tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chun, Byung (GEAE, Elano)" <byung.c...@ae.ge.com>
Subject RE: HELP - Security in web.xml
Date Tue, 30 May 2000 07:33:24 GMT
You probably have a configuration error in Apache.
It looks like you might have the setting for the directive
AuthType set to Basic in mod_core.  I would scan
your http.conf file for this directive.
 
Jin

-----Original Message-----
From: Joel Rouiller [mailto:joel.rouiller@infometis.ch]
Sent: Tuesday, May 30, 2000 2:56 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: HELP - Security in web.xml


I tried it out without success :-( .
 
If it is not due to tomcat, what could be configured wrong for Apache?
 
After 3 tries it brings back a blank page without any error. In the
$TOMCAT_HOME/logs/tomcat.log it shows these errors for each unsuccessfull login:
 
Context log: path="/reporting" BASIC auth dG9tY2F0OnRvbWNhdA== userid:passwd
Context log: path="/reporting" BASIC Auth:  userid
Context log: path="/reporting" In error handler 401 null / R( /reporting +
/servlet/Reporting + null)
Context log: path="/reporting" Setting auth servlet Wrapper(tomcat.authServlet
S:org.apache.tomcat.servlets.AuthServlet)
Context log: path="/reporting" Error: Calling servlet Wrapper(tomcat.authServlet
S:org.apache.tomcat.servlets.AuthServlet)
Context log: path="/reporting" In error handler 401 null / R( /reporting +
/servlet/Reporting + null)
Context log: path="/reporting" Error: exception inside exception servlet 401
null
Context log: path="/reporting" Setting auth servlet Wrapper(tomcat.errorPage
S:org.apache.tomcat.servlets.DefaultErrorPage)
Context log: path="/reporting" Error/loop in default error handler R( /reporting
+ /servlet/Reporting + null) 401 null null
 
Joel
 

----- Original Message ----- 
Comment out the following line in jakarta-tomcat/conf/server.xml: 
  
<RequestInterceptor className="org.apache.tomcat.request.SecurityCheck" /> 

If the problem persists, at least you'll not it's not due to tomcat. 


Vincent. 


PS: and after 3 times, does it let you in?


Joel Rouiller wrote: 


 No, I intentionally commented out any <security-constraint> or <login-config>
tags. 

----- Original Message -----
Are you sure you don't have a <security-constraint> or 
<login-config> in your web.xml file? 

Joel Rouiller wrote: 


Dear reader, I installed Tomcat on Linux with the Apache web server. All the
examples are running well. But our servlet (running well with JServ) makes me
sick. I installed all necessary files in $TOMCAT/webapps/reporting as described
in various papers. The web.xml file looks like this: <?xml version="1.0"
encoding="ISO-8859-1"?> <!DOCTYPE web-app 
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" 
    " http://java.sun.com/j2ee/dtds/web-app_2.2.dtd"
<http://java.sun.com/j2ee/dtds/web-app_2.2.dtd> > <web-app> 
  <servlet> 
    <servlet-name>Reporting</servlet-name> 
 
<servlet-class>ch.infometis.reporting.servlet.ReportingServlet</servlet-class>

    <init-param> 
      <param-name>db.driver</param-name> 
      <param-value>oracle.jdbc.driver.OracleDriver</param-value> 
    </init-param> 
    <init-param> 
      ... other init parameters ...    </init-param> 
    <init-param> 
      <param-name>html.entries_new</param-name> 
      <param-value>2</param-value> 
    </init-param> 
  </servlet> 
  <servlet-mapping> 
    <servlet-name>Reporting</servlet-name> 
    <url-pattern>/reporting</url-pattern> 
  </servlet-mapping> 
</web-app> I added the following line in $TOMCAT/conf/server.xml:
<Context path="/reporting" docBase="webapps/reporting" debug="9"
reloadable="true">        </Context> And $TOMCAT/conf/tomcat.conf look like
this:
############################################################################### 
#                     Apache JServ Configuration File                         # 
################################################################################
Note: this file should be appended or included into your httpd.conf # Tell
Apache on Unix to load the Apache JServ communication module 
# For shared object builds only!!! 
# @LOAD_OR_NOT@LoadModule jserv_module @LIBEXECDIR@/mod_jserv.so 
LoadModule jserv_module /usr/lib/apache/mod_jserv.so <IfModule mod_jserv.c> 
# Do not edit! 
ApJServManual on 
ApJServDefaultProtocol ajpv12 
ApJServSecretKey DISABLED 
ApJServMountCopy on 
ApJServLogLevel notice 
ApJServLogFile DISABLED### Change if you run tomcat on a different host 
#ApJServDefaultHost localhost 
ApJServDefaultPort 8007 
#################### All jsp files will go to tomcat #################### 
#ApJServMount default /root AddType text/jsp .jsp 
AddHandler jserv-servlet .jsp ############################## Context mapping -
you need to "deploy" 
# ( copy or ln -s ) the context into htdocs 
## ApJServMount /examples /root 
ApJServMount /reporting /root 
ApJServMount /test /root 
ApJServMount /servlet /root </IfModule> I removed all access restriction to the
reporting directories in httpd.conf. So it should be accessed from anyone from
everywhere, but no, it allways ask me three times a user id and password to log
in. Has anyone an idea what is going wrong or what I is configured wrong? Best
regards and thanks for any suggestions, Joel Rouiller / infometis ag


Mime
View raw message