[ https://issues.apache.org/jira/browse/MTOMCAT-151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Lamy (*$^¨%`£) updated MTOMCAT-151: ------------------------------------------- Affects Version/s: (was: 2.0) Fix Version/s: 2.0 > Empty password prevents preemptive authentication headers from being sent > ------------------------------------------------------------------------- > > Key: MTOMCAT-151 > URL: https://issues.apache.org/jira/browse/MTOMCAT-151 > Project: Apache Tomcat Maven Plugin > Issue Type: Bug > Components: commons-lib > Affects Versions: 2.0-beta-1 > Reporter: Peter lynch > Assignee: Olivier Lamy (*$^¨%`£) > Fix For: 2.0 > > > Default username for auth is *admin*, default password is "" ( empty string ). > Problem is when password is empty string, TomcatManager.java does not send auth headers, so deploy and deploy-only goals fail with 401 after appearing to upload the war successfully. > Seems to have been introduced by [this|http://svn.apache.org/viewvc/tomcat/maven-plugin/trunk/common-tomcat-maven-plugin/src/main/java/org/apache/tomcat/maven/common/deployer/TomcatManager.java?r1=1178619&r2=1212685&pathrev=1301824&diff_format=h]. > The line in question is 171 of which decides what to do about auth. > {noformat} > if ( StringUtils.isNotEmpty( username ) && StringUtils.isNotEmpty( password ) ) > {noformat} > Workaround: set a non-empty password for the user accessing /manager/text. > Expected: blank password to trigger preemptive auth headers. > {noformat:title=Proof that TomcatManager didn't send auth headers pre-emptively for empty password(default)} > > mvn -Pstaging tomcat7:deploy-only -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog -Dorg.apache.commons.logging.simplelog.showdatetime=true -Dorg.apache.commons.logging.simplelog.log.org.apache.http=DEBUG -Dorg.apache.commons.logging.simplelog.log.org.apache.http.wire=INFO > [INFO] Scanning for projects... > [INFO] > [INFO] ------------------------------------------------------------------------ > [INFO] Building My WAR 1.0-SNAPSHOT > [INFO] ------------------------------------------------------------------------ > [INFO] > [INFO] --- tomcat7-maven-plugin:2.0-SNAPSHOT:deploy-only (default-cli) @ my-webapp --- > [INFO] Deploying war to http://172.16.2.16:18080/my-webapp > 2012/05/11 11:16:21:623 NDT [DEBUG] PoolingClientConnectionManager - Connection request: [route: {}->http://172.16.2.16:18080][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 5] > 2012/05/11 11:16:21:650 NDT [DEBUG] PoolingClientConnectionManager - Connection leased: [id: 0][route: {}->http://172.16.2.16:18080][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 5] > 2012/05/11 11:16:21:655 NDT [DEBUG] DefaultClientConnectionOperator - Connecting to 172.16.2.16:18080 > 2012/05/11 11:16:21:761 NDT [DEBUG] RequestAddCookies - CookieSpec selected: best-match > 2012/05/11 11:16:21:775 NDT [DEBUG] RequestAuthCache - Auth cache not set in the context > 2012/05/11 11:16:21:776 NDT [DEBUG] RequestTargetAuthentication - Target auth state: UNCHALLENGED > 2012/05/11 11:16:21:777 NDT [DEBUG] RequestProxyAuthentication - Proxy auth state: UNCHALLENGED > 2012/05/11 11:16:21:777 NDT [DEBUG] DefaultHttpClient - Attempt 1 to execute request > 2012/05/11 11:16:21:777 NDT [DEBUG] DefaultClientConnection - Sending request: PUT /manager/text/deploy?path=%2Fmy-webapp&update=true HTTP/1.1 > 2012/05/11 11:16:21:779 NDT [DEBUG] headers - >> PUT /manager/text/deploy?path=%2Fmy-webapp&update=true HTTP/1.1 > 2012/05/11 11:16:21:780 NDT [DEBUG] headers - >> User-Agent: Apache Tomcat Maven Plugin/2.0-SNAPSHOT > 2012/05/11 11:16:21:780 NDT [DEBUG] headers - >> Content-Length: 13269693 > 2012/05/11 11:16:21:780 NDT [DEBUG] headers - >> Host: 172.16.2.16:18080 > 2012/05/11 11:16:21:780 NDT [DEBUG] headers - >> Connection: Keep-Alive > Uploading: http://172.16.2.16:18080/manager/text/deploy?path=%2Fmy-webapp&update=true > Uploaded: http://172.16.2.16:18080/manager/text/deploy?path=%2Fmy-webapp&update=true (12959 KB at 215.5 KB/sec) > 2012/05/11 11:17:21:919 NDT [DEBUG] DefaultClientConnection - Receiving response: HTTP/1.1 401 Unauthorized > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << HTTP/1.1 401 Unauthorized > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Server: Apache-Coyote/1.1 > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Cache-Control: private > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Expires: Wed, 31 Dec 1969 18:00:00 CST > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << WWW-Authenticate: Basic realm="Tomcat Manager Application" > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Set-Cookie: JSESSIONID=6AEFCEADD39F891A0CFED0AD73EE512F; Path=/manager/; HttpOnly > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Content-Type: text/html;charset=ISO-8859-1 > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Transfer-Encoding: chunked > 2012/05/11 11:17:21:920 NDT [DEBUG] headers - << Date: Fri, 11 May 2012 13:46:21 GMT > 2012/05/11 11:17:21:927 NDT [DEBUG] ResponseProcessCookies - Cookie accepted: "[version: 0][name: JSESSIONID][value: 6AEFCEADD39F891A0CFED0AD73EE512F][domain: 172.16.2.16][path: /manager/][expiry: null]". > 2012/05/11 11:17:21:927 NDT [DEBUG] DefaultHttpClient - Connection can be kept alive indefinitely > 2012/05/11 11:17:21:927 NDT [DEBUG] DefaultHttpClient - 172.16.2.16:18080 requested authentication > 2012/05/11 11:17:21:928 NDT [DEBUG] TargetAuthenticationStrategy - Authentication schemes in the order of preference: [negotiate, NTLM, Digest, Basic] > 2012/05/11 11:17:21:928 NDT [DEBUG] TargetAuthenticationStrategy - Challenge for negotiate authentication scheme not available > 2012/05/11 11:17:21:928 NDT [DEBUG] TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available > 2012/05/11 11:17:21:928 NDT [DEBUG] TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available > 2012/05/11 11:17:21:935 NDT [DEBUG] PoolingClientConnectionManager - Connection [id: 0][route: {}->http://172.16.2.16:18080] can be kept alive indefinitely > 2012/05/11 11:17:21:935 NDT [DEBUG] PoolingClientConnectionManager - Connection released: [id: 0][route: {}->http://172.16.2.16:18080][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 5] > [INFO] tomcatManager status code:401, ReasonPhrase:Unauthorized > [INFO] > [INFO] > [INFO] > [INFO] 401 Unauthorized > [INFO] > [INFO] > [INFO] > [INFO]

401 Unauthorized

> [INFO]

> [INFO] You are not authorized to view this page. If you have not changed > [INFO] any configuration files, please examine the file > [INFO] conf/tomcat-users.xml in your installation. That > [INFO] file must contain the credentials to let you use this webapp. > [INFO]

> [INFO]

> [INFO] For example, to add the manager-gui role to a user named > [INFO] tomcat with a password of s3cret, add the following to the > [INFO] config file listed above. > [INFO]

> [INFO]
> [INFO] <role rolename="manager-gui"/>
> [INFO] <user username="tomcat" password="s3cret" roles="manager-gui"/>
> [INFO] 
> [INFO]

> [INFO] Note that for Tomcat 7 onwards, the roles required to use the manager > [INFO] application were changed from the single manager role to the > [INFO] following four roles. You will need to assign the role(s) required for > [INFO] the functionality you wish to access. > [INFO]

> [INFO] > [INFO]

> [INFO] The HTML interface is protected against CSRF but the text and JMX interfaces > [INFO] are not. To maintain the CSRF protection: > [INFO]

> [INFO] > [INFO]

> [INFO] For more information - please see the > [INFO] Manager App HOW-TO. > [INFO]

> [INFO] > [INFO] > [INFO] ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] ------------------------------------------------------------------------ > [INFO] Total time: 1:02.630s > [INFO] Finished at: Fri May 11 11:17:21 NDT 2012 > [INFO] Final Memory: 11M/265M > [INFO] ------------------------------------------------------------------------ > {noformat} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org