Return-Path: 
 <users-return-206246-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 5971 invoked from network); 18 Dec 2009 12:44:39 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 18 Dec 2009 12:44:39 -0000
Received: (qmail 89584 invoked by uid 500); 18 Dec 2009 12:44:35 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 89493 invoked by uid 500); 18 Dec 2009 12:44:34 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 89482 invoked by uid 99); 18 Dec 2009 12:44:34 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Dec 2009 12:44:34 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates
 216.139.236.158 as permitted sender)
Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Dec 2009 12:44:25 +0000
Received: from isper.nabble.com ([192.168.236.156])
	by kuber.nabble.com with esmtp (Exim 4.63)
	(envelope-from <lists@nabble.com>)
	id 1NLcBg-0008Rn-Dj
	for users@tomcat.apache.org; Fri, 18 Dec 2009 04:44:04 -0800
Message-ID: <26842846.post@talk.nabble.com>
Date: Fri, 18 Dec 2009 04:44:04 -0800 (PST)
From: vramanaj <vramanaj@gmail.com>
To: users@tomcat.apache.org
Subject: Re: How to access JNDI resources on Tomcat level
In-Reply-To: <4B27934F.5020706@pidster.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-From: vramanaj@gmail.com
References: <48DBB24A.8050405@ceti.pl> <48DCF5B5.4010806@ceti.pl>
 <48DD15BD.6020202@christopherschultz.net> <48DD5D66.2040304@ceti.pl>
 <26574958.post@talk.nabble.com> <4B14FBBC.4070106@ceti.pl>
 <26590277.post@talk.nabble.com> <4B150088.4040307@ceti.pl>
 <26590651.post@talk.nabble.com> <26591040.post@talk.nabble.com>
 <4B150FD9.90806@pidster.com> <26591302.post@talk.nabble.com>
 <26592407.post@talk.nabble.com> <26777280.post@talk.nabble.com>
 <4B263AA9.5020000@pidster.com> <26793293.post@talk.nabble.com>
 <4B27829B.5050300@pidster.com> <26794176.post@talk.nabble.com>
 <4B27934F.5020706@pidster.com>
X-Virus-Checked: Checked by ClamAV on apache.org


Can we have the below 2 security constraints in web.xml ? auth-methods are
different for the both. In our existing application we have 2nd
security-constraint/login-config is existing. As part of Josso
configuration, we need have the configuration like 1st one. Can we club both
of them with out disturbing the existing one ?

1. 
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Technical Website</web-resource-name>
         <url-pattern>/technical/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>manager</role-name>
      </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>DIGEST</auth-method>
      <realm-name>@APPNAME@ WebUI</realm-name>
   </login-config>

2.
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>Single SignOn</web-resource-name>
         <url-pattern>/sso</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>sso_role</role-name>
      </auth-constraint>
   </security-constraint>
   <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Make-To-Order WebUI</realm-name>
        <form-login-config>
            <form-login-page>/login-redirect.jsp</form-login-page>
            <form-error-page>/login-redirect.jsp</form-error-page>
        </form-login-config>
   </login-config>
******************************************************************************

Pid Ster wrote:
> 
> On 15/12/2009 12:44, vramanaj wrote:
>>
>> Yes, I did. I have followed those configuration steps for other
>> applications
>> earlier.
>> Are there any other configurations required to store the cookies in IE
>> browser, if the application is ssl enabled ?
> 
> No, Tomcat doesn't need to do anything special for IE.
> 
> 
> p
> 
>> Pid Ster wrote:
>>>
>>> On 15/12/2009 11:25, vramanaj wrote:
>>>>
>>>> The problem is https. For rememberMe in Josso, the site should be in
>>>> ssl.
>>>> I
>>>> configured ssl in tomcat. Now i am getting the following error. I have
>>>> installed the cert. in IE. Please help me if there are tomcat settings
>>>> required for ssl.
>>>
>>> If the problem is setting up HTTPS, have you completed the steps
>>> included on the page below?
>>>
>>>    http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
>>>
>>>
>>> p
>>>
>>>
>>>> 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs
>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>> 	at
>>>> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>>>> 	at
>>>> org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
>>>> 	at
>>>> org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
>>>> 	at
>>>> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012)
>>>> 	at org.apache.coyote.Request.action(Request.java:352)
>>>> 	at
>>>> org.apache.catalina.connector.Request.getAttribute(Request.java:896)
>>>> 	at
>>>> org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263)
>>>> 	at
>>>> org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67)
>>>> 	at
>>>> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
>>>> 	at
>>>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
>>>> 	at
>>>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
>>>> 	at
>>>> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
>>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> 	at
>>>> org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>> 	at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> 	at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>> 	at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>>> 	at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>> 	at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>> 	at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275)
>>>> 	at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>> 	at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>> 	at
>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>> 	at
>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>> 	at
>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>> 	at java.lang.Thread.run(Thread.java:619)
>>>> 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie:
>>>> JOSSO_REMEMBERME_josso
>>>> 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found!
>>>>
>>>>
>>>>
>>>>
>>>> Pid Ster wrote:
>>>>>
>>>>> On 14/12/2009 12:55, vramanaj wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am through with the Josso configuration. Could be able to see the
>>>>>> sso
>>>>>> logon page, redirecting the authenticated username to the partner
>>>>>> application. Facing problem with rememberMe option. Second time when
>>>>>> i
>>>>>> try
>>>>>> to logon to the application, logon page is showing up again. I set
>>>>>> 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read
>>>>>> that
>>>>>> we
>>>>>> need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso is
>>>>>> getting created. Still are there any configurations we need to do in
>>>>>> tomcat
>>>>>> ?
>>>>>
>>>>> No idea, but it sounds like a JOSSO problem.
>>>>> Maybe that community can assist.
>>>>>
>>>>>
>>>>> p
>>>>>
>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>>
>>>>>> vramanaj wrote:
>>>>>>>
>>>>>>> Resolved AuthenticationFailureException issue. This is coming
>>>>>>> because
>>>>>>> i
>>>>>>> have used basic-authentication scheme. If basic-authentication
>>>>>>> scheme
>>>>>>> used, we need remove hasAlgorithm and hasEnconding properties in
>>>>>>> josso-gateway-auth.xml file.
>>>>>>>
>>>>>>> Now Josso session id is getting created. But getting the below error
>>>>>>> while
>>>>>>> trying to access the application:
>>>>>>>
>>>>>>> java.lang.RuntimeException: Outbound relaying failed. No Principal
>>>>>>> found.
>>>>>>> Verify your SSO Agent Configuration!
>>>>>>> 	org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502)
>>>>>>>
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>
>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>>>>>
>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>
>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>> 	java.lang.Thread.run(Thread.java:619)
>>>>>>>
>>>>>>> Tomcat log shows:
>>>>>>>
>>>>>>> Dec 1, 2009 8:51:55 AM
>>>>>>> org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler
>>>>>>> handle
>>>>>>> INFO: Tue Dec 01 08:51:55 EST 2009 - sso-session - info - vjosyula -
>>>>>>> createSession=success -
>>>>>>> ssoSessionId=EF9E9AFEDD935C7366BCA259DCC85577
>>>>>>> Dec 1, 2009 8:51:55 AM
>>>>>>> org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler
>>>>>>> handle
>>>>>>> INFO: Tue Dec 01 08:51:55 EST 2009 - sso-user - info - vjosyula -
>>>>>>> authenticationSuccess=success -
>>>>>>> authScheme=basic-authentication,ssoSessionId=E
>>>>>>> F9E9AFEDD935C7366BCA259DCC85577
>>>>>>> Dec 1, 2009 8:51:56 AM org.apache.catalina.realm.JAASRealm
>>>>>>> authenticate
>>>>>>> WARNING: Login exception authenticating username "null"
>>>>>>> javax.security.auth.login.LoginException: Login Failure: all modules
>>>>>>> ignored
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>>>>>>            at java.security.AccessController.doPrivileged(Native
>>>>>>> Method)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>>>>>>            at
>>>>>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>>>>>>            at
>>>>>>> org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:363)
>>>>>>>            at
>>>>>>> org.josso.tc60.agent.CatalinaSSOAgent.authenticate(CatalinaSSOAgent.java:95)
>>>>>>>            at
>>>>>>> org.josso.agent.AbstractSSOAgent.processRequest(AbstractSSOAgent.java:335)
>>>>>>>            at
>>>>>>> org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:496)
>>>>>>>            at
>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>>            at
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>            at
>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>>>>>            at
>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>            at
>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>>            at java.lang.Thread.run(Thread.java:619)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> vramanaj wrote:
>>>>>>>>
>>>>>>>> User name and password are correct only.
>>>>>>>>
>>>>>>>>
>>>>>>>> Pid Ster wrote:
>>>>>>>>>
>>>>>>>>> On 01/12/2009 12:37, vramanaj wrote:
>>>>>>>>>>
>>>>>>>>>> I have passed through this DataSource look up problem. I altered
>>>>>>>>>> context.xml/web.xml of josso webapp. And also used short JNDI
>>>>>>>>>> names
>>>>>>>>>> at
>>>>>>>>>> tomcat/web.xml/context.xml level (e.g. jdbc/DefaultDS), and full
>>>>>>>>>> JNDI
>>>>>>>>>> name
>>>>>>>>>> at Josso configuration level (e.g.
>>>>>>>>>> java:comp/env/jdbc/DefaultDS).
>>>>>>>>>>
>>>>>>>>>> Now when i try to access the application, getting the error
>>>>>>>>>> Invalid
>>>>>>>>>> Authentication Information.
>>>>>>>>>>
>>>>>>>>>> Tomcat log shows as:
>>>>>>>>>> INFO: Tue Dec 01 07:31:45 EST 2009 - sso-user - info - vjosyula -
>>>>>>>>>> authenticationFailed=failure -
>>>>>>>>>> remoteHost=10.104.9.33,authScheme=basic-authent
>>>>>>>>>> ication -
>>>>>>>>>> ERROR:vjosyula:org.josso.auth.exceptions.AuthenticationFailureException
>>>>>>>>>
>>>>>>>>> I guess the user or password information is wrong then.
>>>>>>>>> This would be a JOSSO problem, presumably...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> p
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----------------------------------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> vramanaj wrote:
>>>>>>>>>>>
>>>>>>>>>>> Added context.xml in META-INF directory. And also added
>>>>>>>>>>> resurce-ref
>>>>>>>>>>> in
>>>>>>>>>>> josso webapp. Still getting the same error.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Mikolaj Rydzewski-2 wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> vramanaj wrote:
>>>>>>>>>>>>> I have used jdbc/DefaultDS. Added ResourceLink to
>>>>>>>>>>>>> Catalina/localhost/webapp.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <Context path="/partnerapp"
>>>>>>>>>>>>> docBase="/usr2/tomcat/sso/apache-tomcat-6.0.18-sso/webapps/partnerapp"
>>>>>>>>>>>>>              debug="99" reloadable="true"
>>>>>>>>>>>>> antiJARLocking="true"
>>>>>>>>>>>>> antiResourceLocking="false" crossContext="true">
>>>>>>>>>>>>> <ResourceLink global="jdbc/DefaultDS" name="jdbc/DefaultDS"
>>>>>>>>>>>>> type="javax.sql.DataSource"/>
>>>>>>>>>>>>> </Context>
>>>>>>>>>>>>>
>>>>>>>>>>>>> And also added resource-ref to WEB-INF/web.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>> Stacktraces you have posted originate from josso webapp, not
>>>>>>>>>>>> from
>>>>>>>>>>>> test
>>>>>>>>>>>> app. You need to alter context.xml / web.xml of josso webapp.
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Mikolaj Rydzewski<miki@ceti.pl>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/How-to-access-JNDI-resources-on-Tomcat-level-tp19672443p26842846.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org