Re: Tomcat, Realm, and context.xml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg, On 5/20/2009 6:50 AM, Greg Allen wrote: However, that exposes a timing issue which I'm not sure how to solve. I embedded ApacheDS in my web application by implementing ServletContextListener so that it starts on contextInitialized and stops on contextDestroyed - when my web application starts and stops.. Heh, that's kind of expected. Are you asking a web application to authenticate to itself? That's an interesting strategy. The problem now is that the application doesn't start until after the the context.xml is processed by Tomcat. This ends up with me getting errors like this, and my application isn't deployed: [java] 06:15:14,799 WARN [[/test]] Exception performing authentication [java] javax.naming.CommunicationException: localhost:10389 [Root exception is java.net.ConnectException: Connection refused: connect] You're going to want to connect to a separate service (i.e. one not hosted in your own webapp). You can still run ApacheDS on Tomcat under a different webapp. And no, you can't specify which webapp gets loaded first. :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoVi7oACgkQ9CaO5/Lv0PAfpwCfVldHoyP3do5HE3VH94kRHsUo uJMAniIqD3NViaXFQYNfsa4dnOACLodz =sR9+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat, Realm, and context.xml
Thanks Chuck! Do you happen to have a conf/Catalina/[host]/test.xml file? If so, it will override the one in the webapp's META-INF/context.xml, causing your Realm to be ignored. This was the problem. I modified that one and it is now using the JNDIRealm. However, that exposes a timing issue which I'm not sure how to solve. I embedded ApacheDS in my web application by implementing ServletContextListener so that it starts on contextInitialized and stops on contextDestroyed - when my web application starts and stops.. The problem now is that the application doesn't start until after the the context.xml is processed by Tomcat. This ends up with me getting errors like this, and my application isn't deployed: [java] 06:15:14,799 WARN [[/test]] Exception performing authentication [java] javax.naming.CommunicationException: localhost:10389 [Root exception is java.net.ConnectException: Connection refused: connect] [java] at com.sun.jndi.ldap.Connection.init(Connection.java:207) [java] at com.sun.jndi.ldap.LdapClient.init(LdapClient.java:118) [java] at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580) [java] at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616) [java] at com.sun.jndi.ldap.LdapCtx.init(LdapCtx.java:287) [java] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) [java] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) It's trying to connect to the LDAP server, but my application hasn't started yet - so the LDAP server isn't running. Is there some way to fix this so things are started in the right order? Any suggestions appreciated! Thanks, -- Greg __ DISCLAIMER:The information contained in this message and the attachments (if any) may be privileged and confidential and protected from disclosure. You are hereby notified that any unauthorized use, dissemination, distribution or copying of this communication, review, retransmission, or taking of any action based upon this information, by persons or entities other than the intended recipient, is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message, and have received this communication in error, please notify us immediately by replying to the message and kindly delete the original message, attachments, if any, and all its copies from your computer system. Thank you for your cooperation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat, Realm, and context.xml
I changed to use 5.5.27 (latest 5.5 version), and still have the same problem. I have set up my realm in my webapp's META-INF directory, like this: Context path=/test reloadable=false Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=uid=admin,ou=system connectionPassword=secret connectionURL=ldap://localhost:10389; digest=SHA allRolesMode=authOnly userPassword=userPassword userPattern=uid={0},ou=accounts,dc=test,dc=org roleBase=ou=groups,dc=test,dc=org roleName=cn roleSearch=(uniqueMember={0}) useContextClassLoader=true / /Context I have no realms configured in my server.xml for Tomcat. But I still get this error: [java] May 19, 2009 10:33:01 PM org.apache.catalina.realm.JAASRealm authenticate [java] SEVERE: Unexpected error [java] java.lang.SecurityException: Unable to locate a login configuration [java] at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:93) [java] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) I would guess your config is wrong. What configuration piece could I be missing? I've been over the server.xml and my context.xml and don't see anything wrong. What should I look for? Do I need to go to Tomcat 6? I'd rather not, but if I have to Thanks, -- Greg -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, May 18, 2009 3:06 PM To: Tomcat Users List Subject: Re: Tomcat, Realm, and context.xml Greg Allen wrote: I am trying to use ApacheDS 1.5 with Tomcat 5.5.17. Try a later version. You may be hitting multiple bugs that have since been fixed. Now this really confuses me. Why is it using JAASRealm? That's not configured The JAAS Realm is the default Realm Tomcat falls back to if no other Realm can be found. I would guess your config is wrong. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org __ DISCLAIMER:The information contained in this message and the attachments (if any) may be privileged and confidential and protected from disclosure. You are hereby notified that any unauthorized use, dissemination, distribution or copying of this communication, review, retransmission, or taking of any action based upon this information, by persons or entities other than the intended recipient, is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message, and have received this communication in error, please notify us immediately by replying to the message and kindly delete the original message, attachments, if any, and all its copies from your computer system. Thank you for your cooperation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat, Realm, and context.xml
From: Greg Allen [mailto:gregory.al...@sierraatlantic.com] Subject: RE: Tomcat, Realm, and context.xml I have set up my realm in my webapp's META-INF directory, like this: Context path=/test reloadable=false Take out the path attribute; it's not allowed. Where is your webapp deployed? (I'll presume at webapps/test, for the following.) Do you happen to have a conf/Catalina/[host]/test.xml file? If so, it will override the one in the webapp's META-INF/context.xml, causing your Realm to be ignored. Are there any errors in the log at Tomcat startup relating to deployment of your webapp? (I presume the error you showed came from an attempt to access the webapp.) I have no realms configured in my server.xml for Tomcat. You must have some Realm configured for the manager app to work; it can be in server.xml or you can put the appropriate Realm for the manager in conf/Catalina/[host]/manager.xml. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat, Realm, and context.xml
Greg Allen wrote: I am trying to use ApacheDS 1.5 with Tomcat 5.5.17. Try a later version. You may be hitting multiple bugs that have since been fixed. Now this really confuses me. Why is it using JAASRealm? That's not configured The JAAS Realm is the default Realm Tomcat falls back to if no other Realm can be found. I would guess your config is wrong. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org