Here is the relevant parts of the web.xml. I didn't do the Apache
configuration so I'll have to get more details there but I was told that is
no different than how we configure virtual hosts for other apps that don't
use Tomcat's authentication. E.g. it seems Tomcat is requiring to have the
app's name in the URL...not a subdomain.
<security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<url-pattern>/login.jsp</url-pattern>
<url-pattern>/error.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires
authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myapp-user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
On Tue, Jul 7, 2015 at 8:55 AM, André Warnier <a...@ice-sa.com> wrote:
> David Hoffer wrote:
>
>> 1. Apache Tomcat/7.0.55 (Ubuntu)
>> 2. Hum I don't think so...it works fine when using the full URL, e.g.
>> www.mycompany.com:8080/myapp its only when we use Apache
>>
>
> wait.. what, how ? you are using an Apache httpd front-end ? you never
> mentioned that before. We have no crystal ball here, so we are trying to
> guess your configuration, to try to guess what the problem may be.
> But if you are hiding things for us, this could take a long time.
>
> We may also need to know how exactly you are proxying from Apache httpd to
> Tomcat then.
> Anyway, also send your webapp's web.xml.
>
> From your (incomplete) description so far, it looks as if your may
> re-directing to the wrong place, which re-directs to the wrong place, which
> re-directs to the wrong place and so on. You are probably doing your very
> own DOS attack on your own server. :-)
>
> You may be able to figure this out by yourself, if you think about what
> really happens, step by step.
>
>
> so users can get
>
>> to this same app via myapp.mycompany.com that we get the 508 error from
>> Tomcat.
>> 3. I don't think we have made any changes to Tomcat's server.xml but here
>> is a copy.
>>
>> <?xml version='1.0' encoding='utf-8'?>
>>
>> <Server port="8005" shutdown="SHUTDOWN">
>> <Listener className="org.apache.catalina.core.JasperListener" />
>> <Listener
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>> <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>> <Listener
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>>
>> <GlobalNamingResources>
>> <Resource name="UserDatabase" auth="Container"
>> type="org.apache.catalina.UserDatabase"
>> description="User database that can be updated and saved"
>>
>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>> pathname="conf/tomcat-users.xml" />
>> </GlobalNamingResources>
>>
>> <Service name="Catalina">
>> <Connector port="8080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> URIEncoding="UTF-8"
>> redirectPort="8443" />
>>
>> <Engine name="Catalina" defaultHost="localhost">
>> <Realm className="org.apache.catalina.realm.LockOutRealm">
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="UserDatabase"/>
>> </Realm>
>>
>> <Host name="localhost" appBase="webapps"
>> unpackWARs="true" autoDeploy="true">
>>
>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs"
>> prefix="localhost_access_log." suffix=".txt"
>> pattern="%h %l %u %t "%r" %s %b" />
>>
>> </Host>
>> </Engine>
>> </Service>
>> </Server>
>>
>>
>>
>> On Tue, Jul 7, 2015 at 8:28 AM, André Warnier <a...@ice-sa.com> wrote:
>>
>> Hi.
>>>
>>>
>>> David Hoffer wrote:
>>>
>>> I've added FORM container authentication with Tomcat and everything
>>>> works
>>>> fine as long as users use the full URL to the app (URL in Tomcat's
>>>> manager
>>>> app).
>>>>
>>>> However users want to use a different URL based on a virtual host, e.g.
>>>> myapp.mycompany.com. It brings the users to the app no problem but
>>>> then
>>>> when they try to login Tomcat reports a 508 error, how do I solve this?
>>>>
>>>> The URL in the browser when this happens is
>>>> myapp.mycompany.com/j_security_check
>>>>
>>>>
>>>> 1) to save time to everyone in the end, please provide at least the
>>> full
>>> version of Tomcat that you are using.
>>> 2) HTTP status code 508 indicates that some server resource limit has
>>> been
>>> reached. That points to some kind of infinite loop. That would tend to
>>> hint at the fact that whatever your login form is pointing to, maybe
>>> itself
>>> is a protected location and so on..
>>> 3) Anyway, your question above would be a lot clearer (and it would also
>>> save time), if you copy and paste the content of your Tomcat's
>>> "server.xml"
>>> file, below here :
>>> (please remove any comments and confidential information)
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
