8.0.37 on MacOS, I run digest.sh with a password, >> placing the output in tomcat-users > >Specifically, how do you run this? > >> , and update the Realm for the Catalina engine to: > className="org.apache.catalina.realm.LockOutRealm"> > className="org.apache.catalina.realm.UserDatabaseRealm" >> resourceName="UserDatabase"> > className="org.apache.catalina.realm.MessageDigestCredentialHandler" >> >> >algorithm="SHA-512"/> >> >> >> and that all works just fine. > >Good. > >> But when I try to repeat the steps for Tomcat 8.0.14-1 on Linux >> (Debian), it does not work. How do I encrypt passwords for this >> version of Tomcat? > >The process should should be the same, and the hash should be the same >no matter what what version of Tomcat you use to produce it, and no >matter what platform you use. > >From a Tomcat 7.0.x install: > >$ $CATALINA_HOME/bin/digest.sh -a SHA-512 's3cret' >s3cret:1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0 > >[Note that if you put that on the command-line it will be in your >shell's history for anyone to see. Try using a leading space character >to keep some shells from keeping the command in the history.] > >From a Tomcat 8.0.x install: >$ $CATALINA_HOME/bin/digest.sh -a SHA-256 s3cret >s3cret:46e78df675f5842ebca3f67679a3ce14fd3ddb08727feacba84935f58914d49b$ >1$4e72031fe6f751d3b2390cd494971b8bf27cccf41f5ea8d7f56272f15b091207 > >Wait, what?! It turns out that Tomcat 8.0.x uses a salted, iterated >hash by default and so you get (a) more protection and (b) more stuff >coming out. > >If you want to get the same thing you got from Tomcat 7.0.x, you'll >need some additional command-line arguments: > >$ $CATALINA_HOME/bin/digest.sh -a SHA-256 -i 1 -s 0 s3cret >s3cret:1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0 > >This is true of Tomcat 8.5.x and Tomcat 9.0.x as well. Since you had to put some more arguments to generate the digest, are they also necessary on the server.xml file? >Hope that helps, >-chris Thanks in advance, -Dimas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
users-thread.12...@tomcat.apache.org
Hi Christopher, I've been trying to figure out this issues as well, thank you for your answer, it has clarified some questions of my own. I still have a question about your answer though, see below: On 11/20/17 10:53 PM, Christopher Schultz wrote: >Guy, > >On 11/20/17 1:23 PM, Guy Mac wrote: >> I'm failing to figure out how to encrypt passwords for (slightly) >> different versions of Tomcat 8.0.x on different platforms. > >Some background: older versions of Tomcat only supported single-round >hashing such as MD5, SHA-1, SHA-256, etc. and the newer versions >support many more options including pluggable modules to do whatever >you want. Most people will be able to use the baked-in modules to get >what they want, but you can build your own if you need something special >. > >> With Tomcat 8.0.37 on MacOS, I run digest.sh with a password, >> placing the output in tomcat-users > >Specifically, how do you run this? > >> , and update the Realm for the Catalina engine to: > className="org.apache.catalina.realm.LockOutRealm"> > className="org.apache.catalina.realm.UserDatabaseRealm" >> resourceName="UserDatabase"> > className="org.apache.catalina.realm.MessageDigestCredentialHandler" >> >> >algorithm="SHA-512"/> >> >> >> and that all works just fine. > >Good. > >> But when I try to repeat the steps for Tomcat 8.0.14-1 on Linux >> (Debian), it does not work. How do I encrypt passwords for this >> version of Tomcat? > >The process should should be the same, and the hash should be the same >no matter what what version of Tomcat you use to produce it, and no >matter what platform you use. > >From a Tomcat 7.0.x install: > >$ $CATALINA_HOME/bin/digest.sh -a SHA-512 's3cret' >s3cret:1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0 > >[Note that if you put that on the command-line it will be in your >shell's history for anyone to see. Try using a leading space character >to keep some shells from keeping the command in the history.] > >From a Tomcat 8.0.x install: >$ $CATALINA_HOME/bin/digest.sh -a SHA-256 s3cret >s3cret:46e78df675f5842ebca3f67679a3ce14fd3ddb08727feacba84935f58914d49b$ >1$4e72031fe6f751d3b2390cd494971b8bf27cccf41f5ea8d7f56272f15b091207 > >Wait, what?! It turns out that Tomcat 8.0.x uses a salted, iterated >hash by default and so you get (a) more protection and (b) more stuff >coming out. > >If you want to get the same thing you got from Tomcat 7.0.x, you'll >need some additional command-line arguments: > >$ $CATALINA_HOME/bin/digest.sh -a SHA-256 -i 1 -s 0 s3cret >s3cret:1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0 > >This is true of Tomcat 8.5.x and Tomcat 9.0.x as well. Since you had to put some more arguments to generate the digest, are they also necessary on the server.xml file? >Hope that helps, >-chris Thanks in advance, -Dimas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
