Re: Fwd: Tomcat question

2018-04-30 Thread Ognjen Blagojevic 

Zahi,

On 30.4.2018. 11:09, Zahi Fail wrote:

curl -X POST \
   http://localhost:8080/userManagement/rest/Traffic/users2 \
   -H 'Authorization: Basic dG9tY2F0OnMzY3JldA==' \
   -H 'Cache-Control: no-cache' \
   -H 'Content-Type: application/json' \
   -H 'Postman-Token: 71819f33-6206-02c5-5cf2-8de6347fc154' \
   -d '[{"id":1, "code":2, "time":"2009-02-15", "cycleSecond":22,
"programNumber":1221, "stageNumber":22, "moves":"22",
"detectors":"fead","conditions":"2ddsa"}]'


First, please don't top post. Read mailing list guidelines here:

  http://tomcat.apache.org/lists.html#tomcat-users

Regarding the problem, base64 string "dG9tY2F0OnMzY3JldA==" decodes to 
"tomcat:s3cret", which is, according to your previously posted 
tomcat-users.xml file, user in the role "manager-gui".


On the other hand, your web.xml auth-constraint configuration expects 
the user in the role "manager".


-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fwd: Tomcat question

2018-04-30 Thread Zahi Fail 
This is the curl message from postman:

curl -X POST \
  http://localhost:8080/userManagement/rest/Traffic/users2 \
  -H 'Authorization: Basic dG9tY2F0OnMzY3JldA==' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -H 'Postman-Token: 71819f33-6206-02c5-5cf2-8de6347fc154' \
  -d '[{"id":1, "code":2, "time":"2009-02-15", "cycleSecond":22,
"programNumber":1221, "stageNumber":22, "moves":"22",
"detectors":"fead","conditions":"2ddsa"}]'

On Mon, Apr 30, 2018 at 11:42 AM, Ognjen Blagojevic <
ognjen.d.blagoje...@gmail.com> wrote:

> Zahi,
>
> On 25.4.2018. 13:19, zahi.f...@gmail.com wrote:
>
>> I configured in my conf\server.xml file the realm as below:
>>>
>>
> Ok, so the configuration looks fine.
>
> You said you are using Postman to send the request. Can you paste the
> `curl` command that the postman can generate for you just to check if it
> looks Ok?
>
> For instance, this would be the right curl command:
>
>   curl -u admin:falcon -X POST http://your.server/webapp/
>
> While those are not:
>
>   curl -u admin:falco -X POST http://your.server/webapp/ (typo in
> password, HTTP 401)
>
>   curl -X POST http://your.server/webapp/ (no credentials specified, HTTP
> 401)
>
>   curl -u tomcat:s3cret -X POST http://your.server/webapp/ (wrong role,
> HTTP 403)
>
>   curl -u admin:falcon -X GET http://your.server/webapp/ (GET instead of
> POST, HTTP status code... it depends)
>
> -Ognjen
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Fwd: Tomcat question

2018-04-30 Thread Ognjen Blagojevic 

Zahi,

On 25.4.2018. 13:19, zahi.f...@gmail.com wrote:

I configured in my conf\server.xml file the realm as below:


Ok, so the configuration looks fine.

You said you are using Postman to send the request. Can you paste the 
`curl` command that the postman can generate for you just to check if it 
looks Ok?


For instance, this would be the right curl command:

  curl -u admin:falcon -X POST http://your.server/webapp/

While those are not:

  curl -u admin:falco -X POST http://your.server/webapp/ (typo in 
password, HTTP 401)


  curl -X POST http://your.server/webapp/ (no credentials specified, 
HTTP 401)


  curl -u tomcat:s3cret -X POST http://your.server/webapp/ (wrong role, 
HTTP 403)


  curl -u admin:falcon -X GET http://your.server/webapp/ (GET instead 
of POST, HTTP status code... it depends)


-Ognjen



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Fwd: Tomcat question

2018-04-25 Thread zahi . fail 


Sent from my iPhone

Begin forwarded message:

> From: Zahi Fail 
> Date: 25 April 2018 at 12:19:20 GMT+3
> To: Ognjen Blagojevic 
> Subject: Re: Tomcat question
> 
> I configured in my conf\server.xml file the realm as below:
> 
> 
>  resourceName="UserDatabase"/>
> 
> and still i can't access throw basic auth. 
> 
> My full server.xml file look like that:
> 
> 
> 
> 
> 
>   
>   
>   
>SSLEngine="on" />
>   
>className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
> 
>   
>   
> 
>type="org.apache.catalina.UserDatabase"
>   description="User database that can be updated and saved"
>   factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>   pathname="conf/tomcat-users.xml" />
>   
> 
>   
>   
> 
> 
> 
> 
> 
> 
> connectionTimeout="2"
>redirectPort="8443" />
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>   
>   
> 
>   
>   
> 
>   
>  resourceName="UserDatabase"/>
>   
>unpackWARs="true" autoDeploy="true">
> 
> 
> 
> 
> 
>  directory="logs"
>prefix="localhost_access_log" suffix=".txt"
>pattern="%h %l %u %t %r %s %b" />
> 
>   
> 
>   
> 
> 
> 
>> On Tue, Apr 24, 2018 at 10:35 AM, Ognjen Blagojevic 
>>  wrote:
>> Zahi,
>> 
>>> On 23.4.2018. 16:38, Zahi Fail wrote:
>>> This is the following code from my web.xml file:
>> ...
>>> *and in the tomcat-user.xml i have updated the code as below: *
>> ...
>> 
>> You need to configure appropriate realm. Did you do that? You can do it in 
>> your webapp's context.xml, or in server.xml file, but the former method is 
>> recommended, because of easier deployment.
>> 
>> Take a look at:
>> 
>>   https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html
>> 
>> If you want to keep usernames and passwords in XML file (like 
>> tomcat-users.xml), you should use UserDatabaseRealm, but you also have other 
>> options for storing credentials -- e.g. SQL database or LDAP directory.
>> 
>> -Ognjen
>