Re: Help needed with SpnegoAuthenticator authentication
2013/11/15 chris ch...@ottmountainbike.co.uk: Any help with this would be very much appreciated. We are trying to proof of concept this to return the remote user's domain login name to use it in a Web application. Attempting to use a keytab method to hopefully negate any requirement for exposing the kerberos principal delegate in any server configuration files. We have a test configuration for SpnegoAuthenticator authentication using Apache Tomcat/7.0.47 in sandbox environment. From a remote client workstation we are seeing an HTTP 500 error when testing and looking for some insight as to what is wrong or missing in our test environment. Environment: Apache Tomcat/7.0.47 Java JDK/JRE 1.7.0_45 Test Workstation: Windows 7 x64 (domain joined) Test Server: Windows Server 2008 R2 When testing see Log dump --- Nov 14, 2013 10:04:50 PM org.apache.catalina.authenticator.SpnegoAuthenticator authenticate SEVERE: Unable to login as the service principal javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown [..] SPN is delegated to the domain account with UPN: svctomca...@mydom.int (Setspn –a http/tomcatsvr.mydom.int:8080 svctomcatdv) No need for the port when defining a SPN. * Domain Controller DC1 is Server 2008 R2 * Windows server hosting Tomcat is Server 2008 R2 * PC is Windows 7 and configured to automatically login in Intranet zone identified by *.mydom.int Keytab generated using the ktpass.exe utility with command: ktpass /crypto AES256-SHA1 /princ svctomca...@mydom.int /pass * /kvno 0 /ptype KRB5_NT_SRV_INST /out C:\temp\tc.keytab I have found that an error like this indicates a bad keytab. I generate keytab with the /princ option set to the SPN of the user (as indicated on tomcat documentation : http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Domain_Controller) Could you try it this way? ktpass /crypto AES256-SHA1 /princ http/tomcatsvr.mydom@mydom.int /pass * /kvno 0 /out C:\temp\tc.keytab Cédric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
setting the text or binary buffer size for websockets
Hi i read this: http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html so what i do is add this into the web.xml -- Johan Compagner Servoy
Re: setting the text or binary buffer size for websockets
sorry, mail did go to soon... I do this in the web.xml (directly in the web-app tag) context-param param-nameorg.apache.tomcat.websocket.textBufferSize/param-name param-value32768/param-value /context-param context-param param-nameorg.apache.tomcat.websocket.binaryBufferSize/param-name param-value32768/param-value /context-param But this doesn't seem to have any effect, i still see in the browser stuff like frames of max 8192 (and continuation frames) We have problems (with chrome) with all kinds of errors when sending these frames (invalid opcode, utf char encoding problem, reserved words 1 ,2 ,3 errors in the browser) So i want to see if i just don't use frames what the result is then Johan On 16 November 2013 15:09, Johan Compagner jcompag...@servoy.com wrote: Hi i read this: http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html so what i do is add this into the web.xml -- Johan Compagner Servoy -- Johan Compagner Servoy
Re: Http url connection : server returned http response code 400
THanks you, can you please let me know what optimization I have to make.
con.setRequestProperty(Referer, request.getHeader(Referer));
was the issue , since it was being set to null
On Mon, Nov 11, 2013 at 7:38 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vicky,
On 11/11/13, 10:02 AM, vicky b wrote:
I am getting server returned http response code 400 when i run
below code from my tomcat however it works fine when i run it in
WAS whch has proxy server settings.
URL url = new URL(reqUrl); HttpURLConnection con =
(HttpURLConnection)url.openConnection(); con.setDoOutput(true);
con.setRequestMethod(request.getMethod());
if(request.getContentType() != null) {
con.setRequestProperty(Content-Type, request.getContentType());
} con.setRequestProperty(Referer, request.getHeader(Referer));
int clength = request.getContentLength(); if(clength 0) {
con.setDoInput(true); InputStream istream =
request.getInputStream(); OutputStream os = con.getOutputStream();
final int length = 5000; byte[] bytes = new byte[length]; int
bytesRead = 0; while ((bytesRead = istream.read(bytes, 0, length))
0) { os.write(bytes, 0, bytesRead); } } else {
con.setRequestMethod(GET); } out.clear(); out =
pageContext.pushBody(); OutputStream ostream =
response.getOutputStream(); System.out.println( finished
getOUTputsteram); response.setContentType(con.getContentType());
InputStream in = con.getInputStream(); final int length = 5000;
byte[] bytes = new byte[length]; int bytesRead = 0; while
((bytesRead = in.read(bytes, 0, length)) 0) {
ostream.write(bytes, 0, bytesRead); }
So you have a quick-and-dirty proxy servlet, right?
There are a number of optimizations, etc that you should probably
make, but none of the above code uses any Tomcat code (other than
fetching information from the incoming request, which presumably works
correctly).
It looks like you are getting a 400 from the server your code is
contacting. Have you looked at the request that is actually being sent?
Under what conditions do you get a 400 response? I see you are
unconditionally setting con.setDoOutput(true) even if you don't intend
to send any data. You conditionally call setDoInput which doens't make
a great deal of sense. I think you have these two calls reversed in
your head.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSgPnjAAoJEBzwKT+lPKRYg7QP/2DIfwXWl/d5XTXxLwn637H7
voM3qF26zyoObW5F/Z2TmTDnidmTb/D4PSn/ZE+1cKJcbgBWoY36fJ+MFaAXhptf
5MQet22E7xCUWs0n9Y9QbcPA7J5ZaGDap4O3ukW5C8O4/+vPkkNnjlIycNRa/P+/
UvfvZVxVeZR2xioar4L81gr0CgBzCALUjCPQ5pLqh14NOMzl9nfNbxmkCUvQYpGa
YpWmVhF7QKuv08fJxNLzEzjuZS+gQZn1SdqaMWoO3ebUrWMIpNiiv/xZC/oJInIT
qfxvDrRpRpzzbhIWUwdfj4PzXHDJz0OlUVN5UzDY0WocDMddN1QeaRuQaZQnLpsK
Cy27E8wWJrATd4vdki7FteQCIyZBPB6A/sBy0nKSArvn13uGowcdgPpTsc+sW5hP
GxRiohnpH9vWj2IMDSuBtnnipDp/+f7JsvjQqOQ2Pmw2Zs6BwCAG8v7ufDFil6Lj
NDhIPJ7FFeCmso+DeWItmBQq7iQV7mQaZ9DKhS9y/1hd0ZF/kqTv5KgKzpu12BTE
2GauCWxIt9qiCuVgNEpp4cEsV4sptxV+XI4k5DtFVB0EMcX9gGVNYjxJSQP/4efG
tjgA6jG2Ea/YM2KU2cJu0F2mFL3qKr3Vh47K5NE+mHtFMhrygz8nH5zX+s9nvF6F
5vrRBravwnLLOk/ZGOU2
=Zxr5
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
*Thanks Regards Vickyb*
Re: Tomcat session with uncertain problem
Thanks for the help, the problem was in my programming, I used global
variables to store user information and when two users trying to log into
same instant, both sessions take erroneous data.
Thanks again for help
2013/11/13 Terence M. Bandoian tere...@tmbsw.com
On 11/11/2013 3:58 PM, Christopher Schultz wrote:
Terrence,
On 11/11/13, 4:31 PM, Terence M. Bandoian wrote:
On 11/11/2013 2:29 PM, Jose Irrazabal wrote:
Thanks for the reply
I generate the session in a servlet in doPost method that would
be:
protected void doPost ( HttpServletRequest request ,
HttpServletResponse response) throws ServletException ,
IOException {
*/ / create the session* HttpSession session = request.getSession
( ) ;
*/ / set attribute* session.setAttribute ( idser p_iduser )
; session.setAttribute ( username , p_username ) ;
*/ / redirect to page menu.jsp * response.sendRedirect (
menu.jsp ) ;
} */ / end method*
On page menu.jsp I get the attribute with :
session = request.getSession ( false); String userid = (String )
session.getAttribute ( userid ) ; String user = (String )
session.getAttribute ( user) ;
It is possible that this code *HttpSession session =
request.getSession ( )* ;
this bad and how I can correct it.
It is possible that this code:* session = request.getSession
(false )*, this bad and how I can correct it.
They could give me an example of how to work with sessions
(create and capture) in a Java application with JSP, please
Hi, Jose-
Is your request variable the implicit object provided by the JSP
container? Do you maintain a reference to the request object
anywhere?
Do you maintain a reference to the session object anywhere? Also,
there is an implicit session object provided by the JSP container
which is set before your code is executed in a JSP page so it
shouldn't have to be set again in menu.jsp. However, if you do
call request.getSession and include a false argument, it would
probably be best to check for a null return value.
Are you sure your servlet is always executed before menu.jsp for a
given session?
One thing you might consider is implementing HttpSessionListener
and removing all of your application-specific attributes in the
sessionDestroyed method. That might help make the situation more
clear.
You might also consider setting your session attributes in a
servlet filter rather than in a servlet. That would eliminate the
need for a redirect.
request - servlet - JSP using a forward is fairly typical. Redirects
are slightly less common but there's no reason there should be any
suspicion about a problem, there.
In this case, the data is being stored in the session (and not the
request) so doing a redirect (or forward) is not much different from a
pass-through filter.
It's pretty clear that the code above is for example/testing purposes,
so I wouldn't treat this as a real-world scenario.
-chris
Hi, Cris-
I think I provided a clear response with some useful suggestions to
consider.
-Terence
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: $CATALINA_HOME/conf/tomcat-users.xml - access deneid
Hello My employer wants my to put a war file on tomcat server installed in by http://198.57.249.59:8080/ hostgator.com problem is that I can't get to the app manger since I don't have usernameand password. I know that I should edit the above file, I tried through putty but access to file is denied. what should I do?
Re: setting the text or binary buffer size for websockets
Johan, What you've described is exactly what works for me. But I am still on RC1. -Igor. On Sat, Nov 16, 2013 at 6:12 AM, Johan Compagner jcompag...@servoy.comwrote: sorry, mail did go to soon... I do this in the web.xml (directly in the web-app tag) context-param param-nameorg.apache.tomcat.websocket.textBufferSize/param-name param-value32768/param-value /context-param context-param param-nameorg.apache.tomcat.websocket.binaryBufferSize/param-name param-value32768/param-value /context-param But this doesn't seem to have any effect, i still see in the browser stuff like frames of max 8192 (and continuation frames) We have problems (with chrome) with all kinds of errors when sending these frames (invalid opcode, utf char encoding problem, reserved words 1 ,2 ,3 errors in the browser) So i want to see if i just don't use frames what the result is then Johan On 16 November 2013 15:09, Johan Compagner jcompag...@servoy.com wrote: Hi i read this: http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html so what i do is add this into the web.xml -- Johan Compagner Servoy -- Johan Compagner Servoy
RE: $CATALINA_HOME/conf/tomcat-users.xml - access deneid
From: ישראל מלאכי [mailto:alayc...@gmail.com] Subject: Fwd: $CATALINA_HOME/conf/tomcat-users.xml - access deneid My employer wants my to put a war file on tomcat server installed in by http://198.57.249.59:8080/ hostgator.com problem is that I can't get to the app manger since I don't have usernameand password. I know that I should edit the above file, I tried through putty but access to file is denied. what should I do? You'll need to contact HostGator support to find out how to get appropriate access to their servers. This has nothing to do with Tomcat itself. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
