This works for me with a clean install of trunk (with appropriate configuration). There have been no relevant changes since 9.0.14.
It looks like the CATALINA_BASE environment variable is not set or can't be found for some reason. It might be related to running as a Windows service - that needs further investigation. If you want to dig into this you can debug you way through the Tomcat code (remote debugging with a break-point at line 218 of JAASCallbackHandler would be the place to start). Alternatively, if you just want a quick fix, explicitly setting the pathname attribute of the JAASMemoryLoginModule to the absolute path to the tomcat-users.xml file should work. Mark On 08/01/2019 16:31, PJ Pillai wrote: > Hi Christopher, > > This is no issue with loading jaas.config. The file is loaded fine. I've > set the java options as below. > -Djava.security.auth.login.config=C:\Program Files\Apache Software > Foundation\Tomcat 9.0\conf\jaas.config > > The above path is correct. Just to verify if the file is loaded, I changed > the path to that do not exist and I go the file not exception. This proves > that the value I've for jaas.config is right. > Did you look at code below that I pointed out? This code output that > warning message > > https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/r > ealm/JAASMemoryLoginModule.java#L384 > > Thanks, > PJ > > > On Sat, Jan 5, 2019 at 7:04 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > PJ, > > On 1/3/19 12:09, PJ Pillai wrote: >>>> Hi Christopher, >>>> >>>> This is no an issue with locating jaas.config. I've set it in java >>>> options as -Djava.security.auth.login.config=C:\Program >>>> Files\Apache Software Foundation\Tomcat 9.0\conf\jaas.config I also >>>> tested changing a file that do not exist and I got the FileNotFound >>>> exception so it is not the issue with jaas.config. >>>> >>>> From the code what I read is that JAASMemoryLoginModule pathname >>>> still using the default value (conf/tomcat-users.xml), Tomcat is >>>> running on Windows so not sure why pathname is >>>> conf/tomcat-users.xml). >>>> >>>> See the line below in the code that log this warning message. >>>> https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/r > ealm/JAASMemoryLoginModule.java#L384 > <https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java#L384> >>>> >>>> see attached log file. All the JVM arguments in the log are >>>> correct. > > Your attachment was stripped from the mailing list. > > conf/tomcat-users.xml is never used as a JAAS configuration file. That > is a user database. > > The slashes are "backward" for you because \ is a metacharacter in > almost every OS and programming language. Java translates / to \ on > Windows as necessary. > > -chris > >>>> On Thu, Jan 3, 2019 at 6:55 AM Christopher Schultz >>>> <ch...@christopherschultz.net >>>> <mailto:ch...@christopherschultz.net>> wrote: >>>> >>>> PJ, >>>> >>>> On 1/2/19 22:15, PJ Pillai wrote: >>>>> Here is additional information. 1. Tomcat is running on Windows >>>>> 2016 server. 2. Tomcat is started as windows service. >>>> >>>>> I tried Tomcat 8.5 as well and still get the same warning >>>>> message and user is not authenticated. >>>> >>>> Did you copy all your system properties from your Tomcat 6 service >>>> to your Tomcat 9 service? Look in thew "JVM Parameters" (or >>>> whatever) section of the Tomcat service manager (tomcat9w.exe). >>>> >>>> Tomcat needs to know where the JAAS config file is, and that's >>>> done through a system property. If that property wasn't copied from >>>> the old service, it probably won't work. >>>> >>>> -chris >>>> >>>>> On Wed, Jan 2, 2019 at 5:00 PM PJ Pillai <pjpil...@gmail.com >>>> <mailto:pjpil...@gmail.com>> >>>>> wrote: >>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> I'm using JAASMemoryLoginModule to authenticate users stored >>>>>> in tomcat-users.xml. The authentication fails on Tomcat 9 with >>>>>> following warning message in catalina.xx.log. >>>>>> >>>>>> org.apache.catalina.realm.JAASMemoryLoginModule.load Unable to >>>>>> determine Catalina base to load file [conf/tomcat-users.xml] >>>>>> >>>>>> >>>>>> Here is a stack trace from the web application: >>>>>> >>>>>> javax.security.auth.login.FailedLoginException: User name or >>>>>> password is incorrect at >>>>>> org.apache.catalina.realm.JAASMemoryLoginModule.login(JAASMemoryLogi > n >>>> >>>>>> > Module.java:350) >>>>>> >>>>>> >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>> at >>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl > . >>>> >>>>>> > java:62) >>>>>> >>>>>> >>>> at >>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce > s >>>> >>>>>> > sorImpl.java:43) >>>>>> >>>>>> >>>> at java.lang.reflect.Method.invoke(Method.java:483) >>>>>> at >>>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) >>>>>> >>>>>> >>>> >>>>>> > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 >>>> 95) >>>>>> at >>>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) >>>>>> >>>>>> >>>> >>>>>> > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) >>>>>> at java.security.AccessController.doPrivileged(Native Method) >>>>>> at >>>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java: > 6 >>>> >>>>>> > 80) >>>>>> >>>>>> >>>> at >>>> javax.security.auth.login.LoginContext.login(LoginContext.java:587) >>>>>> >>>>>> >>>>>> >>>> > Now the same jaas config and same JVM args, it works fine on >>>>>> Tomcat 6. >>>>>> >>>>>> -Djava.security.auth.login.config=C:\Program Files\Apache >>>>>> Software Foundation\Tomcat 9.0\conf\jaas.config >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Please help. >>>>>> >>>>>> Thanks, PJ >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> >>>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> <mailto:users-unsubscr...@tomcat.apache.org> For additional >>>> commands, e-mail: users-h...@tomcat.apache.org >>>> <mailto:users-h...@tomcat.apache.org> >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> >>>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
