Re: Form authentication with Tomcat 7.0.63 behind Apache HTTPD and mod_jk

Fri, 10 Jul 2015 02:11:28 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Konstantin,

On 7/9/2015 10:39 PM, Konstantin Kolinko wrote:
> 2015-07-10 2:35 GMT+03:00 Mark Eggers
> <its_toas...@yahoo.com.invalid>:
>> 
>> Folks,
>> 
>> I seem to be having a problem trying to use form-based
>> authentication. What worked in 7.0.62 no longer works in 7.0.63.
>> Using 7.0.62 I can successfully authenticate in my toy
>> application and the latest version of Jenkins. Using 7.0.63 I end
>> up on the form error page in my toy application and the latest
>> version of Jenkins.
>> 
>> I've not changed any of the configuration files. I run Tomcat
>> using $CATALINA_HOME and $CATALINA_BASE. To upgrade Tomcat, I
>> just install a new version and move some links around.
>> 
>> Here is a rundown of my environment:
>> 
> [....]
> 
> How it fails? (Steps, maybe also Access Log output)

Steps to fail:

Use the following architecture:

Browser -- Apache HTTPD -- mod-jk -- Tomcat 7.0.63 -- Application

1. Access main page of application
2. Select the login link
3. Fill out the login form (username and password)
4. Click on the login button
5. Get the error login page

> 
> Quick test with direct access to Tomcat and examples webapp =
> success. 
> (http://localhost:8080/examples/jsp/security/protected/index.jsp)
> 
> Possible areas to test: 1. httpd / mod_jk  : Do you have failure
> with direct access to Tomcat ?
> 

No, direct access to Tomcat 7.0.63 on port 8080 works as expected. In
other words:

Browser -- Tomcat 7.0.63 -- Application

works.

> 2. cookie / set-cookie headers e.g. see AccessLogValve
> configuration here: 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=57872#c0

Here's what I placed in the pattern attribute of the AccessLogValve
(all one line):

%a - - %t %m %U %H %s %B
SessionId: %S
Cookie received: %{cookie}i
Set-Cookie sent: %{set-cookie}o

Here's the log output in the following scenario:

Browser -- Apache HTTPD -- mod-jk -- Tomcat 7.0.63 -- Application

192.168.0.250 - - [10/Jul/2015:01:19:39 -0700] GET /RPets HTTP/1.1 302 0
SessionId: -
Cookie received: -
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:19:39 -0700]
GET /RPets/ HTTP/1.1 200 1595
SessionId: 38503E0B0A32A870DABE772453A5A553
Cookie received: JSESSIONID=38503E0B0A32A870DABE772453A5A553
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:19:43 -0700]
GET /RPets/protected/personalize.jsp HTTP/1.1 304 0
SessionId: F1DCC3FDF2DD75F563A67430BA985287
Cookie received: JSESSIONID=38503E0B0A32A870DABE772453A5A553
Set-Cookie sent:
JSESSIONID=F1DCC3FDF2DD75F563A67430BA985287; Path=/RPets/; HttpOnly

192.168.0.250 - - [10/Jul/2015:01:19:53 -0700]
POST /RPets/protected/j_security_check HTTP/1.1 200 1111
SessionId: F1DCC3FDF2DD75F563A67430BA985287
Cookie received: JSESSIONID=F1DCC3FDF2DD75F563A67430BA985287
Set-Cookie sent: -

[ and the error page for a failed login is displayed ]

Here's the log output in the following scenario:

Browser -- Tomcat 7.0.63 -- Application

192.168.0.250 - - [10/Jul/2015:01:32:44 -0700]
GET /RPets HTTP/1.1 302 0
SessionId: -
Cookie received: -
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:32:44 -0700]
GET /RPets/ HTTP/1.1 200 1595
SessionId: F1DCC3FDF2DD75F563A67430BA985287
Cookie received: JSESSIONID=F1DCC3FDF2DD75F563A67430BA985287
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:32:47 -0700]
GET /RPets/protected/personalize.jsp HTTP/1.1 200 1090
SessionId: 6E42788DECF5F96688EF7D51FC41EA0F
Cookie received: JSESSIONID=F1DCC3FDF2DD75F563A67430BA985287
Set-Cookie sent:
JSESSIONID=6E42788DECF5F96688EF7D51FC41EA0F; Path=/RPets/; HttpOnly

192.168.0.250 - - [10/Jul/2015:01:32:56 -0700]
POST /RPets/protected/j_security_check HTTP/1.1 302 0
SessionId: 6E42788DECF5F96688EF7D51FC41EA0F
Cookie received: JSESSIONID=6E42788DECF5F96688EF7D51FC41EA0F
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:32:56 -0700]
GET /RPets/protected/personalize.jsp HTTP/1.1 200 2405
SessionId: CC61312515FED5CF197475B41AA7B017
Cookie received: JSESSIONID=F1DCC3FDF2DD75F563A67430BA985287
Set-Cookie sent:
JSESSIONID=CC61312515FED5CF197475B41AA7B017; Path=/RPets/; HttpOnly

192.168.0.250 - - [10/Jul/2015:01:32:57 -0700]
GET /RPets/protected/css/pbasic.css HTTP/1.1 304 0
SessionId: CC61312515FED5CF197475B41AA7B017
Cookie received: JSESSIONID=CC61312515FED5CF197475B41AA7B017
Set-Cookie sent: -

[ login succeeds and the personalize.jsp page is displayed ]

Here's the log output in the following scenario:

Browser -- Apache HTTPD -- mod-jk -- Tomcat 7.0.62 -- Application

192.168.0.250 - - [10/Jul/2015:01:54:24 -0700]
GET /RPets HTTP/1.1 302 0
SessionId: -
Cookie received: -
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:54:25 -0700]
GET /RPets/ HTTP/1.1 200 1595
SessionId: -
Cookie received: -
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:54:29 -0700]
GET /RPets/protected/personalize.jsp HTTP/1.1 304 0
SessionId: 11AD7E9AE579C904277AB59A8DAC0F58
Cookie received: -
Set-Cookie sent:
JSESSIONID=11AD7E9AE579C904277AB59A8DAC0F58; Path=/RPets/; HttpOnly

192.168.0.250 - - [10/Jul/2015:01:54:38 -0700]
POST /RPets/protected/j_security_check HTTP/1.1 302 0
SessionId: 11AD7E9AE579C904277AB59A8DAC0F58
Cookie received: JSESSIONID=11AD7E9AE579C904277AB59A8DAC0F58
Set-Cookie sent: -

192.168.0.250 - - [10/Jul/2015:01:54:38 -0700]
GET /RPets/protected/personalize.jsp HTTP/1.1 200 2405
SessionId: A2C819F6093F6E8A110BC656BADFF754
Cookie received: -
Set-Cookie sent:
JSESSIONID=A2C819F6093F6E8A110BC656BADFF754; Path=/RPets/; HttpOnly

192.168.0.250 - - [10/Jul/2015:01:54:38 -0700]
GET /RPets/protected/css/pbasic.css HTTP/1.1 304 0
SessionId: A2C819F6093F6E8A110BC656BADFF754
Cookie received: JSESSIONID=A2C819F6093F6E8A110BC656BADFF754
Set-Cookie sent: -

[ login succeeds and the personalize.jsp page is displayed ]

> 
> 3. Realm
> 

Here's the Realm in context.xml:

<Context antiJARLocking="true">
  <Resource auth="Container"
            description="Pet authentication"
            driverClassName="com.mysql.jdbc.Driver"
            maxActive="10"
            maxIdle="3"
            maxWait="10000"
            name="jdbc/auth"
            password="foopasswd"
            type="javax.sql.DataSource"
            url="jdbc:mysql://localhost/petauth"
            username="foouser"
            validationQuery="SELECT 1"/>
  <Realm className="org.apache.catalina.realm.DataSourceRealm"
         dataSourceName="jdbc/auth"
         localDataSource="true"
         roleNameCol="rolename"
         userCredCol="password"
         userNameCol="username"
         userRoleTable="roles"
         userTable="users"/>
</Context>

> Best regards, Konstantin Kolinko

Thanks,
/mde/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJVn4wbAAoJEEFGbsYNeTwtt18H/3+OoNJoKk40YTVBRMTebxcB
t+5KD0iipF6MGSbyQsdPxvpbfnD+ISlus/MM9wRXBBd7IZZ9F+LiKYIQJdx45Dv0
BO8N3IaKkr/d8kGa+p3z+h5w0YJDDutok79/mjJMx40Rrtj4X8d7JyxAN5k4SdcW
i2VHiNxiUvE4nGsDO3II0vVaVeba6iBUQ0n5doKt/Ex05qHilQhhU/Ub/x+eqgrs
/h1+uop0krl9wgDaDHj/CLJxEgTuyVmFqEBfLvju9HZZ/u6H+68YdktjNHx84I4f
TOME1w740C4juzLne8R7WlR0ZTietEeCwo5lsrxqeL/I2B5MHSE+fw+StuSNoCA=
=hMUM
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to