tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joel Rouiller" <joel.rouil...@infometis.ch>
Subject Re: HELP - Security in web.xml
Date Tue, 30 May 2000 07:42:56 GMT
I just checked out $TOMCAT_HOME/logs/servlet.log . Perheps it helps to find out something about
my problem:

> cat servlet.log | grep reporting
Context log path="/reporting" :tomcat.errorPage: init
Context log path="/reporting" :jsp: init
Context log path="/reporting" :default: init
Context log path="/reporting" :invoker: init
Context log path="/reporting" :Reporting: init
Context log path="/reporting" :Reporting: System.out and System.err redirected to log files
Context log path="/reporting" :tomcat.authServlet: init
Context log path="/reporting" :tomcat.errorPage: destroy
Context log path="/reporting" :tomcat.authServlet: destroy
Context log path="/reporting" :Reporting: destroy
Context log path="/reporting" :invoker: destroy
Context log path="/reporting" :default: destroy

The entry about System.out and System.err is produced by my servlet. What I'm not understanding
is the entry with 'tomcat.authServlet: init'. For the examples there is not such an entry.
When will this 'authServlet' been initialized?

Joel
  ----- Original Message ----- 
  I tried it out without success :-( .

  If it is not due to tomcat, what could be configured wrong for Apache?

  After 3 tries it brings back a blank page without any error. In the $TOMCAT_HOME/logs/tomcat.log
it shows these errors for each unsuccessfull login:

  Context log: path="/reporting" BASIC auth dG9tY2F0OnRvbWNhdA== userid:passwd
  Context log: path="/reporting" BASIC Auth:  userid
  Context log: path="/reporting" In error handler 401 null / R( /reporting + /servlet/Reporting
+ null)
  Context log: path="/reporting" Setting auth servlet Wrapper(tomcat.authServlet S:org.apache.tomcat.servlets.AuthServlet)
  Context log: path="/reporting" Error: Calling servlet Wrapper(tomcat.authServlet S:org.apache.tomcat.servlets.AuthServlet)
  Context log: path="/reporting" In error handler 401 null / R( /reporting + /servlet/Reporting
+ null)
  Context log: path="/reporting" Error: exception inside exception servlet 401 null
  Context log: path="/reporting" Setting auth servlet Wrapper(tomcat.errorPage S:org.apache.tomcat.servlets.DefaultErrorPage)
  Context log: path="/reporting" Error/loop in default error handler R( /reporting + /servlet/Reporting
+ null) 401 null null

  Joel

    ----- Original Message ----- 
    Comment out the following line in jakarta-tomcat/conf/server.xml: 
      
    <RequestInterceptor className="org.apache.tomcat.request.SecurityCheck" /> 
    If the problem persists, at least you'll not it's not due to tomcat. 

    Vincent. 

    PS: and after 3 times, does it let you in?


    Joel Rouiller wrote: 

       No, I intentionally commented out any <security-constraint> or <login-config>
tags. 
        ----- Original Message -----
        Are you sure you don't have a <security-constraint> or 
        <login-config> in your web.xml file? 
        Joel Rouiller wrote: 

          Dear reader, I installed Tomcat on Linux with the Apache web server. All the examples
are running well. But our servlet (running well with JServ) makes me sick. I installed all
necessary files in $TOMCAT/webapps/reporting as described in various papers. The web.xml file
looks like this: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app 
              PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" 
              "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"> <web-app> 
            <servlet> 
              <servlet-name>Reporting</servlet-name> 
              <servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>

              <init-param> 
                <param-name>db.driver</param-name> 
                <param-value>oracle.jdbc.driver.OracleDriver</param-value> 
              </init-param> 
              <init-param> 
                ... other init parameters ...    </init-param> 
              <init-param> 
                <param-name>html.entries_new</param-name> 
                <param-value>2</param-value> 
              </init-param> 
            </servlet> 
            <servlet-mapping> 
              <servlet-name>Reporting</servlet-name> 
              <url-pattern>/reporting</url-pattern> 
            </servlet-mapping> 
          </web-app> I added the following line in $TOMCAT/conf/server.xml:        
<Context path="/reporting" docBase="webapps/reporting" debug="9" reloadable="true">
       </Context> And $TOMCAT/conf/tomcat.conf look like this: ###############################################################################

          #                     Apache JServ Configuration File                         #

          ################################################################################
Note: this file should be appended or included into your httpd.conf # Tell Apache on Unix
to load the Apache JServ communication module 
          # For shared object builds only!!! 
          # @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so 
          LoadModule jserv_module /usr/lib/apache/mod_jserv.so <IfModule mod_jserv.c>

          # Do not edit! 
          ApJServManual on 
          ApJServDefaultProtocol ajpv12 
          ApJServSecretKey DISABLED 
          ApJServMountCopy on 
          ApJServLogLevel notice 
          ApJServLogFile DISABLED### Change if you run tomcat on a different host 
          #ApJServDefaultHost localhost 
          ApJServDefaultPort 8007 
          #################### All jsp files will go to tomcat #################### 
          #ApJServMount default /root AddType text/jsp .jsp 
          AddHandler jserv-servlet .jsp ############################## Context mapping - you
need to "deploy" 
          # ( copy or ln -s ) the context into htdocs 
          ## ApJServMount /examples /root 
          ApJServMount /reporting /root 
          ApJServMount /test /root 
          ApJServMount /servlet /root </IfModule> I removed all access restriction to
the reporting directories in httpd.conf. So it should be accessed from anyone from everywhere,
but no, it allways ask me three times a user id and password to log in. Has anyone an idea
what is going wrong or what I is configured wrong? Best regards and thanks for any suggestions,
Joel Rouiller / infometis ag

Mime
View raw message