cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ronald (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FEDIZ-124) Fediz-plugin for Tomcat 8
Date Fri, 28 Aug 2015 13:14:45 GMT

    [ https://issues.apache.org/jira/browse/FEDIZ-124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14718540#comment-14718540
] 

ronald commented on FEDIZ-124:
------------------------------

in accordance to your remark of the latest release 1.2.0 of the Fediz plugin, we did a test
with the 1.2.1version on a Tomcat behind a hardware loadbalancer. the LB does a head request
to see if the tomcat is alive.
versions of the Java and Tomcat are
Tomcat =  Tomcat 7.0.63
Java      =  jdk-8u51-windows-x64

config of the Fediz is as follows:
- <FedizConfig>
- <contextConfig name="/QIS_Extranet">
- <audienceUris>
  <audienceItem>***************/</audienceItem> 
  </audienceUris>
- <certificateStores>
- <trustManager>
  <keyStore file="**************" password="*************" type="JKS" /> 
  </trustManager>
  </certificateStores>
- <trustedIssuers>
  <issuer subject=".*CN=.*" certificateValidation="ChainTrust" name="DoubleItSTSIssuer"
/> 
  </trustedIssuers>
  <maximumClockSkew>1000</maximumClockSkew> 
- <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="federationProtocolType"
version="1.0.0">
  <realm>https://extranet.reaal.srg/</realm> 
  <issuer>https://acc-login.reaal.srg/issue/wsfed</issuer> 
  <roleDelimiter>,</roleDelimiter> 
  <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>

  <freshness>0</freshness> 
- <claimTypesRequested>
  <claimType type="" optional="true" /> 
  </claimTypesRequested>
  </protocol>
  </contextConfig>
  </FedizConfig>

Within Tomcat there are 2 webapps and the default webapp.
/LB
/QIS_Extranet
/

When we start the Tomcat instance there are no faults (logging is set on FINEST)
in the local_access_log we only see http 500 error's
[28/Aug/2015:14:02:03 +0200] - GET /LB/index.jsp HTTP/1.1 500 - - - 10.52.59.4 - -
[28/Aug/2015:14:02:03 +0200] - HEAD / HTTP/1.1 500 - - - 10.52.58.3 - -
[28/Aug/2015:14:02:03 +0200] - HEAD / HTTP/1.1 500 - - - 10.52.58.4 - -
[28/Aug/2015:14:02:05 +0200] - HEAD / HTTP/1.1 500 - - - 10.52.58.3 - -
[28/Aug/2015:14:02:07 +0200] - GET /LB/index.jsp HTTP/1.1 500 - - - 10.52.59.3 - -

if we switch to the 1.0.0 version, nothing else is changed the we get the following
[28/Aug/2015:14:09:38 +0200] AF6355DBEB324B90E8C1933654778D73 HEAD / HTTP/1.1 200 - - - 10.52.58.4
- -
[28/Aug/2015:14:09:38 +0200] 460DD2ECFB194D0AEFDF1FF42B41E8D8 GET /LB/index.jsp HTTP/1.1 200
- - - 10.52.59.4 - -
so this is ok

if we do a HEAD request to the Tomcat instance we get http 500 errors with version 1.2.1 (and
1.2.0)
also the requests to the webapp will result in a HTTP 500 error.
if we do HEAD request with the version 1.0.1 we get HTTP 200 return codes and everyting is
ok.

correct me if  I am wrong but the contextConfig name will determine which calls will be handeld
by Fediz isn't?

what can be wrong with our config?


> Fediz-plugin for Tomcat 8
> -------------------------
>
>                 Key: FEDIZ-124
>                 URL: https://issues.apache.org/jira/browse/FEDIZ-124
>             Project: CXF-Fediz
>          Issue Type: Question
>          Components: Plugin
>    Affects Versions: 1.0.2
>         Environment: Windows tomcat version
>            Reporter: ronald
>              Labels: patch
>
> we currently using Fediz-plugin version 1.0.2 within Tomcat7. Now we have to upgrade
Tomcat to version 8.
> Fediz-plugin is build for Tomcat 6 & 7. Not for  Tomcat 8.0.23 .
> With which enhancments is this plugin do we have to make within the distribution?
> the supplier of the application that uses the Fediz-plugin had made a diff and had the
following differences:
> ////////////////////////
> C:\projects\fediz-1.2.0\plugins>diff tomcat7\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java
tomcat8\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java
> --- tomcat7\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java  
   Wed Jul 15 10:18:57 2015
> +++ tomcat8\src\main\java\org\apache\cxf\fediz\tomcat\FederationAuthenticator.java  
   Mon Jul 13 22:52:39 2015
> @@ -40,7 +40,6 @@
> import org.apache.catalina.authenticator.SavedRequest;
> import org.apache.catalina.connector.Request;
> import org.apache.catalina.connector.Response;
> -import org.apache.catalina.deploy.LoginConfig;
> import org.apache.cxf.fediz.core.FederationConstants;
> import org.apache.cxf.fediz.core.FedizPrincipal;
> import org.apache.cxf.fediz.core.config.FedizConfigurator;
> @@ -85,14 +84,6 @@
>          LOG.debug("WsFedAuthenticator()");
>      }
> -    /**
> -     * Return descriptive information about this Valve implementation.
> -     */
> -    @Override
> -    public String getInfo() {
> -        return INFO;
> -    }
> -
>      public String getConfigFile() {
>          return configFile;
>      }
> @@ -192,8 +183,7 @@
>      }
>      @Override
> -    public boolean authenticate(Request request, HttpServletResponse response,
> -            LoginConfig config) throws IOException {
> +    public boolean authenticate(Request request, HttpServletResponse response) throws
IOException {
>          LOG.debug("authenticate invoked");
> //////////////////////////////
> are these the only differences or do we miss something?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message