On 13 Mar 2015, at 9:58 PM, Neven Cvetkovic <neven.cvetko...@gmail.com> wrote:
> Just to confirm, the 403 Forbidden page was rendered by Tomcat, not Apache > HTTPD? Yes, it is branded tomcat and appears in the tomcat access log. > I don't expect it is an Apache issue here - because you mentioned your > application worked before - I assume with the same URL, and no updates to > Apache HTTPD configuration. > > Next thing I would probably increase the verbosity of the Realm logging, by > updating your conf/logging.properties, e.g. > org.apache.catalina.realm.level = ALL > org.apache.catalina.realm.useParentHandlers = true > org.apache.catalina.authenticator.level = ALL > org.apache.catalina.authenticator.useParentHandlers = true > > > You might want to disable buffering as well, e.g. > 1catalina.org.apache.juli.FileHandler.bufferSize = -1 None of these changes to logging.properties have any effect on my test system of tomcat v7.0.59 deployed to RHEL6. I get no changes to catalina.out at all, it stays completely silent. I tried to make the same changes to a tomcat v7.0.59 running within Eclipse, and in this case I get the following: Can't load log handler "2localhost.org.apache.juli.FileHandler" java.lang.ClassNotFoundException: 2localhost.org.apache.juli.FileHandler java.lang.ClassNotFoundException: 2localhost.org.apache.juli.FileHandler at java.net.URLClassLoader$1.run(URLClassLoader.java:366) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:423) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:356) at java.util.logging.LogManager$3.run(LogManager.java:418) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:405) at java.util.logging.LogManager.addLogger(LogManager.java:609) at java.util.logging.LogManager.demandLogger(LogManager.java:355) at java.util.logging.Logger.getLogger(Logger.java:328) at org.apache.juli.logging.DirectJDKLog.<init>(DirectJDKLog.java:71) at org.apache.juli.logging.DirectJDKLog.getInstance(DirectJDKLog.java:196) at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:170) at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:311) at org.apache.catalina.core.ContainerBase.getLogger(ContainerBase.java:452) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1102) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:816) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) at java.util.concurrent.FutureTask.run(FutureTask.java:166) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:722) Further on, the following is logged, which suggests that there is no roles defined at all: Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET / Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Security checking request GET / Mar 13, 2015 10:13:12 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 13, 2015 10:13:12 PM org.apache.catalina.realm.RealmBase findSecurityConstraints FINE: No applicable constraints defined Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase invoke FINE: Not subject to any constraint None of this is making any sense. Is there no simply way of switching on realm debugging as we used to with the “debug” attribute? Regards, Graham — --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org