Re: HTML 508 error with container authentication and virtual host
Here is information on how we have Apache configured. Apache is the virtual host and it redirects to the (war) app deployed in Tomcat. Note it has the app name in the ProxyPass/ProxyPassReverse URL. Regarding your question on how we deploy the app, I use Tomcat's Manager app to upload a war file. Note this same Tomcat instance has several other war apps as well. Note at first we thought this was working as it does redirect to the right app and the correct login page, the problem is when they click the Login button that's when the 408 error occurs. The 408 error does not occur if we launch the app via http://localhost:8080/myapp/. The error only occurs when users use sub1.mydomain.com which is the only URL that will have access to. What are we doing wrong? We are probably missing something simple...just don't see it. Also I'd be happy to upgrade Tomcat to a later version if that would help. ##Apache: Just a ReverseProxy to the Tomcat app: VirtualHost *:80 ServerName sub1.mydomain.com ServerAlias sub1.mydomain.com ## ReverseProxy's ProxyRequests Off ProxyPreserveHost Off # Have tried both on and off Proxy * Order deny,allow Allow from all /Proxy ProxyPass / http://localhost:8080/myapp/ ProxyPassReverse / http://localhost:8080/myapp/ On Wed, Jul 8, 2015 at 7:53 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 7/7/15 11:14 AM, David Hoffer wrote: Here is the relevant parts of the web.xml. I didn't do the Apache configuration so I'll have to get more details there but I was told that is no different than how we configure virtual hosts for other apps that don't use Tomcat's authentication. E.g. it seems Tomcat is requiring to have the app's name in the URL...not a subdomain. Well, /of course/ Tomcat requires the app's name in the URL. That's how Tomcat figures out which application should take the request. Where is your application deployed? What WAR file (or exploded-WAR directory)? Any other details that might help explain what's going on? As André said, none of us has a crystal ball (well... one of us does, but he's been MIA for quite a long time). FORM authentication works in Tomcat, whether through an httpd-based proxy or not. Most of us use it /all the time/. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVnStSAAoJEBzwKT+lPKRYrjUP/2DO0eK+Ee1r2SqqVBRZjvtK KsDWGY1lq/n2OELZYCRYCoiVCSwYJZ5qbe9x34GFSSLR9Ictrpo5zS4f3UhxdK5N INeWzvQy6WlDcu962bGopNqLedrpFJBGPbrbY3mP13bm2KByjbbrD7z8LqQrnlUM GyHLPpgWfwbaPdG+2sVG4Xi0oa/uqCGGW7XkcUCq+0IXCDKnxHmwgxERrb1T4b3y Yq0uG644pZ3ZhDQaWhtC9ENXz6+Nw0WW82k6OfyyR7bs7m/axqfDa8G45s33hJXV KK0GPR2Ke19xvILJ9xM6K4Bvss4y61O7TGhrfpUujniKDrmArDoJ7gALHDyCpguE CJ2P743d4KL2bDt3Kpvc3Pct615dtIECn7+0fiJP/wZP9r7PhV0jm0srxmVF/29W rgfJhNEMGsAmHKHjY7f7LIbJPO9t2sY7khwR5TmL8rjvD1ryAadkrxTTNngeV8/L +h063CkbVX4+jQ9S5/QLdcD/CtL8iYE/p29FS60o+b5JwiBeOGjxnuJl0ahu9EIa 4Q3tuMn8jtFc8mxvvSIL2I2ErRx+4mQECJwZsCnMPmD+k+dgSuGndt7avG8Jrfk/ XqS36lNth9O916Xkgp9bKPpxOD5o5EXfXLFInr+nuew7V3Tbm0zjfsDiLx4YuQgM NkOj5Rfv9gikgn9nq3Au =7b2b -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTML 508 error with container authentication and virtual host
My bad. I recalled the error wrong...it's 408. HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser On Tue, Jul 7, 2015 at 9:36 AM, Mark Thomas ma...@apache.org wrote: On 07/07/2015 15:13, David Hoffer wrote: I've added FORM container authentication with Tomcat and everything works fine as long as users use the full URL to the app (URL in Tomcat's manager app). However users want to use a different URL based on a virtual host, e.g. myapp.mycompany.com. It brings the users to the app no problem but then when they try to login Tomcat reports a 508 error, how do I solve this? Nope. Tomcat never issues a 508 response. Wherever that is coming from it isn't Tomcat code. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTML 508 error with container authentication and virtual host
Here is the relevant parts of the web.xml. I didn't do the Apache configuration so I'll have to get more details there but I was told that is no different than how we configure virtual hosts for other apps that don't use Tomcat's authentication. E.g. it seems Tomcat is requiring to have the app's name in the URL...not a subdomain. security-constraint web-resource-collection web-resource-namePublic/web-resource-name url-pattern/login.jsp/url-pattern url-pattern/error.jsp/url-pattern /web-resource-collection /security-constraint security-constraint web-resource-collection web-resource-nameWildcard means whole app requires authentication/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namemyapp-user/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config session-config session-timeout60/session-timeout /session-config On Tue, Jul 7, 2015 at 8:55 AM, André Warnier a...@ice-sa.com wrote: David Hoffer wrote: 1. Apache Tomcat/7.0.55 (Ubuntu) 2. Hum I don't think so...it works fine when using the full URL, e.g. www.mycompany.com:8080/myapp its only when we use Apache wait.. what, how ? you are using an Apache httpd front-end ? you never mentioned that before. We have no crystal ball here, so we are trying to guess your configuration, to try to guess what the problem may be. But if you are hiding things for us, this could take a long time. We may also need to know how exactly you are proxying from Apache httpd to Tomcat then. Anyway, also send your webapp's web.xml. From your (incomplete) description so far, it looks as if your may re-directing to the wrong place, which re-directs to the wrong place, which re-directs to the wrong place and so on. You are probably doing your very own DOS attack on your own server. :-) You may be able to figure this out by yourself, if you think about what really happens, step by step. so users can get to this same app via myapp.mycompany.com that we get the 508 error from Tomcat. 3. I don't think we have made any changes to Tomcat's server.xml but here is a copy. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.LockOutRealm Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b / /Host /Engine /Service /Server On Tue, Jul 7, 2015 at 8:28 AM, André Warnier a...@ice-sa.com wrote: Hi. David Hoffer wrote: I've added FORM container authentication with Tomcat and everything works fine as long as users use the full URL to the app (URL in Tomcat's manager app). However users want to use a different URL based on a virtual host, e.g. myapp.mycompany.com. It brings the users to the app no problem but then when they try to login Tomcat reports a 508 error, how do I solve this? The URL in the browser when this happens is myapp.mycompany.com/j_security_check 1) to save time to everyone in the end, please provide at least the full version of Tomcat that you are using. 2) HTTP status code 508 indicates that some server resource limit has been reached. That points to some kind of infinite loop. That would tend to hint at the fact that whatever your login form is pointing to, maybe itself is a protected location and so on.. 3) Anyway, your
HTML 508 error with container authentication and virtual host
I've added FORM container authentication with Tomcat and everything works fine as long as users use the full URL to the app (URL in Tomcat's manager app). However users want to use a different URL based on a virtual host, e.g. myapp.mycompany.com. It brings the users to the app no problem but then when they try to login Tomcat reports a 508 error, how do I solve this? The URL in the browser when this happens is myapp.mycompany.com/j_security_check -Dave
Re: HTML 508 error with container authentication and virtual host
1. Apache Tomcat/7.0.55 (Ubuntu) 2. Hum I don't think so...it works fine when using the full URL, e.g. www.mycompany.com:8080/myapp its only when we use Apache so users can get to this same app via myapp.mycompany.com that we get the 508 error from Tomcat. 3. I don't think we have made any changes to Tomcat's server.xml but here is a copy. ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.LockOutRealm Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b / /Host /Engine /Service /Server On Tue, Jul 7, 2015 at 8:28 AM, André Warnier a...@ice-sa.com wrote: Hi. David Hoffer wrote: I've added FORM container authentication with Tomcat and everything works fine as long as users use the full URL to the app (URL in Tomcat's manager app). However users want to use a different URL based on a virtual host, e.g. myapp.mycompany.com. It brings the users to the app no problem but then when they try to login Tomcat reports a 508 error, how do I solve this? The URL in the browser when this happens is myapp.mycompany.com/j_security_check 1) to save time to everyone in the end, please provide at least the full version of Tomcat that you are using. 2) HTTP status code 508 indicates that some server resource limit has been reached. That points to some kind of infinite loop. That would tend to hint at the fact that whatever your login form is pointing to, maybe itself is a protected location and so on.. 3) Anyway, your question above would be a lot clearer (and it would also save time), if you copy and paste the content of your Tomcat's server.xml file, below here : (please remove any comments and confidential information) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
404 Errors for all apps in Tomcat 7.0.23
I just installed Tomcat 7.0.23 using Windows 64 bit installer and deployed a couple apps via the manager application, however when I run them I get HTTP Status 404 errors. However I see that I get the same error for the standard default apps, docs, examples, etc. The only URL that works is http://IP:8080/manager/html. In the log I see: Dec 27, 2011 3:28:29 PM org.apache.catalina.core.StandardHostValve custom SEVERE: Exception Processing ErrorPage[errorCode=404, location=/WEB-INF/jsp/404.jsp] java.lang.NullPointerException at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:455) at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:324) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:193) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) What do I have to do to enable the apps? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 404 Errors for all apps in Tomcat 7.0.23
No errors are reported at start up, here is the catalina log. 2011-12-27 17:57:07 Commons Daemon procrun stderr initialized Dec 27, 2011 5:57:08 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;;. Dec 27, 2011 5:57:08 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] Dec 27, 2011 5:57:08 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 426 ms Dec 27, 2011 5:57:08 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Dec 27, 2011 5:57:08 PM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.23 Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\docs Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.ContextConfig getDefaultWebXmlFragment INFO: No global web.xml found Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\examples Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\host-manager Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\manager Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\ROOT Dec 27, 2011 5:57:08 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [http-bio-8080] Dec 27, 2011 5:57:08 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler [ajp-bio-8009] Dec 27, 2011 5:57:08 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 416 ms -Dave On Tue, Dec 27, 2011 at 10:29 AM, Pid * p...@pidster.com wrote: On 27 Dec 2011, at 15:43, David Hoffer dhoff...@gmail.com wrote: I just installed Tomcat 7.0.23 using Windows 64 bit installer and deployed a couple apps via the manager application, however when I run them I get HTTP Status 404 errors. However I see that I get the same error for the standard default apps, docs, examples, etc. The only URL that works is http://IP:8080/manager/html. In the log I see: Dec 27, 2011 3:28:29 PM org.apache.catalina.core.StandardHostValve custom SEVERE: Exception Processing ErrorPage[errorCode=404, location=/WEB-INF/jsp/404.jsp] java.lang.NullPointerException What about before that during startup? p at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:455) at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:324) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:193) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) What do I have to do to enable the apps? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional
Re: 404 Errors for all apps in Tomcat 7.0.23
Yes that was a full log of that file. The only change I made was in the Manager App's config I increased the size of the max file size because one of my apps is bigger than 50MB, so I just made a change to the web.xml in the manager app. The http://IP:8080/manger/html page shows the correct list of apps but if you click on any of the applications (path) I get the 404 error...and I have undeployed all my apps so the problem exists with the standard sample apps too. Should I try a different Tomcat version? -Dave On Tue, Dec 27, 2011 at 3:33 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 12/27/11 10:42 AM, David Hoffer wrote: I just installed Tomcat 7.0.23 using Windows 64 bit installer and deployed a couple apps via the manager application, however when I run them I get HTTP Status 404 errors. However I see that I get the same error for the standard default apps, docs, examples, etc. The only URL that works is http://IP:8080/manager/html. In the log I see: Dec 27, 2011 3:28:29 PM org.apache.catalina.core.StandardHostValve custom SEVERE: Exception Processing ErrorPage[errorCode=404, location=/WEB-INF/jsp/404.jsp] java.lang.NullPointerException at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:455) Is that stack trace complete? It seems to indicate that /WEB-INF/jsp/404.jsp is being invoked, but that JSP isn't actually executing. The only thing I can think of is that the JSP can't be found while processing an error (404?) and do you get this error as well. Have you made any modifications to Tomcat other than enabling the manager webapp and deploying some webapps onto it? What do I have to do to enable the apps? Deployment ought to enable the apps. What does the manager show in the list of deployed webapps? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk76R7QACgkQ9CaO5/Lv0PBjiQCgjCT7wt2tDxFEbJr0bgXTLRvu zHkAnRMrr52g8R+Ggu3MAljah1i4dooK =BW8D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 404 Errors for all apps in Tomcat 7.0.23
Localhost.log: Dec 28, 2011 2:19:18 AM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() Dec 28, 2011 2:19:18 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() localhost_access.log is empty at startup until I click on one of the apps in the manager page, then it has: 172.31.255.154 - admin [28/Dec/2011:02:37:27 +] GET /manager/html HTTP/1.1 200 15821 172.31.255.154 - - [28/Dec/2011:02:37:27 +] GET /manager/images/asf-logo.gif HTTP/1.1 404 952 172.31.255.154 - - [28/Dec/2011:02:37:27 +] GET /manager/images/tomcat.gif HTTP/1.1 404 952 172.31.255.154 - - [28/Dec/2011:02:37:27 +] GET /favicon.ico HTTP/1.1 404 952 172.31.255.154 - - [28/Dec/2011:02:37:31 +] GET /docs HTTP/1.1 302 - 172.31.255.154 - - [28/Dec/2011:02:37:31 +] GET /docs/ HTTP/1.1 404 952 172.31.255.154 - - [28/Dec/2011:02:37:31 +] GET /favicon.ico HTTP/1.1 404 952 I don't know why the one log references Java in the Windows folder...that folder does not exist. I have added Java to the system path (it wasn't there before) so now that log file has this line: INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Java\jre6\bin;. My Java version is 1.6.0_30 I did stop Tomcat and was able to manually delete the logs and work folders and then I restarted. Windows lets me delete these files but does prompt me asking that I will need to be an administrator which it allows me to do. Tomcat is running as a service, could it be that it doesn't have enough rights to do something? It is creating contents in both the log and work folders... This is running on OS - Windows 7 64bit Enterprise VM. Thanks, -Dave On Tue, Dec 27, 2011 at 5:43 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2011/12/28 David Hoffer dhoff...@gmail.com: Yes that was a full log of that file. The only change I made was in the Manager App's config I increased the size of the max file size because one of my apps is bigger than 50MB, so I just made a change to the web.xml in the manager app. The http://IP:8080/manger/html page shows the correct list of apps but if you click on any of the applications (path) I get the 404 error...and I have undeployed all my apps so the problem exists with the standard sample apps too. You cited only one of log files. What is in other log files? What is in localhost*.log? What is in access log? Try to stop Tomcat and delete everything from the work directory. (I wonder whether *.class files for the JSPs are there. That is, whether the directory is writable.) The same with logs directory. Clear it, move old logs somewhere. What Java version are you using? (It is a bit odd that the path shown in the log is C:\Windows\Sun\Java\bin). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to configure Tomcat 6.0 with JAAS?
Thanks, if possible could you/someone send some examples of how to configure JAAS with JBoss? I have it working with Tomcat but need the minimum configuration to do the same for JBoss. Note, I have a servlet that at startup sets the JAAS configuration, i.e. Configuration.setConfiguration(configuration) which sets the LoginModule to use. I just need to know how to configure JBoss to work with this LoginModule. -Dave On Tue, May 12, 2009 at 10:56 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: How to configure Tomcat 6.0 with JAAS? ... though JBoss uses Tomcat as its default servlet container Unfortunately, JBoss does not use Tomcat's authentication - it has its own. When we wrote JAAS modules for use on our proprietary OS, we had to do separate implemenations for JBoss and Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
How to configure Tomcat 6.0 with JAAS?
No matter what I do...I always get an 'HTTP Status 403 - Access to the requested resource has been denied error' displayed after authenticating in Tomcat with JAAS. Here is my configuration. Tomcat 6.0.x server.xml: ... Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- JAAS config -- Realm className=org.apache.catalina.realm.JAASRealm appName=CDF_TestApp userClassNames=ipt.tas.security.login.TASUserPrincipal roleClassNames=ipt.tas.security.login.TASGroupPrincipal useContextClassLoader=true debug=99/ /Host /Engine /Service /Server Issues here...since TASUserPrincipal TASGroupPrincipal are not available yet (they are in my web app) hasn't started how can I delay configuration until my web app has started? (Doubt this is cause of error however). My WebApp web.xml: !--Test code to get JAAS to work-- servlet servlet-nameStartupServlet/servlet-name servlet-class com.issinc.cdf.servlet.StartupServlet /servlet-class load-on-startup1/load-on-startup /servlet security-constraint web-resource-collection web-resource-nameTest App/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namemembers/role-name /auth-constraint /security-constraint security-role description /description role-namemembers/role-name /security-role login-config auth-methodBASIC/auth-method realm-nameTest App Realm/realm-name /login-config !--End JAAS code-- Note that StartupServlet configures JAASConfiguration to load my custom LoginModule. When my web app starts I do get the authentication dialog and I enter my login info. I have debugged my custom LoginModule and login() and commit() both succeed/return true for the user. However when the app continues I get the 403 error stated above. What am I doing wrong? I don't understand if/how the role-name(s) specifed in the web.xml are validated at this point. Do I have to tie my Subject Principal to these roles somehow? Or are these roles just used by the JAAS logic after authenication is complete? I will say that if I remove the auth-constraint section then the login dialog is not even displayed. Can someone point me to my error? -Dave
Re: How to configure Tomcat 6.0 with JAAS?
Update. It looks like the problem is with the Tomcat Realm configuration. If I move the jar that contains these custom classes to the Tomcat lib folder then it works! However this is not a workable solution. I can't deploy jars like this. How can I delay JAAS realm configuration to my web app? After all what is the purpose of useContextClassLoader? Ideally I would like to move the configuration out of server.xml to my web app so this is self-contained. What is the right way to do this? -Dave On Mon, May 11, 2009 at 1:14 PM, David Hoffer dhoff...@gmail.com wrote: No matter what I do...I always get an 'HTTP Status 403 - Access to the requested resource has been denied error' displayed after authenticating in Tomcat with JAAS. Here is my configuration. Tomcat 6.0.x server.xml: ... Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- JAAS config -- Realm className=org.apache.catalina.realm.JAASRealm appName=CDF_TestApp userClassNames=ipt.tas.security.login.TASUserPrincipal roleClassNames=ipt.tas.security.login.TASGroupPrincipal useContextClassLoader=true debug=99/ /Host /Engine /Service /Server Issues here...since TASUserPrincipal TASGroupPrincipal are not available yet (they are in my web app) hasn't started how can I delay configuration until my web app has started? (Doubt this is cause of error however). My WebApp web.xml: !--Test code to get JAAS to work-- servlet servlet-nameStartupServlet/servlet-name servlet-class com.issinc.cdf.servlet.StartupServlet /servlet-class load-on-startup1/load-on-startup /servlet security-constraint web-resource-collection web-resource-nameTest App/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namemembers/role-name /auth-constraint /security-constraint security-role description /description role-namemembers/role-name /security-role login-config auth-methodBASIC/auth-method realm-nameTest App Realm/realm-name /login-config !--End JAAS code-- Note that StartupServlet configures JAASConfiguration to load my custom LoginModule. When my web app starts I do get the authentication dialog and I enter my login info. I have debugged my custom LoginModule and login() and commit() both succeed/return true for the user. However when the app continues I get the 403 error stated above. What am I doing wrong? I don't understand if/how the role-name(s) specifed in the web.xml are validated at this point. Do I have to tie my Subject Principal to these roles somehow? Or are these roles just used by the JAAS logic after authenication is complete? I will say that if I remove the auth-constraint section then the login dialog is not even displayed. Can someone point me to my error? -Dave
Re: How to configure Tomcat 6.0 with JAAS?
Okay that sounds good I'll try that. Next newbie question...will this be server agnostic? I need to support Tomcat/JBoss/WebLogic. -Dave On Mon, May 11, 2009 at 4:17 PM, Pid p...@pidster.com wrote: David Hoffer wrote: Update. It looks like the problem is with the Tomcat Realm configuration. If I move the jar that contains these custom classes to the Tomcat lib folder then it works! However this is not a workable solution. I can't deploy jars like this. How can I delay JAAS realm configuration to my web app? After all what is the purpose of useContextClassLoader? Ideally I would like to move the configuration out of server.xml to my web app so this is self-contained. What is the right way to do this? Configure the realm at the context level - ie in the META-INF/context.xml of your WAR, or application directory. p -Dave On Mon, May 11, 2009 at 1:14 PM, David Hoffer dhoff...@gmail.com wrote: No matter what I do...I always get an 'HTTP Status 403 - Access to the requested resource has been denied error' displayed after authenticating in Tomcat with JAAS. Here is my configuration. Tomcat 6.0.x server.xml: ... Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- JAAS config -- Realm className=org.apache.catalina.realm.JAASRealm appName=CDF_TestApp userClassNames=ipt.tas.security.login.TASUserPrincipal roleClassNames=ipt.tas.security.login.TASGroupPrincipal useContextClassLoader=true debug=99/ /Host /Engine /Service /Server Issues here...since TASUserPrincipal TASGroupPrincipal are not available yet (they are in my web app) hasn't started how can I delay configuration until my web app has started? (Doubt this is cause of error however). My WebApp web.xml: !--Test code to get JAAS to work-- servlet servlet-nameStartupServlet/servlet-name servlet-class com.issinc.cdf.servlet.StartupServlet /servlet-class load-on-startup1/load-on-startup /servlet security-constraint web-resource-collection web-resource-nameTest App/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namemembers/role-name /auth-constraint /security-constraint security-role description /description role-namemembers/role-name /security-role login-config auth-methodBASIC/auth-method realm-nameTest App Realm/realm-name /login-config !--End JAAS code-- Note that StartupServlet configures JAASConfiguration to load my custom LoginModule. When my web app starts I do get the authentication dialog and I enter my login info. I have debugged my custom LoginModule and login() and commit() both succeed/return true for the user. However when the app continues I get the 403 error stated above. What am I doing wrong? I don't understand if/how the role-name(s) specifed in the web.xml are validated at this point. Do I have to tie my Subject Principal to these roles somehow? Or are these roles just used by the JAAS logic after authenication is complete? I will say that if I remove the auth-constraint section then the login dialog is not even displayed. Can someone point me to my error? -Dave - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
