tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joel Rouiller" <joel.rouil...@infometis.ch>
Subject Re: HELP - Security in web.xml
Date Tue, 30 May 2000 06:55:59 GMT
I tried it out without success :-( .

If it is not due to tomcat, what could be configured wrong for Apache?

After 3 tries it brings back a blank page without any error. In the $TOMCAT_HOME/logs/tomcat.log
it shows these errors for each unsuccessfull login:

Context log: path="/reporting" BASIC auth dG9tY2F0OnRvbWNhdA== userid:passwd
Context log: path="/reporting" BASIC Auth:  userid
Context log: path="/reporting" In error handler 401 null / R( /reporting + /servlet/Reporting
+ null)
Context log: path="/reporting" Setting auth servlet Wrapper(tomcat.authServlet S:org.apache.tomcat.servlets.AuthServlet)
Context log: path="/reporting" Error: Calling servlet Wrapper(tomcat.authServlet S:org.apache.tomcat.servlets.AuthServlet)
Context log: path="/reporting" In error handler 401 null / R( /reporting + /servlet/Reporting
+ null)
Context log: path="/reporting" Error: exception inside exception servlet 401 null
Context log: path="/reporting" Setting auth servlet Wrapper(tomcat.errorPage S:org.apache.tomcat.servlets.DefaultErrorPage)
Context log: path="/reporting" Error/loop in default error handler R( /reporting + /servlet/Reporting
+ null) 401 null null

Joel

  ----- Original Message ----- 
  Comment out the following line in jakarta-tomcat/conf/server.xml: 
    
  <RequestInterceptor className="org.apache.tomcat.request.SecurityCheck" /> 
  If the problem persists, at least you'll not it's not due to tomcat. 

  Vincent. 

  PS: and after 3 times, does it let you in?


  Joel Rouiller wrote: 

     No, I intentionally commented out any <security-constraint> or <login-config>
tags. 
      ----- Original Message -----
      Are you sure you don't have a <security-constraint> or 
      <login-config> in your web.xml file? 
      Joel Rouiller wrote: 

        Dear reader, I installed Tomcat on Linux with the Apache web server. All the examples
are running well. But our servlet (running well with JServ) makes me sick. I installed all
necessary files in $TOMCAT/webapps/reporting as described in various papers. The web.xml file
looks like this: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app 
            PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" 
            "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"> <web-app> 
          <servlet> 
            <servlet-name>Reporting</servlet-name> 
            <servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>

            <init-param> 
              <param-name>db.driver</param-name> 
              <param-value>oracle.jdbc.driver.OracleDriver</param-value> 
            </init-param> 
            <init-param> 
              ... other init parameters ...    </init-param> 
            <init-param> 
              <param-name>html.entries_new</param-name> 
              <param-value>2</param-value> 
            </init-param> 
          </servlet> 
          <servlet-mapping> 
            <servlet-name>Reporting</servlet-name> 
            <url-pattern>/reporting</url-pattern> 
          </servlet-mapping> 
        </web-app> I added the following line in $TOMCAT/conf/server.xml:         <Context
path="/reporting" docBase="webapps/reporting" debug="9" reloadable="true">        </Context>
And $TOMCAT/conf/tomcat.conf look like this: ###############################################################################

        #                     Apache JServ Configuration File                         # 
        ################################################################################ Note:
this file should be appended or included into your httpd.conf # Tell Apache on Unix to load
the Apache JServ communication module 
        # For shared object builds only!!! 
        # @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so 
        LoadModule jserv_module /usr/lib/apache/mod_jserv.so <IfModule mod_jserv.c>

        # Do not edit! 
        ApJServManual on 
        ApJServDefaultProtocol ajpv12 
        ApJServSecretKey DISABLED 
        ApJServMountCopy on 
        ApJServLogLevel notice 
        ApJServLogFile DISABLED### Change if you run tomcat on a different host 
        #ApJServDefaultHost localhost 
        ApJServDefaultPort 8007 
        #################### All jsp files will go to tomcat #################### 
        #ApJServMount default /root AddType text/jsp .jsp 
        AddHandler jserv-servlet .jsp ############################## Context mapping - you
need to "deploy" 
        # ( copy or ln -s ) the context into htdocs 
        ## ApJServMount /examples /root 
        ApJServMount /reporting /root 
        ApJServMount /test /root 
        ApJServMount /servlet /root </IfModule> I removed all access restriction to
the reporting directories in httpd.conf. So it should be accessed from anyone from everywhere,
but no, it allways ask me three times a user id and password to log in. Has anyone an idea
what is going wrong or what I is configured wrong? Best regards and thanks for any suggestions,
Joel Rouiller / infometis ag

Mime
View raw message