tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From exkor <exkor5...@gmail.com>
Subject Re: URL is "null" and HTTP 404 error when using FROM authentication
Date Sat, 14 Jun 2008 00:08:30 GMT
Ok i decided to dump this hell and start fresh.
So here I am with stock configurations, it is Tomcat 6.0 + MySQL 5.0.

I login to manager app using MemoryRealm and everything is fine.
I change the global settings in server.xml to use mysql driver and
boom can't login to manager anymore.... So i guess the problem is
somewhere between tomcat and mysql.

MySQL logs indicate the the connector has connected to the database
and quering the right table + fields:
080613 19:40:29	     96 Connect     root@localhost on
		     96 Query       select @@version_comment limit 1
080613 19:40:37	     96 Quit
		     97 Connect     root@localhost on hamula
080613 19:40:53	     97 Query       select uid, password, role from users
080613 19:41:05	     94 Query       SELECT password FROM users WHERE
uid = 'asi@hamula.org'
		     94 Query       commit
080613 19:41:07	     94 Query       SELECT password FROM users WHERE
uid = 'test'
		     94 Query       commit
080613 19:43:17	     94 Query       SELECT password FROM users WHERE
uid = 'test'
		     94 Query       commit
080613 19:44:30	     94 Query       SELECT password FROM users WHERE
uid = 'test'
		     94 Query       commit
080613 19:44:34	     94 Query       SELECT password FROM users WHERE
uid = 'test'
		     94 Query       commit
080613 19:46:12	     94 Query       SELECT password FROM users WHERE
uid = 'test'
		     94 Query       commit

So, clearly seen the connector established a session under root and
the history of all it's queries is from there on.

My server.xml is stock except for the Real part, so here is what I have:

      <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
      	driverName="org.gjt.mm.mysql.Driver"
        connectionURL="jdbc:mysql://localhost/hamula?user=root&amp;password=skywalker"
        digest="MD5"
        userTable="users"
        userNameCol="uid"
        userCredCol="password"
        userRoleTable="users"
        roleNameCol="role"/>

Which is located inside of the <Engine> tag.
My databe looks as follows:
mysql> select uid, password, role from users;
+------------------------+-----------------------------------------------------+---------------+
| uid                     | password
     | role         |
+------------------------+-----------------------------------------------------+---------------+
| asi@hamula.org | test
 | admin      |
| test                   | 033bd94b1168d7e4f0d644c3c95e35bf | manager  |
+------------------------+------------------------------------------------------+---------------+
2 rows in set (0.00 sec)



What's wrong here??
How can I get more details on why and what part of the authentication
is failing??


Thanks
-Assaf

On Fri, Jun 13, 2008 at 4:26 PM, exkor <exkor5000@gmail.com> wrote:
> Hi Thanks for the feedback Chuck.
> I've done the changes you've suggested and I still experience the same problem.
> The after I login I am brought back to the login page. Basiclly this
> indicated that the login failed, since my error and login pages are
> the same -> index.jsp. I get the following in the access log:
> 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] "GET /hamula/ HTTP/1.1" 200
> 2250 "http://127.0.0.1:8080/manager/html/start?path=/hamula"
> "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14)
> Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] "POST
> /hamula/j_security_check HTTP/1.1" 200 2250
> "http://127.0.0.1:8080/hamula/" "Mozilla/5.0 (Windows; U; Windows NT
> 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] "POST
> /hamula/j_security_check HTTP/1.1" 200 2250
> "http://127.0.0.1:8080/hamula/j_security_check" "Mozilla/5.0 (Windows;
> U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404
> Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] "GET /hamula/home.jsp
> HTTP/1.1" 200 2250 "null" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
> en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] "POST
> /hamula/j_security_check HTTP/1.1" 200 2250
> "http://127.0.0.1:8080/hamula/home.jsp" "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
> 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] "GET
> /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
> "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U;
> Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
>
> The kubrik.jpg was actually removed so I can understand tomcat
> compaining with error 404 about it.
>
> this is what I currently have:
>
> myapps/WEB-INF/web.xml:
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
> <web-app>
>    <display-name>Hamula</display-name>
>    <distributable/>
>
>    <welcome-file-list>
>        <welcome-file>
>                  home.jsp
>        </welcome-file>
>    </welcome-file-list>
>
>
>    <resource-ref>
>        <description>DB Connection</description>
>        <res-ref-name>jdbc/hamula</res-ref-name>
>        <res-type>javax.sql.DataSource</res-type>
>        <res-auth>Container</res-auth>
>    </resource-ref>
>
>    <security-constraint>
>        <web-resource-collection>
>            <web-resource-name>Hamula</web-resource-name>
>            <description>Pages accessible by registered users</description>
>
>            <!-- PAGES ACCESIBLE ONLY BY REGISTERED USERS SHOULD BE
> ADDED HERE -->
>            <url-pattern>/home.jsp</url-pattern>
>            <url-pattern>/events.jsp</url-pattern>
>            <url-pattern>/profile.jsp</url-pattern>
>            <url-pattern>/community.jsp</url-pattern>
>            <!--
>            THIS IS AN EXAMPLE OF A PATTERN TO MATCH MANY PAGES
>            <url-pattern>/protected/*.jsp</url-pattern>
>       -->
>            <!--
> ============================================================= -->
>
>
>            <http-method>DELETE</http-method>
>            <http-method>GET</http-method>
>            <http-method>POST</http-method>
>            <http-method>PUT</http-method>
>        </web-resource-collection>
>        <auth-constraint>
>            <role-name>admin</role-name>
>            <role-name>manager</role-name>
>        </auth-constraint>
>    </security-constraint>
>
>    <login-config>
>        <auth-method>FORM</auth-method>
>        <form-login-config>
>            <form-login-page>/index.jsp</form-login-page>
>            <form-error-page>/index.jsp</form-error-page>
>        </form-login-config>
>    </login-config>
>
>    <security-role>
>        <description>
>            The role that is required to access registered user functions and
>            pages
>        </description>
>        <role-name>admin</role-name>
>        <role-name>manager</role-name>
>    </security-role>
> </web-app>
>
> myapp/META-INF/context.xml:
> <?xml version="1.0" encoding="UTF-8"?>
> <Context reloadable="true" crossContext="true" debug="99">
>
>    <Realm className="org.apache.catalina.realm.MemoryRealm"/>
>
> </Context>
>
> $CATALINA_HOME/conf/server.xml:
> <?xml version='1.0' encoding='utf-8'?>
> <!--
>  Licensed to the Apache Software Foundation (ASF) under one or more
>  contributor license agreements.  See the NOTICE file distributed with
>  this work for additional information regarding copyright ownership.
>  The ASF licenses this file to You under the Apache License, Version 2.0
>  (the "License"); you may not use this file except in compliance with
>  the License.  You may obtain a copy of the License at
>
>      http://www.apache.org/licenses/LICENSE-2.0
>
>  Unless required by applicable law or agreed to in writing, software
>  distributed under the License is distributed on an "AS IS" BASIS,
>  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>  See the License for the specific language governing permissions and
>  limitations under the License.
> -->
> <!-- Note:  A "Server" is not itself a "Container", so you may not
>     define subcomponents such as "Valves" at this level.
>     Documentation at /docs/config/server.html
>  -->
> <Server port="8005" shutdown="SHUTDOWN">
>
>  <!--APR library loader. Documentation at /docs/apr.html -->
>  <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>  <!--Initialize Jasper prior to webapps are loaded. Documentation at
> /docs/jasper-howto.html -->
>  <Listener className="org.apache.catalina.core.JasperListener" />
>  <!-- JMX Support for the Tomcat server. Documentation at
> /docs/non-existent.html -->
>  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
>  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
>
>  <!-- Global JNDI resources
>       Documentation at /docs/jndi-resources-howto.html
>  -->
>  <GlobalNamingResources>
>    <!-- Editable user database that can also be used by
>         UserDatabaseRealm to authenticate users
>    -->
>    <Resource name="UserDatabase" auth="Container"
>              type="org.apache.catalina.UserDatabase"
>              description="User database that can be updated and saved"
>              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>              pathname="conf/tomcat-users.xml" />
>  </GlobalNamingResources>
>
>  <!-- A "Service" is a collection of one or more "Connectors" that share
>       a single "Container" Note:  A "Service" is not itself a "Container",
>       so you may not define subcomponents such as "Valves" at this level.
>       Documentation at /docs/config/service.html
>   -->
>  <Service name="Catalina">
>
>    <!--The connectors can use a shared executor, you can define one
> or more named thread pools-->
>    <!--
>    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>        maxThreads="150" minSpareThreads="4"/>
>    -->
>
>
>    <!-- A "Connector" represents an endpoint by which requests are received
>         and responses are returned. Documentation at :
>         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
>         Java AJP  Connector: /docs/config/ajp.html
>         APR (HTTP/AJP) Connector: /docs/apr.html
>         Define a non-SSL HTTP/1.1 Connector on port 8080
>    -->
>    <Connector port="8080" protocol="HTTP/1.1"
>               connectionTimeout="20000"
>               redirectPort="8443" />
>    <!-- A "Connector" using the shared thread pool-->
>    <!--
>    <Connector executor="tomcatThreadPool"
>               port="8080" protocol="HTTP/1.1"
>               connectionTimeout="20000"
>               redirectPort="8443" />
>    -->
>    <!-- Define a SSL HTTP/1.1 Connector on port 8443
>         This connector uses the JSSE configuration, when using APR, the
>         connector should be using the OpenSSL style configuration
>         described in the APR documentation -->
>    <!--
>    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>               maxThreads="150" scheme="https" secure="true"
>               clientAuth="false" sslProtocol="TLS" />
>    -->
>
>    <!-- Define an AJP 1.3 Connector on port 8009 -->
>    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
>    <!-- An Engine represents the entry point (within Catalina) that processes
>         every request.  The Engine implementation for Tomcat stand alone
>         analyzes the HTTP headers included with the request, and passes them
>         on to the appropriate Host (virtual host).
>         Documentation at /docs/config/engine.html -->
>
>    <!-- You should set jvmRoute to support load-balancing via AJP ie :
>    <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
>    -->
>    <Engine name="Catalina" defaultHost="localhost">
>
>      <!--For clustering, please take a look at documentation at:
>          /docs/cluster-howto.html  (simple how to)
>          /docs/config/cluster.html (reference documentation) -->
>      <!--
>      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>      -->
>
>      <!-- The request dumper valve dumps useful debugging information about
>           the request and response data received and sent by Tomcat.
>           Documentation at: /docs/config/valve.html -->
>      <!--
>      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
>      -->
>
>      <!-- This Realm uses the UserDatabase configured in the global JNDI
>           resources under the key "UserDatabase".  Any edits
>           that are performed against this UserDatabase are immediately
>           available for use by the Realm.
>      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>             resourceName="UserDatabase"/>
>
>
>
>      <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
>        driverName="org.gjt.mm.mysql.Driver"
>        connectionURL="jdbc:mysql://localhost/hamula?user=root&amp;password=skywalker"
>        digest="MD5"
>        userTable="users"
>        userNameCol="uid"
>        userCredCol="password"
>        userRoleTable="users"
>        roleNameCol="role"/> -->
>
>       <Realm className="org.apache.catalina.realm.MemoryRealm"
>        resourceName="UserDatabase" />
>
>
>
>      <!-- Define the default virtual host
>           Note: XML Schema validation will not work with Xerces 2.2.
>       -->
>      <Host name="localhost"  appBase="webapps"
>            unpackWARs="true" autoDeploy="true"
>            xmlValidation="false" xmlNamespaceAware="false">
>
>        <!-- SingleSignOn valve, share authentication between web applications
>             Documentation at: /docs/config/valve.html -->
>        <!--
>        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
>        -->
>
>        <!-- Access log processes all example.
>             Documentation at: /docs/config/valve.html -->
>
>        <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>               prefix="localhost_access_log." suffix=".txt"
> pattern="combined" resolveHosts="false"/>
>
>
>      </Host>
>    </Engine>
>  </Service>
> </Server>
>
>
> On Fri, Jun 13, 2008 at 1:32 AM, Caldarale, Charles R
> <Chuck.Caldarale@unisys.com> wrote:
>>> From: exkor [mailto:exkor5000@gmail.com]
>>> Subject: URL is "null" and HTTP 404 error when using FROM
>>> authentication
>>
>> You have some weirdness in your web.xml and context.xml that should be straightened
out before attempting any further analysis.
>>
>>>    <servlet>
>>>        <servlet-name></servlet-name>
>>>        <display-name></display-name>
>>>        <servlet-class></servlet-class>
>>>        <load-on-startup>0</load-on-startup>
>>>    </servlet>
>>
>> I have no idea what should be done with an empty <servlet> declaration, and
it's possible Tomcat doesn't either; get rid of it.
>>
>>>        <auth-constraint>
>>>            <role-name>admin</role-name>
>>>            <role-name>manager</role-name>
>>>        </auth-constraint>
>> ...
>>>    <security-role>
>>>        <role-name>admin</role-name>
>>>    </security-role>
>>
>> Either you have an extra role listed in <auth-constraint>, or you're missing
one under <security-role>; get them in synch.
>>
>>> My context.xml:
>>
>> Where is your context.xml file?  It should be in your webapp's META-INF directory.
 If you've changed the global one in Tomcat's conf directory, put it back the way it was and
put your <Context> element in the proper location.
>>
>>> <Context path="/hamula" reloadable="true" crossContext="true"
>>> debug="99">
>>
>> The path attribute is not allowed in a <Context> element in context.xml; remove
it.
>>
>>>    <Logger className="org.apache.catalina.logger.FileLogger"
>>>             prefix="localhost_hamula_log." suffix=".txt"
>>>             timestamp="true"/>
>>
>> There is no <Logger> element in Tomcat 6; remove it.
>>
>>>    <Resource name="jdbc/hamula"
>>>              auth="Container"
>>>              type="javax.sql.DataSource"
>>>              driverClassName="com.mysql.jdbc.Driver"
>>> url="jdbc:mysql://localhost:3306/hamula?autoReconnect=true"/>
>>>              username="root"
>>>              password="skywalker"
>>>          digest="MD5"
>>>              logAbandoned="true"
>>>              removeAbandoned="true"
>>>              removeAbandonedTimeout="10"
>>>              maxActive="20"
>>>              maxIdle="10"
>>>              maxWait="-1"/>
>>
>> The above is obviously broken, since you have terminated the <Resource> element
twice.  Regardless, it seems odd for the <Realm> and the application <Resource>
to be using the exact same data base; is that what you really want?
>>
>>>    <Realm className="org.apache.catalina.realm.JDBCRealm"
>>
>> Change the <Realm> back to the MemoryRealm for testing with FORM login; once
you get that working, then move on to the JDBCRealm.  One step at a time.
>>
>> You say you have httpd 2.0 in the mix; don't use it for testing, go straight to Tomcat's
http port.  Only after that works should you introduce any further complications.
>>
>> All of the above may not to fix your problem, but it will remove some confusion from
your situation.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL
and is thus for use only by the intended recipient. If you received this in error, please
contact the sender and delete the e-mail and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message