tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill2 <bi...@bavendam.com>
Subject Re: admin tool login error
Date Thu, 01 May 2003 21:06:43 GMT
I wasn't able to find a web.xml for the admin app - but I have included
admin.xml below:

Is there a web.xml for the admin tool?

Thanks,

Bill

<!--

    Context configuration file for the Tomcat Administration Web App

    $Id: admin.xml,v 1.3 2002/07/23 12:12:15 remm Exp $

-->


<Context path="/admin" docBase="../server/webapps/admin"
        debug="9" privileged="true">

  <!-- Uncomment this Valve to limit access to the Admin app to localhost
   for obvious security reasons. Allow may be a comma-separated list of
   hosts (or even regular expressions).
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
    allow="127.0.0.1"/>
  -->

  <Logger className="org.apache.catalina.logger.FileLogger"
             prefix="localhost_admin_log." suffix=".txt"
          timestamp="true"/>

</Context>


"Koes, Derrick" wrote:

> How is your web.xml configured?
>
> -----Original Message-----
> From: Bill2 [mailto:bill2@bavendam.com]
> Sent: Thursday, May 01, 2003 4:35 PM
> To: tomcat-user@jakarta.apache.org
> Subject: admin tool login error
>
> Hello,
>
> I installed Tomcat 4.1.24 and configured a user with administrator
> role.  When I try to login using that user, I get the following:
>
> "HTTP status 403 - access to the requested resource has been denied."
>
> When I use a known invalid user I get the expected "Invalid
> username...."
>
> I set debug="9" in admin.xml and have included the relevant portion of
> the log file below (most relevant section following ******** near
> bottom).  This problem is similar to other posts however I encountered
> it when using stable browsers like the latest Netscape and Explorer.
>
> Any ideas or help greatly appreciated.
>
> Thanks,
>
> Bill
>
> 2003-05-01 12:09:25 WebappLoader[/admin]: Deploying class repositories
> to work directory /usr/local/tomcat/work/Standalone/localhost/admin
> 2003-05-01 12:09:25 WebappLoader[/admin]: Deploy class files
> /WEB-INF/classes to
> /usr/local/tomcat/webapps/../server/webapps/admin/WEB-INF/classes
> 2003-05-01 12:09:25 WebappLoader[/admin]: Deploy JAR
> /WEB-INF/lib/struts.jar to
> /usr/local/tomcat/webapps/../server/webapps/admin/WEB-INF/lib/struts.jar
>
> 2003-05-01 12:09:27 ContextConfig[/admin]: Configured an authenticator
> for method FORM
> 2003-05-01 12:09:27 StandardManager[/admin]: Seeding random number
> generator class java.security.SecureRandom
> 2003-05-01 12:09:27 StandardManager[/admin]: Seeding of random number
> generator has been completed
> 2003-05-01 12:09:27 StandardWrapper[/admin:default]: Loading container
> servlet default
> 2003-05-01 12:09:40 StandardWrapper[/admin:invoker]: Loading container
> servlet invoker
> 2003-05-01 13:04:14 StandardContext[/admin]: Starting
> 2003-05-01 13:04:14 StandardContext[/admin]: Processing start(), current
> available=false
> 2003-05-01 13:04:14 StandardContext[/admin]: Configuring default
> Resources
> 2003-05-01 13:04:14 StandardContext[/admin]: Configuring privileged
> default Loader
> 2003-05-01 13:04:14 StandardContext[/admin]: Configuring default Manager
>
> 2003-05-01 13:04:14 StandardContext[/admin]: Processing standard
> container startup
> 2003-05-01 13:04:14 WebappLoader[/admin]: Deploying class repositories
> to work directory /usr/local/tomcat/work/Standalone/localhost/admin
> 2003-05-01 13:04:14 WebappLoader[/admin]: Deploy class files
> /WEB-INF/classes to
> /usr/local/tomcat/webapps/../server/webapps/admin/WEB-INF/classes
> 2003-05-01 13:04:14 WebappLoader[/admin]: Deploy JAR
> /WEB-INF/lib/struts.jar to
> /usr/local/tomcat/webapps/../server/webapps/admin/WEB-INF/lib/struts.jar
>
> 2003-05-01 13:04:14 ContextConfig[/admin]: ContextConfig: Processing
> START
> 2003-05-01 13:04:14 StandardContext[/admin]: Setting deployment
> descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application
> 2.3//EN'
> 2003-05-01 13:04:14 StandardContext[/admin]: Setting deployment
> descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application
> 2.3//EN'
> 2003-05-01 13:04:14 ContextConfig[/admin]:  Accumulating TLD resource
> paths
> 2003-05-01 13:04:14 ContextConfig[/admin]:   Scanning <taglib> elements
> in web.xml
> 2003-05-01 13:04:14 ContextConfig[/admin]:    Adding path
> '/WEB-INF/struts-logic.tld' for URI '/WEB-INF/struts-logic.tld'
> 2003-05-01 13:04:14 ContextConfig[/admin]:    Adding path
> '/WEB-INF/struts-html.tld' for URI '/WEB-INF/struts-html.tld'
> 2003-05-01 13:04:14 ContextConfig[/admin]:    Adding path
> '/WEB-INF/struts-bean.tld' for URI '/WEB-INF/struts-bean.tld'
> 2003-05-01 13:04:14 ContextConfig[/admin]:   Scanning TLDs in /WEB-INF
> subdirectory
> 2003-05-01 13:04:15 ContextConfig[/admin]:    Adding path
> '/WEB-INF/controls.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:    Adding path
> '/WEB-INF/struts-bean.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:    Adding path
> '/WEB-INF/struts-html.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:    Adding path
> '/WEB-INF/struts-logic.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Scanning JARs in
> /WEB-INF/lib subdirectory
> 2003-05-01 13:04:15 ContextConfig[/admin]:    Adding path
> '/WEB-INF/lib/struts.jar'
> 2003-05-01 13:04:15 ContextConfig[/admin]:  Scanning TLD at resource
> path '/WEB-INF/struts-logic.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:  Scanning TLD at resource
> path '/WEB-INF/controls.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:  Scanning JAR at resource
> path '/WEB-INF/lib/struts.jar'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Processing TLD at
> 'META-INF/tlds/struts-html.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Processing TLD at
> 'META-INF/tlds/struts-template.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Processing TLD at
> 'META-INF/tlds/struts-bean.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Processing TLD at
> 'META-INF/tlds/struts-logic.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Processing TLD at
> 'META-INF/tlds/struts-form.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:   Processing TLD at
> 'META-INF/taglib.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:  Scanning TLD at resource
> path '/WEB-INF/struts-bean.tld'
> 2003-05-01 13:04:15 ContextConfig[/admin]:  Scanning TLD at resource
> path '/WEB-INF/struts-html.tld'
> 2003-05-01 13:04:16 Authenticator[/admin]: No SingleSignOn Valve is
> present
> 2003-05-01 13:04:16 ContextConfig[/admin]: Configured an authenticator
> for method FORM
> 2003-05-01 13:04:16 ContextConfig[/admin]: Pipline Configuration:
> 2003-05-01 13:04:16 ContextConfig[/admin]:
> org.apache.catalina.authenticator.FormAuthenticator/1.0
> 2003-05-01 13:04:16 ContextConfig[/admin]:
> org.apache.catalina.core.StandardContextValve/1.0
> 2003-05-01 13:04:16 ContextConfig[/admin]: ======================
> 2003-05-01 13:04:16 NamingContextListener[/Standalone/localhost/admin]:
> Creating JNDI naming context
> 2003-05-01 13:04:16
> NamingContextListener[/Standalone/localhost/admin]:   Resource
> parameters for UserTransaction = null
> 2003-05-01 13:04:16 StandardManager[/admin]: Seeding random number
> generator class java.security.SecureRandom
> 2003-05-01 13:04:16 StandardManager[/admin]: Seeding of random number
> generator has been completed
> 2003-05-01 13:04:16 StandardContext[/admin]: Posting standard context
> attributes
> 2003-05-01 13:04:16 StandardContext[/admin]: Configuring application
> event listeners
> 2003-05-01 13:04:16 StandardContext[/admin]: Sending application start
> events
> 2003-05-01 13:04:16 StandardContext[/admin]: Starting filters
> 2003-05-01 13:04:16 StandardWrapper[/admin:default]: Loading container
> servlet default
> 2003-05-01 13:04:34 StandardWrapper[/admin:invoker]: Loading container
> servlet invoker
> 2003-05-01 13:04:34 StandardContext[/admin]: Starting completed
> 2003-05-01 13:04:56 Authenticator[/admin]: Security checking request GET
> /admin/
> 2003-05-01 13:04:56 Authenticator[/admin]:   Checking constraint
> 'SecurityConstraint[Protected Area]' against GET / --> false
> 2003-05-01 13:04:56 Authenticator[/admin]:   No applicable constraint
> located
> 2003-05-01 13:04:56 Authenticator[/admin]:  Not subject to any
> constraint
> 2003-05-01 13:04:56 StandardContext[/admin]: Mapping
> contextPath='/admin' with requestURI='/admin/' and relativeURI='/'
> 2003-05-01 13:04:56 StandardContext[/admin]:   Trying exact match
> 2003-05-01 13:04:56 StandardContext[/admin]:   Trying prefix match
> 2003-05-01 13:04:56 StandardContext[/admin]:   Trying extension match
> 2003-05-01 13:04:56 StandardContext[/admin]:   Trying default match
> 2003-05-01 13:04:56 StandardContext[/admin]:  Mapped to servlet
> 'default' with servlet path '/' and path info 'null' and update=true
> 2003-05-01 13:04:56 Authenticator[/admin]: Security checking request GET
> /admin/index.jsp
> 2003-05-01 13:04:56 Authenticator[/admin]:   Checking constraint
> 'SecurityConstraint[Protected Area]' against GET /index.jsp --> true
>
> ************************
>
> 2003-05-01 13:04:56 Authenticator[/admin]:  Subject to constraint
> SecurityConstraint[Protected Area]
> 2003-05-01 13:04:56 Authenticator[/admin]:  Calling checkUserData()
> 2003-05-01 13:04:56 Authenticator[/admin]:   User data constraint has no
> restrictions
> 2003-05-01 13:04:56 Authenticator[/admin]:  Calling authenticate()
> 2003-05-01 13:04:56 Authenticator[/admin]: Save request in session
> '580F1D722AF1810120356942BC17D43E'
> 2003-05-01 13:04:56 Authenticator[/admin]: Redirect to login page
> '/admin/login.jsp'
> 2003-05-01 13:04:56 Authenticator[/admin]:  Failed authenticate() test
> 2003-05-01 13:04:56 Authenticator[/admin]: Security checking request GET
> /admin/login.jsp
> 2003-05-01 13:04:56 Authenticator[/admin]:   Checking constraint
> 'SecurityConstraint[Protected Area]' against GET /login.jsp --> true
> 2003-05-01 13:04:57 Authenticator[/admin]:  Subject to constraint
> SecurityConstraint[Protected Area]
> 2003-05-01 13:04:57 Authenticator[/admin]:  Calling checkUserData()
> 2003-05-01 13:04:57 Authenticator[/admin]:   User data constraint has no
> restrictions
> 2003-05-01 13:04:57 Authenticator[/admin]:  Calling authenticate()
> 2003-05-01 13:04:57 Authenticator[/admin]: Requesting login page
> normally
> 2003-05-01 13:04:57 Authenticator[/admin]:  Calling accessControl()
> 2003-05-01 13:04:57 Authenticator[/admin]:  Allow access to login page
> /admin/login.jsp
> 2003-05-01 13:04:57 Authenticator[/admin]:  Successfully passed all
> security constraints
> 2003-05-01 13:04:57 StandardContext[/admin]: Mapping
> contextPath='/admin' with requestURI='/admin/login.jsp' and
> relativeURI='/login.jsp'
> 2003-05-01 13:04:57 StandardContext[/admin]:   Trying exact match
> 2003-05-01 13:04:57 StandardContext[/admin]:   Trying prefix match
> 2003-05-01 13:04:57 StandardContext[/admin]:   Trying extension match
> 2003-05-01 13:04:57 StandardContext[/admin]:  Mapped to servlet 'jsp'
> with servlet path '/login.jsp' and path info 'null' and update=true
> 2003-05-01 13:05:15 Authenticator[/admin]: Security checking request
> POST /admin/j_security_check
> 2003-05-01 13:05:15 Authenticator[/admin]: Authenticating username
> 'bill'
> 2003-05-01 13:05:15 Authenticator[/admin]: Authentication of 'bill' was
> successful
> 2003-05-01 13:05:15 Authenticator[/admin]: Redirecting to original
> '/admin/index.jsp'
> 2003-05-01 13:05:15 Authenticator[/admin]:  Failed authenticate() test
> 2003-05-01 13:05:15 Authenticator[/admin]: Security checking request GET
> /admin/index.jsp
> 2003-05-01 13:05:15 Authenticator[/admin]:   Checking constraint
> 'SecurityConstraint[Protected Area]' against GET /index.jsp --> true
> 2003-05-01 13:05:15 Authenticator[/admin]:  Subject to constraint
> SecurityConstraint[Protected Area]
> 2003-05-01 13:05:15 Authenticator[/admin]:  Calling checkUserData()
> 2003-05-01 13:05:15 Authenticator[/admin]:   User data constraint has no
> restrictions
> 2003-05-01 13:05:15 Authenticator[/admin]:  Calling authenticate()
> 2003-05-01 13:05:15 Authenticator[/admin]: Restore request from session
> '580F1D722AF1810120356942BC17D43E'
> 2003-05-01 13:05:15 Authenticator[/admin]: Authenticated 'bill' with
> type 'FORM'
> 2003-05-01 13:05:15 Authenticator[/admin]: Proceed to restored request
> 2003-05-01 13:05:15 Authenticator[/admin]:  Calling accessControl()
> 2003-05-01 13:05:15 Authenticator[/admin]:  Failed accessControl() test
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> This electronic transmission is strictly confidential to Smith & Nephew and
> intended solely for the addressee.  It may contain information which is
> covered by legal, professional or other privilege.  If you are not the
> intended addressee, or someone authorized by the intended addressee to
> receive transmissions on behalf of the addressee, you must not retain,
> disclose in any form, copy or take any action in reliance on this
> transmission.  If you have received this transmission in error, please
> notify the sender as soon as possible and destroy this message.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message