On 13 Mar 2015, at 9:58 PM, Neven Cvetkovic <neven.cvetko...@gmail.com> wrote:
> Just to confirm, the 403 Forbidden page was rendered by Tomcat, not Apache
> HTTPD?
Yes, it is branded tomcat and appears in the tomcat access log.
> I don't expect it is an Apache issue here - because you mentioned your
> application worked before - I assume with the same URL, and no updates to
> Apache HTTPD configuration.
>
> Next thing I would probably increase the verbosity of the Realm logging, by
> updating your conf/logging.properties, e.g.
> org.apache.catalina.realm.level = ALL
> org.apache.catalina.realm.useParentHandlers = true
> org.apache.catalina.authenticator.level = ALL
> org.apache.catalina.authenticator.useParentHandlers = true
>
>
> You might want to disable buffering as well, e.g.
> 1catalina.org.apache.juli.FileHandler.bufferSize = -1
None of these changes to logging.properties have any effect on my test system
of tomcat v7.0.59 deployed to RHEL6. I get no changes to catalina.out at all,
it stays completely silent.
I tried to make the same changes to a tomcat v7.0.59 running within Eclipse,
and in this case I get the following:
Can't load log handler "2localhost.org.apache.juli.FileHandler"
java.lang.ClassNotFoundException: 2localhost.org.apache.juli.FileHandler
java.lang.ClassNotFoundException: 2localhost.org.apache.juli.FileHandler
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
at java.util.logging.LogManager$3.run(LogManager.java:418)
at java.security.AccessController.doPrivileged(Native Method)
at java.util.logging.LogManager.loadLoggerHandlers(LogManager.java:405)
at java.util.logging.LogManager.addLogger(LogManager.java:609)
at java.util.logging.LogManager.demandLogger(LogManager.java:355)
at java.util.logging.Logger.getLogger(Logger.java:328)
at org.apache.juli.logging.DirectJDKLog.<init>(DirectJDKLog.java:71)
at
org.apache.juli.logging.DirectJDKLog.getInstance(DirectJDKLog.java:196)
at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:170)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:311)
at
org.apache.catalina.core.ContainerBase.getLogger(ContainerBase.java:452)
at
org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1102)
at
org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:816)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Further on, the following is logged, which suggests that there is no roles
defined at all:
Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase
invoke
FINE: Security checking request GET /
Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase
invoke
FINE: Security checking request GET /
Mar 13, 2015 10:13:12 PM org.apache.catalina.realm.RealmBase
findSecurityConstraints
FINE: No applicable constraints defined
Mar 13, 2015 10:13:12 PM org.apache.catalina.realm.RealmBase
findSecurityConstraints
FINE: No applicable constraints defined
Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase
invoke
FINE: Not subject to any constraint
Mar 13, 2015 10:13:12 PM org.apache.catalina.authenticator.AuthenticatorBase
invoke
FINE: Not subject to any constraint
None of this is making any sense. Is there no simply way of switching on realm
debugging as we used to with the “debug” attribute?
Regards,
Graham
—
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
