Antwort: RE : Jass Login Module not found
Hi Sara I've deployed my custom JAASLoginModule into server/lib directory. Since Tomcat 5.0.x/5.5.x, the custom JAAS LoginModule can be loaded by the Catalina Classloader (server/lib, server/classes) either what I prefer. Regards Oliver LERBSCHER Jean-Pierre [EMAIL PROTECTED]An: 'Tomcat Users List' tomcat-user@jakarta.apache.org firoute.fr Kopie: Thema:RE : Jass Login Module not found 18.02.2005 09:21 Bitte antworten an Tomcat Users List Hi Sara, Your login module library (and all it's dependencies) must be deployed in common/lib if you setup JAASRealm with your own component. -Message d'origine- De : Sara Blauman [mailto:[EMAIL PROTECTED] Envoyé : jeudi 17 février 2005 23:22 À : tomcat-user@jakarta.apache.org Objet : Jass Login Module not found Hi, I am running Tomcat 5.5.4 and am wanting to use Jaas with my own custom login module. My Jaas config file is being found but my login module is not. If I run with one of Sun's login modules everything works fine so I think that my Jass configuration file, JASSRealm specification in my app.xml file, and -D options are ok. I wondered if my login module was even being loaded so I instanciated it in a part of my application code to verify and sure enough it is there, but, when it is called from the LoginContext it isn't found. I am trying this from an Mbean and also a servlet and the results are the same. I am not running a security manager. I tried putting the login module in a separate jar from the rest of my application as well as having it in the same jar but the results are the same. Does anyone have any ideas? Regards, Sara - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configure Valve which is called after authentication process???
Hi Is it possible to configure a valve which is called after the authentication process? I've configured the Valve after the Realm but the Valve is called first. Thanks for your support. Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configure Valve which is called after authentication process???
Hi Is it possible to configure a valve which is called after the authentication process? I've configured the Valve after the Realm but the Valve is called first. Thanks for your support. Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAASRealm, Classloader
Isn't is possible to deploy my custom JAASLoginModule into the server/lib directory instead of shared/lib or web-inf/lib? The JAASRealm is loaded by the Catalina classloader either. You're help is appreciated. Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
delete session in valve (TC 4.1.29)
Hi all I'm looking for a solution to delete the current session in a Valve im Tomcat 4.1.29. I hope you can help me. Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: OpenSSL und Tomcat
I had the same problem and could get working it with: http://www.comu.de/docs/tomcat_ssl.htm Unfortunately, it didn't work when Tomcat enforces client authentication. Oliver Stanislaw Österle [EMAIL PROTECTED]An: [EMAIL PROTECTED] dia.de Kopie: Thema:OpenSSL und Tomcat 03.02.2004 15:51 Bitte antworten an Tomcat Users List Hello! I generated(and signed) certtificate through OpenSSL, about so: openssl genrsa -rand /etc/passwd:/etc/inetd.conf:/etc/services:/etc/hosts 1024 -out my.key openssl req -new -key my.key -out my.csr openssl x509 -req -days 30 -in my.csr -signkey my.key -out my.cert. Problem: how do I import my signed cerificate into tomcat-keystore for? Could someone help? Thanks, S. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: Antwort: RE: SSL, keystore with ca hierarchy
I've done this and it does work. Now I wanted to turn client authentication on: clientAuth=true But it doesn't work. I've registred the ca certificates after I've imported the openssl certificate: keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias root -trustcacerts -file CA_Root_APU.pem keytool -import -keystore %KEYSTORE_FILE% -storepass 123456 -alias server_ca -trustcacerts -file CA_Server_APU.pem BTW, I'm running Tomcat 4.1.29 and JDK 1.4.1_02. Oliver Bill Barker [EMAIL PROTECTED]An: [EMAIL PROTECTED] .comKopie: Gesendet von:Thema:Re: Antwort: RE: SSL, keystore with ca hierarchy news [EMAIL PROTECTED] rg 26.01.2004 00:53 Bitte antworten an Tomcat Users List broken-record There is a utility at http://www.comu.de/docs/tomcat_ssl.htm to import your OpenSSL certs into a JKS keystore. Alternatively, the ssl_howto for TC 5.x contains an example of how to configure a PKCS12 keystore from an OpenSSL keystore. /broken-record Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I can't do step 1 and 2 because the certificate and private key has been created already with openssl. The file TestServer_APU.pem contains the private key and certificate in the PEM format. Should that work either? Sorry, no idea. You may need to convert formats. A quick Google found https://lists.freeswan.org/archives/users/2003-August/msg00040.html that may help if a format conversion is required. Does the cacerts has to be located in %JAVA_HOME%\jre\lib\security\cacerts or can I place it anywhere else? See http://java.sun.com/products/jsse/install.html for how to configure trust store locations. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL, keystore with ca hierarchy
I've created the following keystore for Tomcat 4.1.18: SET KEYSTORE_FILE=.\.keystore keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias root -trustcacerts -file CA_Root_APU.pem keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias server_ca -trustcacerts -file CA_Server_APU.pem keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias tomcat -trustcacerts -file TestServer_APU.pem the root ca is self signed. the tomcat certificate is signed by server_ca which is issued by the root ca. the password for the keystore and the tomcat certificat are identical. Further, I've configured the server.xml accordingly: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=9443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=certs/.keystore keystorePass=123456 / /Connector Tomcat starts with no problems: 24.01.2004 15:10:41 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 9080 24.01.2004 15:10:41 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 9443 But I get the error The Page Cannot Be Displayed when I try to access the index.html. When I create the certificates in the following way it does work: keytool -genkey -storepass 123456 -alias tomcat -keyalg RSA -keystore .\dummy.keystore keytool -rfc -storepass 123456 -export -alias tomcat -keystore .\dummy.keystore -file dummy.tomcat.pem Does Tomcat not support certificates with a ca hierarchy? -oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: SSL, keystore with ca hierarchy
I can't do step 1 and 2 because the certificate and private key has been created already with openssl. The file TestServer_APU.pem contains the private key and certificate in the PEM format. Should that work either? Does the cacerts has to be located in %JAVA_HOME%\jre\lib\security\cacerts or can I place it anywhere else? Mark Thomas [EMAIL PROTECTED]An: 'Tomcat Users List' [EMAIL PROTECTED] Kopie: Thema:RE: SSL, keystore with ca hierarchy 24.01.2004 19:18 Bitte antworten an Tomcat Users List I have successfully used a server signed cert with tomcat. The step by step guide is quite lengthy. I'll give you the edited highlights and please follow up if you have any more questions. 1. Create key in .keystore with alias tomcat 2. Generate a signing request and sent to CA 3. Receive signed key (cert) and CA cert 4. Import The root cert into cacerts 5. Import CA cert into cacerts (%JAVA_HOME%\jre\lib\security\cacerts) 6. Import tomcat cert into .keystore, with -trustcacerts option and alias tomcat From your post it looks like you have imported the root cert and the CA cert into .keystore rather than the cacerts file. Mark -Original Message- From: Oliver Wulff [mailto:[EMAIL PROTECTED] Sent: Saturday, January 24, 2004 2:25 PM To: [EMAIL PROTECTED] Subject: SSL, keystore with ca hierarchy I've created the following keystore for Tomcat 4.1.18: SET KEYSTORE_FILE=.\.keystore keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias root -trustcacerts -file CA_Root_APU.pem keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias server_ca -trustcacerts -file CA_Server_APU.pem keytool -import -keystore %KEYSTORE_FILE% -storepass icebeer -alias tomcat -trustcacerts -file the root ca is self signed. the tomcat certificate is signed by server_ca which is issued by the root ca. the password for the keystore and the tomcat certificat are identical. Further, I've configured the server.xml accordingly: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=9443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=certs/.keystore keystorePass=123456 / /Connector Tomcat starts with no problems: 24.01.2004 15:10:41 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 9080 24.01.2004 15:10:41 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 9443 But I get the error The Page Cannot Be Displayed when I try to access the index.html. When I create the certificates in the following way it does work: keytool -genkey -storepass 123456 -alias tomcat -keyalg RSA -keystore .\dummy.keystore keytool -rfc -storepass 123456 -export -alias tomcat -keystore .\dummy.keystore -file dummy.tomcat.pem Does Tomcat not support certificates with a ca hierarchy? -oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
Antwort: Re: JAASRealm Tomcat 5.x - Tomcat 4.1.x
Hi Adam I saw the following note in JAASMemoryLoginModule.java: // Validate the username and password we have received principal = null; // FIXME - look up and check password That's why I thought that it is not finished yet. Oliver ** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] Adam Hardy [EMAIL PROTECTED]An: Tomcat Users List [EMAIL PROTECTED] ceroad.comKopie: Thema:Re: JAASRealm Tomcat 5.x - Tomcat 4.1.x 04.12.2003 20:04 Bitte antworten an Tomcat Users List On 12/04/2003 07:00 PM Oliver Wulff wrote: AFAIK, the JAASRealm in Tomcat 4.1.29 is a beta version. Is the JAASRealm in Tomcat 5.x for production? If yes, can I use the JAASRealm of Tomcat 5.x in Tomcat 4.1.29? Hi Oliver, where does it say that JAASRealm is beta? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAASRealm Tomcat 5.x - Tomcat 4.1.x
Hi AFAIK, the JAASRealm in Tomcat 4.1.29 is a beta version. Is the JAASRealm in Tomcat 5.x for production? If yes, can I use the JAASRealm of Tomcat 5.x in Tomcat 4.1.29? Thanks for your help Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Migration from 4.1.x to Tomcat 5
Hi Marco I don't know Tomcat 5.x but what do you mean with your personal security model? Have you implemented a custom realm? Oliver ** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] Marco Tedone [EMAIL PROTECTED] An: Tomcat Users List [EMAIL PROTECTED] rg Kopie: Thema: Migration from 4.1.x to Tomcat 5 28.09.2003 13:51 Bitte antworten an Tomcat Users List Hi, which are the key anspects I shall keep in mind when migrating from Tomcat 4.1.xx to version 5, keeping in mind that I'm developing Struts application? Which are the key technology anspects I shall review in my project architecture, particularly related to: 1) Servlets/JSP 2) Taglibs 3) Tomcat starting and stopping 4) WAR deployment 5) Security At present I deploy a WAR under webapps with taglibs defined in the web.xml file and make use of my personal security model (is there any reason Tomcat 5 should make things easier?), I stop and start it as a service (still available?). Will be JSTL and JSF natively implemented? Could I just drop my application from Tomcat 4.1.xx to Tomcat 5 without problems? Thanks for any reply, Marco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: Antwort: Migration from 4.1.x to Tomcat 5
We had something similar in our company too, but we want to get rid of custom security code (proprietary). The Java developer should have to possibility to use the Java Servlet API for security issues (web.xml, isUserInRole(), getUserPrincipal(), etc.). We have integrated our authentication/authorization system by a custom realm. So, the life of the Java developer gets much easier (built on pure standard) and makes him independant from company specific systems and code. So we could migrate to another security system without any changes to the application code. We only have to change the realm and our Tomcat package. BTW, JAAS is getting more and more important. A lot of security system provider are also providing a JAAS LoginModul to integrate their security system (ex. IONA ISF) into different application container. JBoss and BEA are already supporting JAAS. Tomcat does have a JAAS Realm too but I think it's beta. I guess, that JAAS will be part of the J2EE spec in the future - would make sense, wouldn't it? Oliver ** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] Marco Tedone [EMAIL PROTECTED] An: Tomcat Users List [EMAIL PROTECTED] rg Kopie: Thema: Re: Antwort: Migration from 4.1.x to Tomcat 5 28.09.2003 14:10 Bitte antworten an Tomcat Users List I implemented a security model independent from the container. Basically it is based on db/validation and session management through taglibs to display/allow functionalities to authorized users. Marco - Original Message - From: Oliver Wulff [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, September 28, 2003 1:08 PM Subject: Antwort: Migration from 4.1.x to Tomcat 5 Hi Marco I don't know Tomcat 5.x but what do you mean with your personal security model? Have you implemented a custom realm? Oliver ** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] Marco Tedone [EMAIL PROTECTED] An: Tomcat Users List [EMAIL PROTECTED] rg Kopie: Thema: Migration from 4.1.x to Tomcat 5 28.09.2003 13:51 Bitte antworten an Tomcat Users List Hi, which are the key anspects I shall keep in mind when migrating from Tomcat 4.1.xx to version 5, keeping in mind that I'm developing Struts application? Which are the key technology anspects I shall review in my project architecture, particularly related to: 1) Servlets/JSP 2) Taglibs 3) Tomcat starting and stopping 4) WAR deployment 5) Security At present I deploy a WAR under webapps with taglibs defined in the web.xml file and make use of my personal security model (is there any reason Tomcat 5 should make things easier?), I stop and start it as a service (still available?). Will be JSTL and JSF natively implemented? Could I just drop my application from Tomcat 4.1.xx to Tomcat 5 without problems? Thanks for any reply, Marco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat,
Hi I noticed that there is an additional tomcat version for jdk 1.4. The common\endorsed directory is empty where the xerces jars exist on the other tomcat version. What's the meaning of the endorsed directory? What would happen when I copy the context of the endorsed directory to the lib directory? Regards Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Tomcat 3.3.1 - Tomcat 4.1.x (Xerces), WebAppClassloader debuglevel
It did run well with Tomcat 3.3.1 I found out that the included xerces version of this third party software uses xerces 1.4.x. So, I removed the xerces jars in common/endorsed and put the version 1.4.4 in there. Then, my application works again. Is that the correct way to solve my problem or am I running in other problems now? Oliver Wulff [EMAIL PROTECTED] An: [EMAIL PROTECTED] rich.ch Kopie: Thema: Tomcat 3.3.1 - Tomcat 4.1.x (Xerces), WebAppClassloader debug level 11.08.2003 16:50 Bitte antworten an Tomcat Users List Hi I've got a big problem running my web application inside Tomcat 4.1. I'm using a third party software in my servlet implementation. This third-party jar contains xerces classes. But my web application is not running anymore (VerifyError). I don't know if there is a versioning conflict with Xerces. So I wanted to increase the debug level of the webappclassloader to see whether some classes from Xerces are loaded through the parent classloader and some by the webappclassloader. Context path=/k__offerten docBase=k__offerten debug=4 reloadable=true crossContext=true Logger className=org.apache.catalina.logger.FileLogger prefix=kloff_log. suffix=.txt timestamp=true debug=4/ /Context But there are no logging information. How can I log the webappclassloader logevents? Does anybody have an idea how to solve my xerces problem? Regards Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 3.3.1 - Tomcat 4.1.x (Xerces), WebAppClassloader debug level
Hi I've got a big problem running my web application inside Tomcat 4.1. I'm using a third party software in my servlet implementation. This third-party jar contains xerces classes. But my web application is not running anymore (VerifyError). I don't know if there is a versioning conflict with Xerces. So I wanted to increase the debug level of the webappclassloader to see whether some classes from Xerces are loaded through the parent classloader and some by the webappclassloader. Context path=/k__offerten docBase=k__offerten debug=4 reloadable=true crossContext=true Logger className=org.apache.catalina.logger.FileLogger prefix=kloff_log. suffix=.txt timestamp=true debug=4/ /Context But there are no logging information. How can I log the webappclassloader logevents? Does anybody have an idea how to solve my xerces problem? Regards Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: Antwort: Tomcat 3.3.1 - Tomcat 4.1.x (Xerces), WebAppClassloaderdebug level
The third party software is excelon. There are no other web applications running inside this tomcat instance. I'm just wondering if Tomcat itself could run into a problem when I replace the xerces version. Further, it's documented in the classloader-howo paper that I can deploy my own xerces version into web-inf\lib. But that doesn't work. Probably Tomcat loads some classes from xerces 2.x (common/endorsed) and some from web-inf\lib. Do you know how I can increase the debug level of the WebAppClassloader? I'm interested in which classes are loaded from which classloader. Jacob Kjome [EMAIL PROTECTED] An: Tomcat Users List [EMAIL PROTECTED] Kopie: 12.08.2003 07:42 Thema: Re: Antwort: Tomcat 3.3.1 - Tomcat 4.1.x (Xerces), WebAppClassloader debug Bitte antworten level an Tomcat Users List At 06:52 AM 8/12/2003 +0200, you wrote: It did run well with Tomcat 3.3.1 I found out that the included xerces version of this third party software uses xerces 1.4.x. So, I removed the xerces jars in common/endorsed and put the version 1.4.4 in there. Then, my application works again. Is that the correct way to solve my problem or am I running in other problems now? What is your third party software that uses xerces-1.4.4? This solution certainly works for most cases, but you may run into trouble if other apps expect Xerces2. Jake Oliver Wulff [EMAIL PROTECTED] An: [EMAIL PROTECTED] rich.ch Kopie: Thema: Tomcat 3.3.1 - Tomcat 4.1.x (Xerces), WebAppClassloader debug level 11.08.2003 16:50 Bitte antworten an Tomcat Users List Hi I've got a big problem running my web application inside Tomcat 4.1. I'm using a third party software in my servlet implementation. This third-party jar contains xerces classes. But my web application is not running anymore (VerifyError). I don't know if there is a versioning conflict with Xerces. So I wanted to increase the debug level of the webappclassloader to see whether some classes from Xerces are loaded through the parent classloader and some by the webappclassloader. Context path=/k__offerten docBase=k__offerten debug=4 reloadable=true crossContext=true Logger className=org.apache.catalina.logger.FileLogger prefix=kloff_log. suffix=.txt timestamp=true debug=4/ /Context But there are no logging information. How can I log the webappclassloader logevents? Does anybody have an idea how to solve my xerces problem? Regards Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
FormAuthenticator, Implementation question
The method authenticate() of the FormAuthenticator class does a redirect after getting the requestURI (savedRequestURL) (line 293). I don't understand why you just restore the request ( restoreRequest() ) without a redirect. // Redirect the user to the original request URI (which will cause // the original request to be restored) requestURI = savedRequestURL(session); if (debug = 1) log(Redirecting to original ' + requestURI + '); if (requestURI == null) hres.sendError(HttpServletResponse.SC_BAD_REQUEST, sm.getString(authenticator.formlogin)); else hres.sendRedirect(hres.encodeRedirectURL(requestURI)); return (false); *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Valve, set/get http header attributes
How can I read and write http header attributes in a valve. I tried the
following inside a valve which does return false in the second call:
import org.apache.catalina.HttpRequest;
import javax.servlet.http.HttpServletRequest;
...
public void invoke(Request request, Response response, ValveContext
context)
throws IOException, ServletException
{
((HttpRequest)request).addHeader(test-id, test-value);
((HttpServletRequest)request).getHeader(test-id);
...
}
*** BITTE BEACHTEN ***
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: Valve, set/get http header attributes
The Tomcat authenticator expects this attribute to be set. But the filter is called after the authenticator. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: Antwort: RE: Valve, set/get http header attributes
It's a little bit more complicated. In front of Tomcat, an Apache server is running which does the authentication and delegates the user-id as an http header attribute. A valve will read this header attribute and simulate that the user has been authenticated through basic authentication by doing the following: String auth_string = Basic + new String( Base64.encode(username.getBytes()) ); request.setAuthorization(auth_string); A custom realm is plugged in also which access our custom authorization system to get the roles. This realm can be configured to do the authentication or not. Everything works fine. For testing purposes, I wrote a valve which will be called first and sets the header attribute which would be set too by the apache server. So, I can test the whole behaviour without the Apache server in front of. After setting the header attribute in the test-valve I tried to read this attribute again in the valve which simulates basic authentication, but it doesn't work to set an http header attribute in the valve. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Custom Realm, /admin webapp
I wrote my custom realm and registred my custom mbeans-descriptors.xml. When I open the admin webapp and click on my realm in the treeview I get an error 500 because the attribute digest hasn't been found. Why is Tomcat looking for this attribute? I haven't defined it in my mbeans-descriptors.xml. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: Custom Realm, /admin webapp
I've set mx.port=9000 in jk2.properties but I get the following error: [ERROR] JkMX - -Can't load the MX4J http adapter javax.management.ReflectionException: nested exception is java.lang.ClassNotFoundException: mx4j.adaptor.http.HttpAdaptor [ERROR] JkMX - -Can't load the JMX_RI http adapter java.lang.ClassNotFoundException: com.sun.jdmk.comm.HtmlAdaptorServer [INFO] JkMX - -Can't enable log4j mx [INFO] JkMain - -Jk running ID=0 time=0/160 config=C:\prog\jakarta-tomcat-4.1.24\bin\..\conf\jk2.properties Which jar do I have to deploy to which location? Bill Barker [EMAIL PROTECTED] An: [EMAIL PROTECTED] e.com Kopie: Gesendet von:Thema: Re: Custom Realm, /admin webapp news [EMAIL PROTECTED] .org 11.06.2003 10:57 Bitte antworten an Tomcat Users List The admin webapp in TC 4.x doesn't play well with custom Realms/Valves. Hopefully this will change in TC 5.x (but it is much the same at the moment). Since the developer currently in charge of JMX regularly hangs out on this list, it might even be a good bet :). The alternative is to enable the JMX consol by setting e.g. mx.port=9000 in your jk2.properties files. Oliver Wulff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] . com... I wrote my custom realm and registred my custom mbeans-descriptors.xml. When I open the admin webapp and click on my realm in the treeview I get an error 500 because the attribute digest hasn't been found. Why is Tomcat looking for this attribute? I haven't defined it in my mbeans-descriptors.xml. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.= - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Valve as Custom Authenticator
We have similar problems.
Our Apache server has done authentication already and the principal is
delegated by a header attribute.
My prototype does the following:
I wrote a Valve which emulates basic authentication:
public void invoke(Request request, Response response, ValveContext
context)
throws IOException, ServletException
{
getContainer().getLogger().log(BasicAuthenticationValve: invoke()
);
if (request instanceof HttpRequest) {
String auth_string = Basic + new String(
Base64.encode(user:.getBytes()) );
request.setAuthorization(auth_string);
getContainer().getLogger().log(BasicAuthenticationValve:
Header ' + auth_string + ' added);
}
context.invokeNext(request, response);
getContainer().getLogger().log(BasicAuthenticationValve: invoke()
);
}
A custom realm does the pseudo-authentication and gets the roles using
Corba. The realm can be configured to do the authentication or not.
Scott Kelley
[EMAIL PROTECTED] An: [EMAIL PROTECTED]
sd.edu Kopie:
Thema: Valve as Custom Authenticator
11.06.2003 20:13
Bitte antworten
an Tomcat Users
List
We've had an Apache/Tomcat configuration deployed for a couple years
now. Authentication is handled by a custom Apache plugin written in
C. Everything works great and has been quite reliable.
Now we would like to move to a standalone Tomcat configuration and
have been investigating writing a Valve/Authenticator to replace our
existing Apache plugin.
I've written a prototype Valve and it does almost everything we need.
This gives us the ability to require a server-wide login independent
of how the individual servlet contexts are configured. This ends up
being Tomcat-specific, but we're ok with that.
The only problem with the current prototype is that if a user hits a
servlet or JSP in a Context that's configured for basic
authentication, they still get the browser-generated basic login
dialog, even after being logged in with our Valve.
In my code, I check for a particular cookie, and if I find it, I set
the user principal in the request to the appropriate user, something
like this:
// Has connection already been authenticated
// (i.e. do we have the login cookie?)
Cookie lcookie=ValveUtils.findCookie(hreq,LOGIN_COOKIE_NAME);
// If the request has the login cookie, let it pass through
if (lcookie!=null) {
log(Found login cookie, validating);
if (validLoginCookie(lcookie,hreq)) {
log(cookie is valid, allowing request);
// See AuthenticatorBase.invoke(), which also sets
authType and userPrincipal
// See SignleSignOn.invoke(), which also set authType and
userPrincipal
hrequest.getRequest().setUserPrincipal(new
TempPrincipal(bob_temp_user));
hrequest.getRequest().setAuthType(BASIC);
context.invokeNext(request,response);
} else {
log(cookie not valid, going to error page);
hres.sendRedirect(hres.encodeRedirectURL(ERROR_PAGE_URI));
}
return;
}
I had thought that this would work, because later in the pipeline the
request hits BasicAuthenticator, which does this:
public boolean authenticate(HttpRequest request,
HttpResponse response,
LoginConfig config)
throws IOException {
// Have we already authenticated someone?
Principal principal =
((HttpServletRequest)
request.getRequest()).getUserPrincipal();
if (principal != null) {
if (debug = 1)
MemoryRealm.java, HashMap synchronized???
Shouldn't the variable principals of type HashMap be synchronized in MemoryRealm??? *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: Realm class, Classloader
Makes sense! The problem is, that I have different ORB configurations in each webapp. So, the realm should use the same orb as the webapp because the realm is accessing a corba server... Can I access the realm name in my custom realm implementation? login-config auth-methodBASIC/auth-method realm-nameTEST/realm-name /login-config Cox, Charlie [EMAIL PROTECTED] An: 'Tomcat Users List' [EMAIL PROTECTED] Kopie: Thema: RE: Realm class, Classloader 02.06.2003 15:37 Bitte antworten an Tomcat Users List actually it is loaded by tomcat's internal classes, to determine if your webapp should be called. So the tomcat classes need to be able to see it and they cannot access classes loaded by the Webapp classloader. Therefore it belongs in /server/lib as you have seen. See the classloader doc for more information on classloading in tomcat. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/class-loader-howto.html Charlie -Original Message- From: Oliver Wulff [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 3:23 AM To: [EMAIL PROTECTED] Subject: Realm class, Classloader I'm using Tomcat 4.1.24 and JDK 1.3.1. I've created a custom realm which is configured like this: Context path=/sec_test docBase=sec_test debug=0 reloadable=true crossContext=true Realm className=test.RacfRealm/ /Context The implementation class test.RacfRealm can be found only if it is deployed to the server/lib directory. If the Realm is configured for the context sec_test, the class should be loaded by the corresponding WebAppClassLoader. What do you think? *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: Antwort: Re: JAAS LoginModule ?
How can I configure an Authenticator implicitly and explicitly? *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realm class, Classloader
I'm using Tomcat 4.1.24 and JDK 1.3.1. I've created a custom realm which is configured like this: Context path=/sec_test docBase=sec_test debug=0 reloadable=true crossContext=true Realm className=test.RacfRealm/ /Context The implementation class test.RacfRealm can be found only if it is deployed to the server/lib directory. If the Realm is configured for the context sec_test, the class should be loaded by the corresponding WebAppClassLoader. What do you think? *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: Re: JAAS LoginModule ?
The problem with filters is: The problem is that the security contrains are evaluated before the filter. So I guess that you may have to implement that what you want to achive with the constraints on your own. (Or you have to configure apache to do it, and this way omit the constraints from tomcat.) One tomcat specific way to come around that may be a Valve. (It is called before any filter, but I don't know if it is called before the evaluation of the constraints) I get this information some months ago from Ralph Einfeldt. Authentication is not part of the J2EE specification. So, if you want to customize this step, you have to do it individually for each container. Oliver Bill Barker [EMAIL PROTECTED] An: [EMAIL PROTECTED] e.com Kopie: Gesendet von:Thema: Re: JAAS LoginModule ? news [EMAIL PROTECTED] .org 30.05.2003 09:06 Bitte antworten an Tomcat Users List Nope. Realms and Authenticators are Tomcat-specific. There are reports on this list of people using Filters to do much the same thing (i.e. search the archives). Eric Chow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] How can I do if I want to implmenet an Authenicator that can use in any other application servers.(JBoss, WebLogic, etc) ? Eric - Original Message - From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 11:50 AM Subject: Re: JAAS LoginModule ? It really depends on what you need to do. For the simplest case, you implement your own Realm (public class MyRealm implements org.apache.cataliana.Realm), and configure it in server.xml like anyother Realm. In TC 4.x, Realms don't have access to the Request/Response: They just get the login credentials, and are expected to validate them (or not :). If you need more control on authentication, then you need to implement a custom Authenticator (public class MyAuthenticator implements Valve,Authenticator). This class gets full control over authenticating a Request, and can access anything in the Request/Response. You configure it via: Context path=/myapp docbase=webapps/myapp Valve className=com.myfirm.mypackage.MyAuthenticator / /Context Neither of these (but especially the second) plays well with the admin webapp. Eric Chow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, In Tomcat, we can use container based authorization. Those username/password information can be place in a XML files or use DBRealm, right ? How can I implement a login module, so that the Web Container will called my module instead of the default login module. For example, the following is my login.jsp. form action=j_security_check method=post name=fm input name=j_username input name=j_password input type=submit value=Login /form When the above submit, it will pass to my LoginModule, how can I implement that part? Best regards, Eric
Antwort: Re: Antwort: RE: Antwort: RE: Antwort: RE: user principal, realm
I have to overwrite the getUserPrincipal in this valve. I tried the
following:
public void invoke(Request request, Response response, ValveContext
context)
throws IOException, ServletException
{
logger.info(invoke);
HttpRequestWrapper wrapper = new HttpRequestWrapper
((HttpServletRequest)request);
context.invokeNext((Request)wrapper, response);
logger.info(invoke);
}
and registred the valve in server.xml:
Valve className=zurich.RequestWrapperValve/
I have a servlet which returns the value of getUserPrincipal. I'm not sure
if this servlet will be called.
Am I doing anything wrong?
*** BITTE BEACHTEN ***
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: Antwort: RE: Antwort: RE: user principal, realm
I wrote a custom HttpServletRequestWrapper and a filter. I've overriden the method getUserPrincipal() and isUserInRole(). The second one just returns true back (for test purposes). Now, I have a problem if I define a security-constraint in the web.xml. I get the following error if I try to access a secured servlet (filter is activ): Configuration error: Cannot perform access control without an authenticated principal I guess I have to write a custom realm for authorization purposes (which roles the user belongs to). But Tomcat has to authenticate the user which is already authenticated by Apache. The returned principal by getUserPrincipal() is the authenticated user. Is the authenticator called before the filter? Hope you can help me... *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
user principal, realm
Hi Can I implement a filter which sets the current principal, so that calls to request.getUserPrincipal().getName() succeed? In our company, an apache server in front of tomcat authenticates the client and delegates the user principal as an http header attribute. I want to read this principal and set the user principal in a filter. Can I do this? Thanks for your help! Oliver *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: user principal, realm
I took a look to JavaDoc and saw that all methods are deprecated. Is it really the right way? My first thought was that it's very low level. Doesn't there exist an easier solution for my problem? ** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] Ralph Einfeldt [EMAIL PROTECTED] An: Tomcat Users List [EMAIL PROTECTED] ime-isc.de Kopie: Thema: RE: user principal, realm 01.04.2003 14:50 Bitte antworten an Tomcat Users List Although I havn't tried it, I guess yes. I think you have to define your own RequestWrapper that lets you set the principal. -Original Message- From: Oliver Wulff [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 2:42 PM To: [EMAIL PROTECTED] Subject: user principal, realm Can I implement a filter which sets the current principal, so that calls to request.getUserPrincipal().getName() succeed? In our company, an apache server in front of tomcat authenticates the client and delegates the user principal as an http header attribute. I want to read this principal and set the user principal in a filter. Can I do this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: tomcat 4.1.18 NT service
I had also a problem with tomcat running as a W2K service. In some cases, tomcat just hangs. It uses almost 100% of CPU resources. I used the tomcat.exe to do it which doesn't work. It works fine, if I execute startup.bat. It does work now with JavaService.exe from http://www.alexandriasc.com/software/JavaService/documentation.html ** Oliver Wulff Zürich Versicherungs-Gesellschaft IA4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 58 07 Fax: +41 - 1 623 58 07 E-Mail: mailto:[EMAIL PROTECTED] Cox, Charlie [EMAIL PROTECTED] An: 'Tomcat Users List' [EMAIL PROTECTED] Kopie: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Thema: RE: tomcat 4.1.18 NT service 01.04.2003 17:46 Bitte antworten an Tomcat Users List I had this same prob on 4.0.x and the bug I had opened was labelled as a 'worksforme' since they could not reproduce it(bug 4524). It happened on a clean install of win2k that only had office 2k I think. I think it was a problem with the JavaService that was used with tomcat since tomcat worked fine through the tomcat.bat file. I ended up using the old jk_nt_service.exe(which I still use,btw) by following the directions here: http://www.mail-archive.com/[EMAIL PROTECTED]/msg35196.html (replace references to 3.2 with 3.3) Charlie -Original Message- From: Andrew Garnett [mailto:[EMAIL PROTECTED] Sent: Saturday, March 29, 2003 8:00 AM To: [EMAIL PROTECTED] Subject: Re: tomcat 4.1.18 NT service Yes Larry, that's the weird thing - everything looks fine until the hang, then the Iexplorer globe just keeps rotating. No response, no timeout, nothing in the log, it just goes on... I'll try to leave it overnight to see if it eventually returns. The worst part is that it does actually work for a brief few minutes, so the config can't be that bad. meantime, I've installed on another NT4 box, and got exactly the same. I got the .exe from the apache site, so I'm hoping someone else has seen it. Any ideas gladly accepted... Andy = Larry Meadors Larry.Meadors () plumcreek ! com Did you look in the logs? [EMAIL PROTECTED] 03/28/03 10:14 AM All, The tomcat-4.1.18.exe installs perfectly as a service on my NT 4 box, starts up tomcat service happily, and immediately responds on port 8080 with the example servlets. Then within a minute or two, it stops responding completely - just hangs with no output anywhere. If I startup using the bat files in DOS, everything runs fine. Any ideas ? Thanks, Andy __ Yahoo! Plus For a better Internet experience http://www.yahoo.co.uk/btoffer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Antwort: RE: Antwort: RE: user principal, realm
org.apache.catalina.connector.RequestWrapper I'm wondering if I could just implement my custom authenticator (compare BasicAuthenticator.java) or a custom Realm. But I don't know how I can register my authenticator. As mentioned already I want to read the delegated user from a http header attribute and register it. Here the way how the BasicAuthenticator does it: register(request, response, principal, Constants.BASIC_METHOD, username, password); My problem, am I free in choosing a constant? I don't have a password because authentication has been done in the apache server which is in front of tomcat. I don't know if I have to write a custom authenticator, a custom Realm or overwrite RequestWrapper. In all cases, how can I integrate my custom classes in tomcat? I don't want to build a custom tomcat release. Integration should be possible by configuration. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
IIS/Tomcat: address in use (you can ignore it)
Hi I've installed tomcat 3.3a and IIS 4 and use jdk 1.2.2. I launch Tomcat using jk_nt_service. Everything is working fine, if I start tomcat before IIS. 1) net start jakarta 2) net start iisadmin 3) Manually start the Web Site in the Internet Information Manager If I do the steps 2 and 3 first the socket 0.0.0.0:8007 is listening (BTW, I've configured the workers on localhost). I thought that the tomcat process is listening on the worker ports. So, if I try to start the jakarta service then, I get the following error: A nonfatal internal JIT (3.10.107(x)) error 'Relocation error: NULL relocation target' has occurred in : 'org/apache/crimson/parser/Parser2.maybeComment (Z)Z': Interpreting method. Please report this error in detail to http://java.sun.com/cgi-bin/bugreport.cgi 2002-01-29 11:58:31 - ServerXmlReader: Config=c: \jakarta-tomcat-3.3a\conf\server.xml 2002-01-29 11:58:31 - PathSetter: home=C:\jakarta-tomcat-3.3a 2002-01-29 11:58:32 - ContextXmlReader: Context config =$TOMCAT_HOME\conf\apps-127.0.0.1.xml 2002-01-29 11:58:32 - ContextXmlReader: Context config =$TOMCAT_HOME\conf\apps-admin.xml 2002-01-29 11:58:32 - ContextXmlReader: Context config =$TOMCAT_HOME\conf\apps-examples.xml 2002-01-29 11:58:32 - AutoWebApp: Loaded from config: DEFAULT:/admin 2002-01-29 11:58:32 - AutoWebApp: Loaded from config: DEFAULT:/examples 2002-01-29 11:58:32 - AutoWebApp: Auto-Adding DEFAULT:/ 2002-01-29 11:58:32 - ContextManager: Tomcat configured and in stable state 2002-01-29 11:58:32 - ContextManager: Adding DEFAULT:/admin 2002-01-29 11:58:32 - ContextManager: Adding DEFAULT:/examples 2002-01-29 11:58:32 - ContextManager: Adding DEFAULT:/ROOT 2002-01-29 11:58:33 - Ajp12Interceptor: Starting on 8006 java.lang.reflect.InvocationTargetException: org.apache.tomcat.core.TomcatException: Root cause - Address in use: bind at org.apache.tomcat.modules.server.PoolTcpConnector.engineStart(Unknown Source) at org.apache.tomcat.core.ContextManager.start(Unknown Source) at org.apache.tomcat.startup.EmbededTomcat.start(Unknown Source) at org.apache.tomcat.startup.EmbededTomcat.execute1(Unknown Source) at org.apache.tomcat.startup.EmbededTomcat$1.run(Unknown Source) at org.apache.tomcat.util.compat.Jdk12Support$PrivilegedProxy.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at org.apache.tomcat.util.compat.Jdk12Support.doPrivileged(Unknown Source) at org.apache.tomcat.startup.EmbededTomcat.execute(Unknown Source) at java.lang.reflect.Method.invoke(Native Method) at org.apache.tomcat.util.IntrospectionUtils.execute(Unknown Source) at org.apache.tomcat.startup.Main.execute(Unknown Source) at org.apache.tomcat.startup.Main.main(Unknown Source) Here is my configuration: (See attached file: uriworkermap.properties)(See attached file: workers.properties)(See attached file: wrapper.properties)(See attached file: server.xml) I also tried to define in the registry that iis has to be launched before tomcat. But it's not working during booting of the server. Here is the exctract of the service definitions (iisadmin and jakarta): (See attached file: iis_tomcat.reg_) If you need further informations do not hesitate to contact me. Regards Oliver Wulff ** Oliver Wulff Zürich Versicherungs-Gesellschaft IE4, CoC Middleware Postfach, 8085 Zürich Telefon: +41- 1 628 14 28 Fax: +41 - 1 623 14 28 E-Mail: mailto:[EMAIL PROTECTED] *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. =?iso-8859-1?Q?uriworkermap.properties?= Description: Binary data =?iso-8859-1?Q?workers.properties?= Description: Binary data =?iso-8859-1?Q?wrapper.properties?= Description: Binary data =?iso-8859-1?Q?server.xml?= Description: Binary data =?iso-8859-1?Q?iis=5Ftomcat.reg=5F?= Description: Binary data -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles
