Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 88262 invoked from network); 16 Oct 2003 14:09:40 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 16 Oct 2003 14:09:40 -0000 Received: (qmail 93295 invoked by uid 500); 16 Oct 2003 14:09:26 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 93087 invoked by uid 500); 16 Oct 2003 14:09:25 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 93074 invoked from network); 16 Oct 2003 14:09:25 -0000 Received: from unknown (HELO exchange.sun.com) (192.18.33.10) by daedalus.apache.org with SMTP; 16 Oct 2003 14:09:25 -0000 Received: (qmail 21239 invoked by uid 50); 16 Oct 2003 14:12:31 -0000 Date: 16 Oct 2003 14:12:31 -0000 Message-ID: <20031016141231.21238.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Cc: Subject: DO NOT REPLY [Bug 23865] New: - Cannot access admin webapp from a host other than 'localhost' X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23865 Cannot access admin webapp from a host other than 'localhost' Summary: Cannot access admin webapp from a host other than 'localhost' Product: Tomcat 4 Version: 4.1.27 Platform: Sun OS/Version: Solaris Status: NEW Severity: Normal Priority: Other Component: Webapps:Administration AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: tdecarlo@ssi-corp.com The admin webapp is only accessible from the 'localhost'. An attempt to access the admin webapp from another host produces the following error after a successful login to the admin webapp.... HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Apache Tomcat/4.1.27 It appears that the 'redirection to original' does not work, however I don't quite understand why the client host would affect this. Techincal Details regarding the problem....... There is a comment in the admin.xml file specifying that remote access can be adjusted via the org.apache.catalina.valves.RemoteAddrValve however I do not believe this is the issue since it appears that after 'adjusting' the RemoteAddrValve, one does not even get the admin login page. I set debug to 99 in admin.xml....... Using a browser on a remote host..... Clicking on the Tomcat Administrator link takes me to the admin login page and produces the following in the admin log....... **** Excerpt from localhost_admin_log **** 2003-10-16 09:59:38 Authenticator[/admin]: Security checking request GET /admin 2003-10-16 09:59:38 Authenticator[/admin]: Checking constraint 'SecurityConstraint[Protected Area]' against GET --> false 2003-10-16 09:59:38 Authenticator[/admin]: No applicable constraint located 2003-10-16 09:59:38 Authenticator[/admin]: Not subject to any constraint 2003-10-16 09:59:38 StandardContext[/admin]: Mapping contextPath='/admin' with requestURI='/admin' and relativeURI='' 2003-10-16 09:59:38 StandardContext[/admin]: Trying exact match 2003-10-16 09:59:38 StandardContext[/admin]: Trying prefix match 2003-10-16 09:59:38 StandardContext[/admin]: Trying extension match 2003-10-16 09:59:38 StandardContext[/admin]: Trying default match 2003-10-16 09:59:38 StandardContext[/admin]: Mapped to servlet 'default' with servlet path '' and path info 'null' and update=true 2003-10-16 09:59:38 Authenticator[/admin]: Security checking request GET /admin/ 2003-10-16 09:59:38 Authenticator[/admin]: Checking constraint 'SecurityConstraint[Protected Area]' against GET / --> false 2003-10-16 09:59:38 Authenticator[/admin]: No applicable constraint located 2003-10-16 09:59:38 Authenticator[/admin]: Not subject to any constraint 2003-10-16 09:59:38 StandardContext[/admin]: Mapping contextPath='/admin' with requestURI='/admin/' and relativeURI='/' 2003-10-16 09:59:38 StandardContext[/admin]: Trying exact match 2003-10-16 09:59:38 StandardContext[/admin]: Trying prefix match 2003-10-16 09:59:38 StandardContext[/admin]: Trying extension match 2003-10-16 09:59:38 StandardContext[/admin]: Trying default match 2003-10-16 09:59:38 StandardContext[/admin]: Mapped to servlet 'default' with servlet path '/' and path info 'null' and update=true 2003-10-16 09:59:39 Authenticator[/admin]: Security checking request GET /admin/index.jsp 2003-10-16 09:59:39 Authenticator[/admin]: Checking constraint 'SecurityConstraint[Protected Area]' against GET /index.jsp --> true 2003-10-16 09:59:39 Authenticator[/admin]: Subject to constraint SecurityConstraint[Protected Area] 2003-10-16 09:59:39 Authenticator[/admin]: Calling checkUserData() 2003-10-16 09:59:39 Authenticator[/admin]: User data constraint has no restrictions 2003-10-16 09:59:39 Authenticator[/admin]: Calling authenticate() 2003-10-16 09:59:39 Authenticator[/admin]: Save request in session '7B93E21E9FBE96CE8500B8DA438FA72D' 2003-10-16 09:59:39 Authenticator[/admin]: Redirect to login page '/admin/login.jsp' 2003-10-16 09:59:39 Authenticator[/admin]: Failed authenticate() test 2003-10-16 09:59:40 Authenticator[/admin]: Security checking request GET /admin/login.jsp 2003-10-16 09:59:40 Authenticator[/admin]: Checking constraint 'SecurityConstraint[Protected Area]' against GET /login.jsp --> true 2003-10-16 09:59:40 Authenticator[/admin]: Subject to constraint SecurityConstraint[Protected Area] 2003-10-16 09:59:40 Authenticator[/admin]: Calling checkUserData() 2003-10-16 09:59:40 Authenticator[/admin]: User data constraint has no restrictions 2003-10-16 09:59:40 Authenticator[/admin]: Calling authenticate() 2003-10-16 09:59:40 Authenticator[/admin]: Requesting login page normally 2003-10-16 09:59:40 Authenticator[/admin]: Calling accessControl() 2003-10-16 09:59:40 Authenticator[/admin]: Allow access to login page /admin/login.jsp 2003-10-16 09:59:40 Authenticator[/admin]: Successfully passed all security constraints 2003-10-16 09:59:40 StandardContext[/admin]: Mapping contextPath='/admin' with requestURI='/admin/login.jsp' and relativeURI='/login.jsp' 2003-10-16 09:59:40 StandardContext[/admin]: Trying exact match 2003-10-16 09:59:40 StandardContext[/admin]: Trying prefix match 2003-10-16 09:59:40 StandardContext[/admin]: Trying extension match 2003-10-16 09:59:40 StandardContext[/admin]: Mapped to servlet 'jsp' with servlet path '/login.jsp' and path info 'null' and update=true Entering a valid user & password in the login page, produces the 400 error and the following appears in the admin log..... **** Excerpt from localhost_admin_log **** 2003-10-16 10:02:23 Authenticator[/admin]: Security checking request POST /admin/j_security_check 2003-10-16 10:02:23 Authenticator[/admin]: Authenticating username 'td' 2003-10-16 10:02:23 Authenticator[/admin]: Authentication of 'td' was successful 2003-10-16 10:02:23 Authenticator[/admin]: Redirecting to original 'null' 2003-10-16 10:02:23 Authenticator[/admin]: Failed authenticate() test Hitting login through a browser running on localhost produces the following log output.... **** Excerpt from localhost_admin_log **** 2003-10-16 10:04:07 Authenticator[/admin]: Security checking request POST /admin/j_security_check 2003-10-16 10:04:07 Authenticator[/admin]: Authenticating username 'td' 2003-10-16 10:04:07 Authenticator[/admin]: Authentication of 'td' was successful 2003-10-16 10:04:07 Authenticator[/admin]: Redirecting to original '/admin/index.jsp' --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org