Problem:
- Making any https call fails with the message "Forbidden. You were denied access
because: Access denied by access control list.".
- The failure happens even accessing https://<host>:8443/tomcat-docs, while a regular
http call succeeds.
- The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.:
Internet Explorer, and most versions of Netscape).
- The failure appears to only happen when accessing a server on a different box than
the one where the browser is running. It has not happened (so far) on the same box as
the client.
- The failure appears to happen with the Tomcat running on either Windows or Solaris.
- The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7).
It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the
certificates being used are self-signed according to the Tomcat's default instructions.
Questions:
- Is this a configuration issue? Or is it a deeper problem with either Tomcat or the
browsers? I have not seen many postings out there on this topic, so I assume (and
hope) the problem is a dumb configuration snafu.
- Is there a know solution? I have not found any on the Tomcat archives, on the
Mozilla archives, or even after several exchanges with the Mozilla support people.
- Is there any additional information I can provide that might shed some light as to
why this is happening?
Environment details:
- Tomcat version: 5.
- JDK version 1.4.2 (both _02 and _03).
- Mozilla versions failing (at least 1.4 and 1.5).
- IE version succeeding (at least 6.0)
- Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x
versions).
server.xml:
(feel free to comment if you see something wrong even if unrelated)
<Server port="8105" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<GlobalNamingResources>
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8089"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Connector port="8109"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost" debug="0">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
</Host>
</Engine>
</Service>
</Server>
Bruno Melloni
eBusiness Application Center, Americas
Nokia, Inc
6000 Connection Drive, Mailstop 4w223
Irving, TX 75039 USA
*Office: +1 (972)894-6120
*Cellular: +1 (469) 939-1067
* SMS: [EMAIL PROTECTED]
* e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
