tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vramanaj <vrama...@gmail.com>
Subject Re: How to access JNDI resources on Tomcat level
Date Fri, 18 Dec 2009 12:44:04 GMT

Can we have the below 2 security constraints in web.xml ? auth-methods are
different for the both. In our existing application we have 2nd
security-constraint/login-config is existing. As part of Josso
configuration, we need have the configuration like 1st one. Can we club both
of them with out disturbing the existing one ?

1. 
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Technical Website</web-resource-name>
         <url-pattern>/technical/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>manager</role-name>
      </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>DIGEST</auth-method>
      <realm-name>@APPNAME@ WebUI</realm-name>
   </login-config>

2.
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Single SignOn</web-resource-name>
         <url-pattern>/sso</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>sso_role</role-name>
      </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Make-To-Order WebUI</realm-name>
        <form-login-config>
            <form-login-page>/login-redirect.jsp</form-login-page>
            <form-error-page>/login-redirect.jsp</form-error-page>
        </form-login-config>
   </login-config>
******************************************************************************

Pid Ster wrote:
> 
> On 15/12/2009 12:44, vramanaj wrote:
>>
>> Yes, I did. I have followed those configuration steps for other
>> applications
>> earlier.
>> Are there any other configurations required to store the cookies in IE
>> browser, if the application is ssl enabled ?
> 
> No, Tomcat doesn't need to do anything special for IE.
> 
> 
> p
> 
>> Pid Ster wrote:
>>>
>>> On 15/12/2009 11:25, vramanaj wrote:
>>>>
>>>> The problem is https. For rememberMe in Josso, the site should be in
>>>> ssl.
>>>> I
>>>> configured ssl in tomcat. Now i am getting the following error. I have
>>>> installed the cert. in IE. Please help me if there are tomcat settings
>>>> required for ssl.
>>>
>>> If the problem is setting up HTTPS, have you completed the steps
>>> included on the page below?
>>>
>>>    http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
>>>
>>>
>>> p
>>>
>>>
>>>> 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs
>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>> 	at
>>>> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>>>> 	at
>>>> org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
>>>> 	at
>>>> org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
>>>> 	at
>>>> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012)
>>>> 	at org.apache.coyote.Request.action(Request.java:352)
>>>> 	at
>>>> org.apache.catalina.connector.Request.getAttribute(Request.java:896)
>>>> 	at
>>>> org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263)
>>>> 	at
>>>> org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67)
>>>> 	at
>>>> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
>>>> 	at
>>>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
>>>> 	at
>>>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
>>>> 	at
>>>> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
>>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> 	at
>>>> org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> 	at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>> 	at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>>> 	at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>> 	at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>> 	at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275)
>>>> 	at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>> 	at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>> 	at
>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>> 	at
>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>> 	at
>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>> 	at java.lang.Thread.run(Thread.java:619)
>>>> 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie:
>>>> JOSSO_REMEMBERME_josso
>>>> 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found!
>>>>
>>>>
>>>>
>>>>
>>>> Pid Ster wrote:
>>>>>
>>>>> On 14/12/2009 12:55, vramanaj wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am through with the Josso configuration. Could be able to see the
>>>>>> sso
>>>>>> logon page, redirecting the authenticated username to the partner
>>>>>> application. Facing problem with rememberMe option. Second time when
>>>>>> i
>>>>>> try
>>>>>> to logon to the application, logon page is showing up again. I set
>>>>>> 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read
>>>>>> that
>>>>>> we
>>>>>> need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso
is
>>>>>> getting created. Still are there any configurations we need to do
in
>>>>>> tomcat
>>>>>> ?
>>>>>
>>>>> No idea, but it sounds like a JOSSO problem.
>>>>> Maybe that community can assist.
>>>>>
>>>>>
>>>>> p
>>>>>
>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>>
>>>>>> vramanaj wrote:
>>>>>>>
>>>>>>> Resolved AuthenticationFailureException issue. This is coming
>>>>>>> because
>>>>>>> i
>>>>>>> have used basic-authentication scheme. If basic-authentication
>>>>>>> scheme
>>>>>>> used, we need remove hasAlgorithm and hasEnconding properties
in
>>>>>>> josso-gateway-auth.xml file.
>>>>>>>
>>>>>>> Now Josso session id is getting created. But getting the below
error
>>>>>>> while
>>>>>>> trying to access the application:
>>>>>>>
>>>>>>> java.lang.RuntimeException: Outbound relaying failed. No Principal
>>>>>>> found.
>>>>>>> Verify your SSO Agent Configuration!
>>>>>>> 	org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502)
>>>>>>>
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>
>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>>>>>
>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>
>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>> 	java.lang.Thread.run(Thread.java:619)
>>>>>>>
>>>>>>> Tomcat log shows:
>>>>>>>
>>>>>>> Dec 1, 2009 8:51:55 AM
>>>>>>> org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler
>>>>>>> handle
>>>>>>> INFO: Tue Dec 01 08:51:55 EST 2009 - sso-session - info - vjosyula
-
>>>>>>> createSession=success -
>>>>>>> ssoSessionId=EF9E9AFEDD935C7366BCA259DCC85577
>>>>>>> Dec 1, 2009 8:51:55 AM
>>>>>>> org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler
>>>>>>> handle
>>>>>>> INFO: Tue Dec 01 08:51:55 EST 2009 - sso-user - info - vjosyula
-
>>>>>>> authenticationSuccess=success -
>>>>>>> authScheme=basic-authentication,ssoSessionId=E
>>>>>>> F9E9AFEDD935C7366BCA259DCC85577
>>>>>>> Dec 1, 2009 8:51:56 AM org.apache.catalina.realm.JAASRealm
>>>>>>> authenticate
>>>>>>> WARNING: Login exception authenticating username "null"
>>>>>>> javax.security.auth.login.LoginException: Login Failure: all
modules
>>>>>>> ignored
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>>>>>>            at java.security.AccessController.doPrivileged(Native
>>>>>>> Method)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>>>>>>            at
>>>>>>> org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:363)
>>>>>>>            at
>>>>>>> org.josso.tc60.agent.CatalinaSSOAgent.authenticate(CatalinaSSOAgent.java:95)
>>>>>>>            at
>>>>>>> org.josso.agent.AbstractSSOAgent.processRequest(AbstractSSOAgent.java:335)
>>>>>>>            at
>>>>>>> org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:496)
>>>>>>>            at
>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>            at
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>            at
>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>>>>>            at
>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>            at
>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>            at java.lang.Thread.run(Thread.java:619)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> vramanaj wrote:
>>>>>>>>
>>>>>>>> User name and password are correct only.
>>>>>>>>
>>>>>>>>
>>>>>>>> Pid Ster wrote:
>>>>>>>>>
>>>>>>>>> On 01/12/2009 12:37, vramanaj wrote:
>>>>>>>>>>
>>>>>>>>>> I have passed through this DataSource look up problem.
I altered
>>>>>>>>>> context.xml/web.xml of josso webapp. And also used
short JNDI
>>>>>>>>>> names
>>>>>>>>>> at
>>>>>>>>>> tomcat/web.xml/context.xml level (e.g. jdbc/DefaultDS),
and full
>>>>>>>>>> JNDI
>>>>>>>>>> name
>>>>>>>>>> at Josso configuration level (e.g.
>>>>>>>>>> java:comp/env/jdbc/DefaultDS).
>>>>>>>>>>
>>>>>>>>>> Now when i try to access the application, getting
the error
>>>>>>>>>> Invalid
>>>>>>>>>> Authentication Information.
>>>>>>>>>>
>>>>>>>>>> Tomcat log shows as:
>>>>>>>>>> INFO: Tue Dec 01 07:31:45 EST 2009 - sso-user - info
- vjosyula -
>>>>>>>>>> authenticationFailed=failure -
>>>>>>>>>> remoteHost=10.104.9.33,authScheme=basic-authent
>>>>>>>>>> ication -
>>>>>>>>>> ERROR:vjosyula:org.josso.auth.exceptions.AuthenticationFailureException
>>>>>>>>>
>>>>>>>>> I guess the user or password information is wrong then.
>>>>>>>>> This would be a JOSSO problem, presumably...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> p
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----------------------------------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> vramanaj wrote:
>>>>>>>>>>>
>>>>>>>>>>> Added context.xml in META-INF directory. And
also added
>>>>>>>>>>> resurce-ref
>>>>>>>>>>> in
>>>>>>>>>>> josso webapp. Still getting the same error.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Mikolaj Rydzewski-2 wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> vramanaj wrote:
>>>>>>>>>>>>> I have used jdbc/DefaultDS. Added ResourceLink
to
>>>>>>>>>>>>> Catalina/localhost/webapp.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <Context path="/partnerapp"
>>>>>>>>>>>>> docBase="/usr2/tomcat/sso/apache-tomcat-6.0.18-sso/webapps/partnerapp"
>>>>>>>>>>>>>              debug="99" reloadable="true"
>>>>>>>>>>>>> antiJARLocking="true"
>>>>>>>>>>>>> antiResourceLocking="false" crossContext="true">
>>>>>>>>>>>>> <ResourceLink global="jdbc/DefaultDS"
name="jdbc/DefaultDS"
>>>>>>>>>>>>> type="javax.sql.DataSource"/>
>>>>>>>>>>>>> </Context>
>>>>>>>>>>>>>
>>>>>>>>>>>>> And also added resource-ref to WEB-INF/web.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>> Stacktraces you have posted originate from
josso webapp, not
>>>>>>>>>>>> from
>>>>>>>>>>>> test
>>>>>>>>>>>> app. You need to alter context.xml / web.xml
of josso webapp.
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Mikolaj Rydzewski<miki@ceti.pl>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-access-JNDI-resources-on-Tomcat-level-tp19672443p26842846.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message