Hi Gary, see way below inline...
> Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor > <gang....@usps.gov.invalid>: > > Luis: > > Thanks for your input. I put the following into > conf/logging.properties and add debug="99" in the Realm definition so I > can see more Realm logging information: > > org.apache.catalina.realm.level = ALL > org.apache.catalina.realm.useParentHandlers = true > org.apache.catalina.authenticator.level = ALL > org.apache.catalina.authenticator.useParentHandlers = true > > > After the first login attempt in the application TOPS login screen, the > URL was redirected to https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check > with invalid UID/PW message. Then I entered topsadmin/@88Topstopstops as > id/pd and clicked the Login button again, I got the following message in > the catalina.out: > > > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking > request POST /TOPS-WEB/j_security_check > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[Entire Application]' against POST > /j_security_check --> true > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against > POST /j_security_check --> false > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[SecuredResource]' against POST > /j_security_check --> false > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[Entire Application]' against POST > /j_security_check --> true > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against > POST /j_security_check --> false > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[SecuredResource]' against POST > /j_security_check --> false > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling > hasUserDataPermission() > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.RealmBase.hasUserDataPermission User data > constraint already satisfied > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling > authenticate() > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate > Authenticating username 'topsadmin' > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.CombinedRealm.authenticate Attempting to > authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm] > 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.JNDIRealm.authenticate Exception performing > authentication. Retrying... > javax.naming.CommunicationException: Connection reset [Root exception is > java.net.SocketException: Connection reset]; ^^^^^^^^^^^^ That may be the reason!? It cannot connect and everything following is just bad error handling? > remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov' > at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002) > at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) > at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) > at > javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) > at > org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675) > at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510) > at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458) > at > org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403) > at > org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285) > at > org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188) > at > org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153) > at > org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417) > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.net.SocketException: Connection reset > at java.net.SocketInputStream.read(SocketInputStream.java:210) > at java.net.SocketInputStream.read(SocketInputStream.java:141) > at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) > at sun.security.ssl.InputRecord.read(InputRecord.java:503) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975) > at > sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933) > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) > at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) > at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) > at java.io.BufferedInputStream.read(BufferedInputStream.java:345) > at com.sun.jndi.ldap.Connection.run(Connection.java:877) > ... 1 more > > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user > [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm] > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate > Authentication of 'topsadmin' was successful > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate > Redirecting to original '/TOPS-WEB/' > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed > authenticate() test > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking > request GET /TOPS-WEB/ > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp > --> true > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against > GET /index.jsp --> false > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking > constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> > true > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling > hasUserDataPermission() > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasUserDataPermission User data > constraint has no restrictions > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling > authenticate() > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore > request from session '9F9F67A0434576D7C0FD0BB63C15F567' > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated > 'topsadmin' with type 'FORM' > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.register Session ID > changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to > [811799F279932B4B67D44931980994A7] > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to > restored request > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling > accessControl() > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles > GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)] > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_INQUIRY] > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_INQUIRY > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_ADMIN] > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_ADMIN > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_FIELD_USER_SFO] > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_SFO > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_MODELING] > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_MODELING > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INQUIRY] > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INQUIRY > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_EDITOR] > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_EDITOR > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_FIELD_USER_JFK] > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_JFK > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_FIELD_USER_JECEWR] > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_JECEWR > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_FIELD_USER_ORD] > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_ORD > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTERNATIONAL] > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTERNATIONAL > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_FIELD_USER_LAX] > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_LAX > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT > have role [TOPS_INTL_FIELD_USER_MIA] > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_MIA > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed > accessControl() test > > > > The error messages on the screen looks like below: > > HTTP Status 403 – Forbidden > > Type Status Report > > Message Access to the requested resource has been denied > > Description The server understood the request but refuses to authorize it. > > USPS_restricted > > > > > > > Any idea what is that about? Again the Ream definition is: > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636" > connectionName="wasd...@devsub.dev.dce.usps.gov" > connectionPassword="F0rkedup" > authentication="simple" > referrals="ignore" > userSearch="(sAMAccountName={0})" > userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" > userSubtree="true" > roleSearch="(member={0})" > roleName="cn" > roleSubtree="true" > roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" > adCompat="true" > /> > > > > Thanks > Gary > > Peter PS: you should redact sensitive data from your mails. At least change passwords now... google is NOT your friend in this case... > -----Original Message----- > From: Luis Rodríguez Fernández [mailto:uo67...@gmail.com] > Sent: Monday, April 15, 2019 3:47 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server > > Hello Gary, > > I would recommend you to add some debug to your JNDIReam [1]. For debugging > your ldap search filters ldapsearch can be your friend [2] :) > > Hope it helps, > > Luis > > [1] > https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat > [2] > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html > > > > > > > > El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor > (<gang....@usps.gov.invalid>) escribió: > >> All: >> >> >> >> Sorry on my previous email I have some graphic contents that can not >> be displayed. Now I change it to texts so you can see them >> >> >> >> *From:* Hua, Gary - Saint Louis, MO - Contractor [ >> mailto:gang....@usps.gov.INVALID <gang....@usps.gov.INVALID>] >> *Sent:* Thursday, April 11, 2019 4:29 PM >> *To:* users@tomcat.apache.org >> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server >> >> >> >> Tomcat Experts: >> >> >> >> The Tomcat server works fine in my local computer with >> application “TOPS“ in Eclipse. I deployed the TOPS application to our >> DEV web server eagnmnmed1f45 under webapps. >> >> >> >> After I started the Tomcat server (9.0.13) in DEV >> server and entered the TOPS home page URL >> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is >> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the >> browser, it was re-directed to >> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error: >> >> >> >> >> >> *The website cannot display the page* >> >> HTTP 500 >> >> >> >> *Most likely causes:* >> >> - The website is under maintenance. >> - The website has a programming error. >> >> >> >> *What you can try:* >> >> >> >> [image: res://\\ieframe.dll/bullet.png] >> >> Refresh the page.Refresh the page. >> >> >> >> [image: res://\\ieframe.dll/bullet.png] >> >> Go back to the previous page.Go back to the previous page. >> >> >> >> [image: More information] >> >> More information >> >> >> >> >> >> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f >> catalina.out >> >> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find >> configuration [LegDistanceImpl]; using defaults. >> >> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not >> binding factory to JNDI, no JNDI name configured >> >> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized. >> Response buffering is enabled >> >> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded >> for module ''. >> >> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules >> file from '/WEB-INF/validator-rules.xml' >> >> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules >> file from '/WEB-INF/validation.xml' >> >> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for >> module ''. The factory found is from module ''. No new creation. >> >> 05-Apr-2019 11:18:01.913 INFO [main] >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler >> ["http-nio-9080"] >> >> 05-Apr-2019 11:18:01.928 INFO [main] >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler >> ["https-jsse-nio-9443"] >> >> 05-Apr-2019 11:18:01.932 INFO [main] >> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms >> >> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor - >> Tiles definition factory found for request processor ''. >> >> Error connecting to LDAP server. >> >> java.lang.NullPointerException >> >> at >> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio >> n.java:120) >> >> at >> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio >> n.java:61) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod >> (AbstractDispatchAction.java:136) >> >> at >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra >> ctDispatchAction.java:84) >> >> at >> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute >> (AbstractTOPSDispatchAction.java:258) >> >> at >> org.apache.struts.action.RequestProcessor.processActionPerform(Request >> Processor.java:419) >> >> at >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav >> a:224) >> >> at >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194 >> ) >> >> at >> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) >> >> at >> javax.servlet.http.HttpServlet.service(HttpServlet.java:634) >> >> at >> javax.servlet.http.HttpServlet.service(HttpServlet.java:741) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549) >> >> at >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31 >> 4) >> >> at >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j >> ava:170) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli >> cationFilterChain.java:225) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application >> FilterChain.java:47) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:149) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:145) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi >> lterChain.java:144) >> >> at >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549) >> >> at >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31 >> 4) >> >> at >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j >> ava:253) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli >> cationFilterChain.java:191) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application >> FilterChain.java:47) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:149) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:145) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi >> lterChain.java:144) >> >> at >> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride >> Filter.java:125) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549) >> >> at >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31 >> 4) >> >> at >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j >> ava:253) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli >> cationFilterChain.java:191) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application >> FilterChain.java:47) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:149) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:145) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi >> lterChain.java:144) >> >> at >> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49 >> ) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) >> >> at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549) >> >> at >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31 >> 4) >> >> at >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j >> ava:253) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli >> cationFilterChain.java:191) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application >> FilterChain.java:47) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:149) >> >> at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte >> rChain.java:145) >> >> at java.security.AccessController.doPrivileged(Native Method) >> >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi >> lterChain.java:144) >> >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa >> lve.java:199) >> >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa >> lve.java:96) >> >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat >> orBase.java:607) >> >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja >> va:139) >> >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja >> va:92) >> >> at >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces >> sLogValve.java:668) >> >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv >> e.java:74) >> >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java >> :343) >> >> at >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java: >> 408) >> >> at >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh >> t.java:66) >> >> at >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP >> rotocol.java:791) >> >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi >> nt.java:1417) >> >> at >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase >> .java:49) >> >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j >> ava:1149) >> >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. >> java:624) >> >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr >> ead.java:61) >> >> at java.lang.Thread.run(Thread.java:748) >> >> >> >> >> >> >> >> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”, >> the login screen showed up. >> >> After I entered topsadmin/@88Topstopstops as id/pd and clicked >> Login button on the login screen, I got the following error: >> >> >> >> >> >> *Error* >> >> Error Message: You've entered an invalid Logon ID or Password. Please >> check that your Logon ID and Password are correct and try again. >> >> >> >> >> >> >> >> >> >> I know the topsadmin/@88Topstopstops is the correct id/pd. >> >> >> >> Any idea what happens here? Any input is appreciated. Following is >> the contents of server.xml and LDAP_realm.xml >> >> >> >> >> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml >> >> <?xml version='1.0' encoding='utf-8'?> >> >> <!DOCTYPE server-xml [ >> >> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml"> >> >> ]> >> >> <!-- >> >> Licensed to the Apache Software Foundation (ASF) under one or more >> >> contributor license agreements. See the NOTICE file distributed >> with >> >> this work for additional information regarding copyright ownership. >> >> The ASF licenses this file to You under the Apache License, Version >> 2.0 >> >> (the "License"); you may not use this file except in compliance with >> >> the License. You may obtain a copy of the License at >> >> >> >> http://www.apache.org/licenses/LICENSE-2.0 >> >> >> >> Unless required by applicable law or agreed to in writing, software >> >> distributed under the License is distributed on an "AS IS" BASIS, >> >> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >> >> See the License for the specific language governing permissions and >> >> limitations under the License. >> >> --> >> >> <!-- Note: A "Server" is not itself a "Container", so you may not >> >> define subcomponents such as "Valves" at this level. >> >> Documentation at /docs/config/server.html >> >> --> >> >> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz"> >> >> <Listener className="org.apache.catalina.startup.VersionLoggerListener" >> /> >> >> >> >> <!-- Security listener. Documentation at /docs/config/listeners.html >> --> >> >> <Listener className="org.apache.catalina.security.SecurityListener" >> checkedOsUsers="root" minimumUmask="0007"/> >> >> >> >> <!--APR library loader. Documentation at /docs/apr.html --> >> >> <Listener className="org.apache.catalina.core.AprLifecycleListener" >> SSLEngine="on" /> >> >> <!-- Prevent memory leaks due to use of particular java/javax >> APIs--> >> >> <Listener >> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" >> /> >> >> <Listener >> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener >> " /> >> >> <Listener >> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" >> /> >> >> >> >> <!-- Global JNDI resources Documentation at >> /docs/jndi-resources-howto.html --> >> >> <GlobalNamingResources> >> >> <!-- Editable user database that can also be used by >> UserDatabaseRealm to authenticate users --> >> >> <!-- *** Not needed, because we use JNDI Realm *** --> >> >> <!-- <Resource name="UserDatabase" auth="Container" >> >> type="org.apache.catalina.UserDatabase" >> >> description="User database that can be updated and saved" >> >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory" >> >> pathname="tomcat-users.xml" /> >> >> --> >> >> </GlobalNamingResources> >> >> >> >> <!-- A "Service" is a collection of one or more "Connectors" that >> share >> >> a single "Container" Note: A "Service" is not itself a >> "Container", >> >> so you may not define subcomponents such as "Valves" at this level. >> >> Documentation at /docs/config/service.html >> >> --> >> >> <Service name="Catalina"> >> >> >> >> <!--The connectors can use a shared executor, you can define one >> or more named thread pools--> >> >> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" >> maxThreads="150" minSpareThreads="4"/> --> >> >> >> >> <!-- A "Connector" represents an endpoint by which requests are >> received >> >> and responses are returned. Documentation at : >> >> Java HTTP Connector: /docs/config/http.html (blocking & >> non-blocking) >> >> Java AJP Connector: /docs/config/ajp.html >> >> APR (HTTP/AJP) Connector: /docs/apr.html >> >> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080 >> >> --> >> >> <Connector port="9080" >> >> protocol="HTTP/1.1" >> >> connectionTimeout="20000" >> >> redirectPort="9443" >> >> maxHttpHeaderSize="8192" >> >> allowTrace="false" >> >> xpoweredBy="false" >> >> enableLookups="false" /> >> >> <!-- A "Connector" using the shared thread pool--> >> >> <!-- >> >> <Connector executor="tomcatThreadPool" >> >> port="9080" protocol="HTTP/1.1" >> >> connectionTimeout="20000" >> >> redirectPort="9443" >> >> allowTrace="false" >> >> xpoweredBy="false" >> >> server="USPS" >> >> enableLookups="false" /> >> >> --> >> >> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443 >> >> This connector uses the NIO implementation that requires the >> JSSE >> >> style configuration. When using the APR/native >> implementation, the >> >> OpenSSL style configuration is required as described in the >> APR/native >> >> documentation --> >> >> <Connector port="9443" >> >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> >> connectionTimeout="60000" >> >> maxThreads="150" >> >> SSLEnabled="true" >> >> scheme="https" >> >> secure="true" >> >> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks" >> >> keystorePass="4bidden!" >> >> clientAuth="want" >> >> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, >> >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, >> >> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, >> >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, >> >> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, >> >> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, >> >> TLS_RSA_WITH_AES_256_CBC_SHA256, >> >> TLS_RSA_WITH_AES_256_GCM_SHA384" >> >> maxHttpHeaderSize="8192" >> >> allowTrace="false" >> >> xpoweredBy="false" >> >> server="USPS" >> >> enableLookups="false" /> >> >> >> >> <!-- Define an AJP 1.3 Connector on port 8009 --> >> >> <!-- >> >> <Connector port="8009" protocol="AJP/1.3" >> >> connectionTimeout="20000" >> >> protocol="AJP/1.3" >> >> redirectPort="9443" >> >> allowTrace="false" >> >> xpoweredBy="false" >> >> enableLookups="false" /> >> >> --> >> >> >> >> <!-- An Engine represents the entry point (within Catalina) that >> processes >> >> every request. The Engine implementation for Tomcat stand >> alone >> >> analyzes the HTTP headers included with the request, and >> passes them >> >> on to the appropriate Host (virtual host). >> >> Documentation at /docs/config/engine.html --> >> >> >> >> <!-- You should set jvmRoute to support load-balancing via AJP ie : >> >> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> >> >> --> >> >> <Engine name="Catalina" defaultHost="localhost"> >> >> >> >> <!--For clustering, please take a look at documentation at: >> >> /docs/cluster-howto.html (simple how to) >> >> /docs/config/cluster.html (reference documentation) --> >> >> <!-- >> >> <Cluster >> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> >> --> >> >> >> >> <!-- Use the LockOutRealm to prevent attempts to guess user >> passwords >> >> via a brute-force attack --> >> >> <Realm className="org.apache.catalina.realm.LockOutRealm"> >> >> >> >> <!-- This Realm uses the UserDatabase configured in the global >> JNDI >> >> resources under the key "UserDatabase". Any edits >> >> that are performed against this UserDatabase are >> immediately >> >> available for use by the Realm. --> >> >> <!-- >> >> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >> >> resourceName="UserDatabase"/> >> >> --> >> >> &LDAP_realm; >> >> </Realm> >> >> >> >> <Host name="localhost" >> >> appBase="webapps" >> >> unpackWARs="true" >> >> deployOnStartup="false" >> >> autoDeploy="false"> >> >> >> >> <Context path="" >> >> docBase="/opt/TomCat/tomcat/webapps/ROOT" >> >> debug="0" >> >> privileged="true"> >> >> </Context> >> >> >> >> <Context path="/TOPS-WEB" >> >> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB" >> >> debug="0" >> >> privileged="true"> >> >> <Resource name="jdbc/TOPSDB" >> >> auth="Container" >> >> type="javax.sql.DataSource" >> >> driverClassName="oracle.jdbc.OracleDriver" >> >> inactiveConnectionTimeout="120" >> >> maxPoolSize="20" >> >> minPoolSize="1" >> >> password="g3td0wn" >> >> url="jdbc:oracle:thin:@ >> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE >> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag >> >> >> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT= >> 1521)))(CONNECT_DATA=(SERVICE_NAME= >> dtops.usps.gov)))" >> >> username="TOPS_ADMIN" >> >> validateConnectionOnBorrow="true"/> >> >> </Context> >> >> >> >> <!-- SingleSignOn valve, share authentication between web applications >> >> Documentation at: /docs/config/valve.html --> >> >> <!-- >> >> <Valve className="org.apache.catalina.authenticator.SingleSignOn" >> /> >> >> --> >> >> >> >> <!-- Access log processes all example. >> >> Documentation at: /docs/config/valve.html >> >> Note: The pattern used is equivalent to using >> pattern="common" --> >> >> <Valve className="org.apache.catalina.valves.AccessLogValve" >> directory="logs" >> >> prefix="localhost_access_log" suffix=".txt" >> >> pattern="%h %l %u %t "%r" %s %b" /> >> >> >> >> </Host> >> >> </Engine> >> >> </Service> >> >> </Server> >> >> >> >> >> >> >> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml >> >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> >> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636" >> >> connectionName="wasd...@devsub.dev.dce.usps.gov" >> >> connectionPassword="F0rkedup" >> >> authentication="simple" >> >> referrals="ignore" >> >> userSearch="(sAMAccountName={0})" >> >> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" >> >> userSubtree="true" >> >> roleSearch="(member={0})" >> >> roleName="cn" >> >> roleSubtree="true" >> >> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" >> >> adCompat="true" >> >> /> >> >> >> >> >> >> Thanks >> >> Gary >> >> >> >> >> >> >> >> >> > > > -- > > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." > > - Samuel Beckett > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org