Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (nike.apache.org: local policy)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Single Sign-On problems
Date: Mon, 16 Aug 2010 09:16:20 -0500
Message-ID: 
 <F720281423C33741A90241A13A4D3F8703EA9CBA@exchange2003.Advocacyinc.org>
In-Reply-To: <4C68EC0E.30701@ice-sa.com>
Thread-Topic: Single Sign-On problems
Thread-Index: Acs9FubbKWqOCKamSQqYFxY6S+w54AAMF65g
References: 
 <F720281423C33741A90241A13A4D3F8703EA9C50@exchange2003.Advocacyinc.org>
 <4C681991.3030105@ice-sa.com>
 <F720281423C33741A90241A13A4D3F8702C2C0@exchange2003.Advocacyinc.org>
 <4C68EC0E.30701@ice-sa.com>
From: "Carlton Whitmore" <cwhitmore@Advocacyinc.org>
To: "Tomcat Users List" <users@tomcat.apache.org>

Andre,
These are the settings that our vendor suggested adding to the web.xml =
came with Tomcat. If NtlmHttpFilter isn't recommended are there setup =
files for Waffle or Jespa that I could use? I'm a newbie to Tomcat.
BTW - Someone asked what the guest OS was. It's Windows 2008 R2.

Our users get intermittent SSO errors (looks to happen when we have over =
20 users online), when they try to drag and drop from Word or Outlook =
plug-in the vendor developed. This is the error message "Invalid Domain =
acquired for SSO! Please Login Manually ". We also have issues trying to =
access the SSO logon page. Instead of the SSO error we get an error that =
the page cannot be displayed. It's like the app is trying to open the =
page before the authentication can take place. I did notice that the Max =
Ports setting is 150 on the server.xml. Is that number of users or total =
ports open? I have as many as 30-40 users on at a time.
Here is my full web.xml and server.xml:

Web.xml file:

<?xml version=3D"1.0" encoding=3D"ISO-8859-1"?>
<web-app xmlns=3D"http://java.sun.com/xml/ns/javaee"
    xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation=3D"http://java.sun.com/xml/ns/javaee =
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    version=3D"2.5">

  <!-- =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
Introduction =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D -->
  <!-- This document defines default values for *all* web applications   =
   -->
  <!-- loaded into this instance of Tomcat.  As each application is      =
   -->
  <!-- deployed, this file is processed, followed by the                 =
   -->
  <!-- "/WEB-INF/web.xml" deployment descriptor from your own            =
   -->
  <!-- applications.                                                     =
   -->
  <!--                                                                   =
   -->
  <!-- WARNING:  Do not configure application-specific resources here!   =
   -->
  <!-- They should go in the "/WEB-INF/web.xml" file in your =
application.   -->


  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Built In =
Servlet Definitions =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -->


  <!-- The default servlet for all web applications, that serves static  =
   -->
  <!-- resources.  It processes all requests that are not mapped to =
other   -->
  <!-- servlets with servlet mappings (defined either here or in your =
own   -->
  <!-- web.xml file.  This servlet supports the following initialization =
   -->
  <!-- parameters (default values are in square brackets):               =
   -->
  <!--                                                                   =
   -->
  <!--   debug               Debugging detail level for messages logged  =
   -->
  <!--                       by this servlet.  [0]                       =
   -->
  <!--                                                                   =
   -->
  <!--   fileEncoding        Encoding to be used to read static =
resources   -->
  <!--                       [platform default]                          =
   -->
  <!--                                                                   =
   -->
  <!--   input               Input buffer size (in bytes) when reading   =
   -->
  <!--                       resources to be served.  [2048]             =
   -->
  <!--                                                                   =
   -->
  <!--   listings            Should directory listings be produced if =
there -->
  <!--                       is no welcome file in this directory?  =
[false] -->
  <!--                       WARNING: Listings for directories with many =
   -->
  <!--                       entries can be slow and may consume         =
   -->
  <!--                       significant proportions of server =
resources.   -->
  <!--                                                                   =
   -->
  <!--   output              Output buffer size (in bytes) when writing  =
   -->
  <!--                       resources to be served.  [2048]             =
   -->
  <!--                                                                   =
   -->
  <!--   readonly            Is this context "read only", so HTTP        =
   -->
  <!--                       commands like PUT and DELETE are            =
   -->
  <!--                       rejected?  [true]                           =
   -->
  <!--                                                                   =
   -->
  <!--   readmeFile          File name to display with the directory     =
   -->
  <!--                       contents. [null]                            =
   -->
  <!--                                                                   =
   -->
  <!--   sendfileSize        If the connector used supports sendfile, =
this  -->
  <!--                       represents the minimal file size in KB for  =
   -->
  <!--                       which sendfile will be used. Use a negative =
   -->
  <!--                       value to always disable sendfile.  [48]     =
   -->
  <!--                                                                   =
   -->
  <!--  For directory listing customization. Checks localXsltFile, then  =
   -->
  <!--  globalXsltFile, then defaults to original behavior.              =
   -->
  <!--                                                                   =
   -->
  <!--   localXsltFile       Make directory listings an XML doc and      =
   -->
  <!--                       pass the result to this style sheet =
residing   -->
  <!--                       in that directory. This overrides           =
   -->
  <!--                        globalXsltFile[null]                       =
   -->
  <!--                                                                   =
   -->
  <!--   globalXsltFile      Site wide configuration version of          =
   -->
  <!--                       localXsltFile This argument is expected     =
   -->
  <!--                       to be a physical file. [null]               =
   -->
  <!--                                                                   =
   -->
  <!--                                                                   =
   -->

    <servlet>
        <servlet-name>default</servlet-name>
        =
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class=
>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <init-param>
            <param-name>listings</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>


  <!-- The "invoker" servlet, which executes anonymous servlet classes   =
   -->
  <!-- that have not been defined in a web.xml file.  Traditionally, =
this   -->
  <!-- servlet is mapped to the URL pattern "/servlet/*", but you can =
map   -->
  <!-- it to other patterns as well.  The extra path info portion of =
such a -->
  <!-- request must be the fully qualified class name of a Java class =
that  -->
  <!-- implements Servlet (or extends HttpServlet), or the servlet name  =
   -->
  <!-- of an existing servlet definition.     This servlet supports the  =
   -->
  <!-- following initialization parameters (default values are in square =
   -->
  <!-- brackets):                                                        =
   -->
  <!--                                                                   =
   -->
  <!--   debug               Debugging detail level for messages logged  =
   -->
  <!--                       by this servlet.  [0]                       =
   -->

<!--
    <servlet>
        <servlet-name>invoker</servlet-name>
        <servlet-class>
          org.apache.catalina.servlets.InvokerServlet
        </servlet-class>
        <init-param>
            <param-name>debug</param-name>
            <param-value>0</param-value>
        </init-param>
        <load-on-startup>2</load-on-startup>
    </servlet>
-->


  <!-- The JSP page compiler and execution servlet, which is the =
mechanism  -->
  <!-- used by Tomcat to support JSP pages.  Traditionally, this servlet =
   -->
  <!-- is mapped to the URL pattern "*.jsp".  This servlet supports the  =
   -->
  <!-- following initialization parameters (default values are in square =
   -->
  <!-- brackets):                                                        =
   -->
  <!--                                                                   =
   -->
  <!--   checkInterval       If development is false and checkInterval =
is   -->
  <!--                       greater than zero, background compilations =
are -->
  <!--                       enabled. checkInterval is the time in =
seconds  -->
  <!--                       between checks to see if a JSP page needs =
to   -->
  <!--                       be recompiled. [0]                          =
   -->
  <!--                                                                   =
   -->
  <!--   modificationTestInterval                                        =
   -->
  <!--                       Causes a JSP (and its dependent files) to =
not  -->
  <!--                       be checked for modification during the      =
   -->
  <!--                       specified time interval (in seconds) from =
the  -->
  <!--                       last time the JSP was checked for           =
   -->
  <!--                       modification. A value of 0 will cause the =
JSP  -->
  <!--                       to be checked on every access.              =
   -->
  <!--                       Used in development mode only. [4]          =
   -->
  <!--                                                                   =
   -->
  <!--   compiler            Which compiler Ant should use to compile =
JSP   -->
  <!--                       pages.  See the jasper documentation for =
more  -->
  <!--                       information.                                =
   -->
  <!--                                                                   =
   -->
  <!--   classdebuginfo      Should the class file be compiled with      =
   -->
  <!--                       debugging information?  [true]              =
   -->
  <!--                                                                   =
   -->
  <!--   classpath           What class path should I use while =
compiling   -->
  <!--                       generated servlets?  [Created dynamically   =
   -->
  <!--                       based on the current web application]       =
   -->
  <!--                                                                   =
   -->
  <!--   development         Is Jasper used in development mode? If =
true,   -->
  <!--                       the frequency at which JSPs are checked for =
   -->
  <!--                       modification may be specified via the       =
   -->
  <!--                       modificationTestInterval parameter. [true]  =
   -->
  <!--                                                                   =
   -->
  <!--   enablePooling       Determines whether tag handler pooling is   =
   -->
  <!--                       enabled  [true]                             =
   -->
  <!--                                                                   =
   -->
  <!--   fork                Tell Ant to fork compiles of JSP pages so =
that -->
  <!--                       a separate JVM is used for JSP page =
compiles   -->
  <!--                       from the one Tomcat is running in. [true]   =
   -->
  <!--                                                                   =
   -->
  <!--   ieClassId           The class-id value to be sent to Internet   =
   -->
  <!--                       Explorer when using <jsp:plugin> tags.      =
   -->
  <!--                       =
[clsid:8AD9C840-044E-11D1-B3E9-00805F499D93]   -->
  <!--                                                                   =
   -->
  <!--   javaEncoding        Java file encoding to use for generating =
java  -->
  <!--                       source files. [UTF8]                        =
   -->
  <!--                                                                   =
   -->
  <!--   keepgenerated       Should we keep the generated Java source =
code  -->
  <!--                       for each page instead of deleting it? =
[true]   -->
  <!--                                                                   =
   -->
  <!--   mappedfile          Should we generate static content with one  =
   -->
  <!--                       print statement per input line, to ease     =
   -->
  <!--                       debugging?  [true]                          =
   -->
  <!--                                                                   =
   -->
  <!--   trimSpaces          Should white spaces in template text =
between   -->
  <!--                       actions or directives be trimmed?  [false]  =
   -->
  <!--                                                                   =
   -->
  <!--   suppressSmap        Should the generation of SMAP info for =
JSR45   -->
  <!--                       debugging be suppressed?  [false]           =
   -->
  <!--                                                                   =
   -->
  <!--   dumpSmap            Should the SMAP info for JSR45 debugging be =
   -->
  <!--                       dumped to a file? [false]                   =
   -->
  <!--                       False if suppressSmap is true               =
   -->
  <!--                                                                   =
   -->
  <!--   genStrAsCharArray   Should text strings be generated as char    =
   -->
  <!--                       arrays, to improve performance in some =
cases?  -->
  <!--                       [false]                                     =
   -->
  <!--                                                                   =
   -->
  <!--   errorOnUseBeanInvalidClassAttribute                             =
   -->
  <!--                       Should Jasper issue an error when the value =
of -->
  <!--                       the class attribute in an useBean action is =
   -->
  <!--                       not a valid bean class?  [true]             =
   -->
  <!--                                                                   =
   -->
  <!--   scratchdir          What scratch directory should we use when   =
   -->
  <!--                       compiling JSP pages?  [default work =
directory  -->
  <!--                       for the current web application]            =
   -->
  <!--                                                                   =
   -->
  <!--   xpoweredBy          Determines whether X-Powered-By response    =
   -->
  <!--                       header is added by generated servlet  =
[false]  -->
  <!--                                                                   =
   -->
  <!--   compilerTargetVM    Compiler target VM                          =
   --> =20
  <!--                       default is System.properties                =
   -->
  <!--                        java.specification.version > 1.4           =
   -->
  <!--                        [1.5] else [1.4]                           =
   -->
  <!--                                                                   =
   -->
  <!--   compilerSourceVM    Compiler source VM                          =
   -->
  <!--                       default is System.properties                =
   -->
  <!--                        java.specification.version > 1.4           =
   -->
  <!--                        [1.5] else [1.4]                           =
   -->
  <!--                                                                   =
   -->
  <!-- If you wish to use Jikes to compile JSP pages:                    =
   -->
  <!--   Please see the "Using Jikes" section of the Jasper-HowTo        =
   -->
  <!--   page in the Tomcat documentation.                               =
   -->

    <servlet>
        <servlet-name>jsp</servlet-name>
        =
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
        <init-param>
            <param-name>fork</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>xpoweredBy</param-name>
            <param-value>false</param-value>
        </init-param>
        <load-on-startup>3</load-on-startup>
    </servlet>


  <!-- NOTE: An SSI Filter is also available as an alternative SSI       =
   -->
  <!-- implementation. Use either the Servlet or the Filter but NOT =
both.   -->
  <!--                                                                   =
   -->
  <!-- Server Side Includes processing servlet, which processes SSI      =
   -->
  <!-- directives in HTML pages consistent with similar support in web   =
   -->
  <!-- servers like Apache.  Traditionally, this servlet is mapped to =
the   -->
  <!-- URL pattern "*.shtml".  This servlet supports the following       =
   -->
  <!-- initialization parameters (default values are in square =
brackets):   -->
  <!--                                                                   =
   -->
  <!--   buffered            Should output from this servlet be =
buffered?   -->
  <!--                       (0=3Dfalse, 1=3Dtrue)  [0]                  =
       -->
  <!--                                                                   =
   -->
  <!--   debug               Debugging detail level for messages logged  =
   -->
  <!--                       by this servlet.  [0]                       =
   -->
  <!--                                                                   =
   -->
  <!--   expires             The number of seconds before a page with =
SSI   -->
  <!--                       directives will expire.  [No default]       =
   -->
  <!--                                                                   =
   -->
  <!--   isVirtualWebappRelative                                         =
   -->
  <!--                       Should "virtual" paths be interpreted as    =
   -->
  <!--                       relative to the context root, instead of    =
   -->
  <!--                       the server root?  (0=3Dfalse, 1=3Dtrue) [0] =
       -->
  <!--                                                                   =
   -->
  <!--   inputEncoding       The encoding to assume for SSI resources if =
   -->
  <!--                       one is not available from the resource.     =
   -->
  <!--                       [Platform default]                          =
   -->
  <!--                                                                   =
   -->
  <!--   outputEncoding      The encoding to use for the page that =
results  -->
  <!--                       from the SSI processing. [UTF-8]            =
   -->
  <!--                                                                   =
   -->
  <!--                                                                   =
   -->
  <!-- IMPORTANT: To use the SSI servlet, you also need to rename the    =
   -->
  <!--            $CATALINA_HOME/server/lib/servlets-ssi.renametojar =
file   -->
  <!--            to $CATALINA_HOME/server/lib/servlets-ssi.jar          =
   -->

<!--
    <servlet>
        <servlet-name>ssi</servlet-name>
        <servlet-class>
          org.apache.catalina.ssi.SSIServlet
        </servlet-class>
        <init-param>
          <param-name>buffered</param-name>
          <param-value>1</param-value>
        </init-param>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>expires</param-name>
          <param-value>666</param-value>
        </init-param>
        <init-param>
          <param-name>isVirtualWebappRelative</param-name>
          <param-value>0</param-value>
        </init-param>
        <load-on-startup>4</load-on-startup>
    </servlet>
-->


  <!-- Common Gateway Includes (CGI) processing servlet, which supports  =
   -->
  <!-- execution of external applications that conform to the CGI spec   =
   -->
  <!-- requirements.  Typically, this servlet is mapped to the URL =
pattern  -->
  <!-- "/cgi-bin/*", which means that any CGI applications that are      =
   -->
  <!-- executed must be present within the web application.  This =
servlet   -->
  <!-- supports the following initialization parameters (default values  =
   -->
  <!-- are in square brackets):                                          =
   -->
  <!--                                                                   =
   -->
  <!--   cgiPathPrefix        The CGI search path will start at          =
   -->
  <!--                        webAppRootDir + File.separator + this =
prefix. -->
  <!--                        [WEB-INF/cgi]                              =
   -->
  <!--                                                                   =
   -->
  <!--   debug                Debugging detail level for messages logged =
   -->
  <!--                        by this servlet.  [0]                      =
   -->
  <!--                                                                   =
   -->
  <!--   executable           Name of the exectuable used to run the     =
   -->
  <!--                        script. [perl]                             =
   -->
  <!--                                                                   =
   -->
  <!--   parameterEncoding    Name of parameter encoding to be used with =
   -->
  <!--                        CGI servlet.                               =
   -->
  <!--                        =
[System.getProperty("file.encoding","UTF-8")] -->
  <!--                                                                   =
   -->
  <!--   passShellEnvironment Should the shell environment variables (if =
   -->
  <!--                        any) be passed to the CGI script? [false]  =
   -->
  <!--                                                                   =
   -->
  <!-- IMPORTANT: To use the CGI servlet, you also need to rename the    =
   -->
  <!--            $CATALINA_HOME/server/lib/servlets-cgi.renametojar =
file   -->
  <!--            to $CATALINA_HOME/server/lib/servlets-cgi.jar          =
   -->

<!--
    <servlet>
        <servlet-name>cgi</servlet-name>
        =
<servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>cgiPathPrefix</param-name>
          <param-value>WEB-INF/cgi</param-value>
        </init-param>
         <load-on-startup>5</load-on-startup>
    </servlet>
-->


  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Built In Servlet =
Mappings =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 -->


  <!-- The servlet mappings for the built in servlets defined above.  =
Note  -->
  <!-- that, by default, the CGI and SSI servlets are *not* mapped.  You =
   -->
  <!-- must uncomment these mappings (or add them to your application's =
own -->
  <!-- web.xml deployment descriptor) to enable these services           =
   -->

    <!-- The mapping for the default servlet -->
    <servlet-mapping>
        <servlet-name>default</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <!-- The mapping for the invoker servlet -->
<!--
    <servlet-mapping>
        <servlet-name>invoker</servlet-name>
        <url-pattern>/servlet/*</url-pattern>
    </servlet-mapping>
-->

    <!-- The mapping for the JSP servlet -->
    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>*.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>*.jspx</url-pattern>
    </servlet-mapping>

    <!-- The mapping for the SSI servlet -->
<!--
    <servlet-mapping>
        <servlet-name>ssi</servlet-name>
        <url-pattern>*.shtml</url-pattern>
    </servlet-mapping>
-->

    <!-- The mapping for the CGI Gateway servlet -->

<!--
    <servlet-mapping>
        <servlet-name>cgi</servlet-name>
        <url-pattern>/cgi-bin/*</url-pattern>
    </servlet-mapping>
-->


  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Built In =
Filter Definitions =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -->

  <!-- NOTE: An SSI Servlet is also available as an alternative SSI      =
   -->
  <!-- implementation. Use either the Servlet or the Filter but NOT =
both.   -->
  <!--                                                                   =
   -->
  <!-- Server Side Includes processing filter, which processes SSI       =
   -->
  <!-- directives in HTML pages consistent with similar support in web   =
   -->
  <!-- servers like Apache.  Traditionally, this filter is mapped to the =
   -->
  <!-- URL pattern "*.shtml", though it can be mapped to "*" as it will  =
   -->
  <!-- selectively enable/disable SSI processing based on mime types. =
For   -->
  <!-- this to work you will need to uncomment the .shtml mime type      =
   -->
  <!-- definition towards the bottom of this file.                       =
   -->
  <!-- The contentType init param allows you to apply SSI processing to =
JSP -->
  <!-- pages, javascript, or any other content you wish.  This filter    =
   -->
  <!-- supports the following initialization parameters (default values =
are -->
  <!-- in square brackets):                                              =
   -->
  <!--                                                                   =
   -->
  <!--   contentType         A regex pattern that must be matched before =
   -->
  <!--                       SSI processing is applied.                  =
   -->
  <!--                       [text/x-server-parsed-html(;.*)?]           =
   -->
  <!--                                                                   =
   -->
  <!--   debug               Debugging detail level for messages logged  =
   -->
  <!--                       by this servlet.  [0]                       =
   -->
  <!--                                                                   =
   -->
  <!--   expires             The number of seconds before a page with =
SSI   -->
  <!--                       directives will expire.  [No default]       =
   -->
  <!--                                                                   =
   -->
  <!--   isVirtualWebappRelative                                         =
   -->
  <!--                       Should "virtual" paths be interpreted as    =
   -->
  <!--                       relative to the context root, instead of    =
   -->
  <!--                       the server root?  (0=3Dfalse, 1=3Dtrue) [0] =
       -->
  <!--                                                                   =
   -->
  <!--                                                                   =
   -->
  <!-- IMPORTANT: To use the SSI filter, you also need to rename the     =
   -->
  <!--            $CATALINA_HOME/server/lib/servlets-ssi.renametojar =
file   -->
  <!--            to $CATALINA_HOME/server/lib/servlets-ssi.jar          =
   -->

<!--
    <filter>
        <filter-name>ssi</filter-name>
        <filter-class>
          org.apache.catalina.ssi.SSIFilter
        </filter-class>
        <init-param>
          <param-name>contentType</param-name>
          <param-value>text/x-server-parsed-html(;.*)?</param-value>
        </init-param>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>expires</param-name>
          <param-value>666</param-value>
        </init-param>
        <init-param>
          <param-name>isVirtualWebappRelative</param-name>
          <param-value>0</param-value>
        </init-param>
    </filter>
-->


  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
Built In Filter Mappings =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -->

  <!-- The mapping for the SSI Filter -->
<!--
    <filter-mapping>
        <filter-name>ssi</filter-name>
        <url-pattern>*.shtml</url-pattern>
    </filter-mapping>
-->


  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
Default Session Configuration =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -->
  <!-- You can set the default session timeout (in minutes) for all =
newly   -->
  <!-- created sessions by modifying the value below.                    =
   -->

    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>


  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
Default MIME Type Mappings =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -->
  <!-- When serving static resources, Tomcat will automatically generate =
   -->
  <!-- a "Content-Type" header based on the resource's filename =
extension,  -->
  <!-- based on these mappings.  Additional mappings can be added here =
(to  -->
  <!-- apply to all web applications), or in your own application's =
web.xml -->
  <!-- deployment descriptor.                                            =
   -->

    <mime-mapping>
        <extension>abs</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ai</extension>
        <mime-type>application/postscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aif</extension>
        <mime-type>audio/x-aiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aifc</extension>
        <mime-type>audio/x-aiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aiff</extension>
        <mime-type>audio/x-aiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>aim</extension>
        <mime-type>application/x-aim</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>art</extension>
        <mime-type>image/x-jg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>asf</extension>
        <mime-type>video/x-ms-asf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>asx</extension>
        <mime-type>video/x-ms-asf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>au</extension>
        <mime-type>audio/basic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>avi</extension>
        <mime-type>video/x-msvideo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>avx</extension>
        <mime-type>video/x-rad-screenplay</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bcpio</extension>
        <mime-type>application/x-bcpio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bin</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>bmp</extension>
        <mime-type>image/bmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>body</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cdf</extension>
        <mime-type>application/x-cdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cer</extension>
        <mime-type>application/x-x509-ca-cert</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>class</extension>
        <mime-type>application/java</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cpio</extension>
        <mime-type>application/x-cpio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>csh</extension>
        <mime-type>application/x-csh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>css</extension>
        <mime-type>text/css</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dib</extension>
        <mime-type>image/bmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>doc</extension>
        <mime-type>application/msword</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dtd</extension>
        <mime-type>application/xml-dtd</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dv</extension>
        <mime-type>video/x-dv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>dvi</extension>
        <mime-type>application/x-dvi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>eps</extension>
        <mime-type>application/postscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>etx</extension>
        <mime-type>text/x-setext</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>exe</extension>
        <mime-type>application/octet-stream</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gif</extension>
        <mime-type>image/gif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gtar</extension>
        <mime-type>application/x-gtar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>gz</extension>
        <mime-type>application/x-gzip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hdf</extension>
        <mime-type>application/x-hdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hqx</extension>
        <mime-type>application/mac-binhex40</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>htc</extension>
        <mime-type>text/x-component</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>htm</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>html</extension>
        <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>hqx</extension>
        <mime-type>application/mac-binhex40</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ief</extension>
        <mime-type>image/ief</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jad</extension>
        <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jar</extension>
        <mime-type>application/java-archive</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>java</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jnlp</extension>
        <mime-type>application/x-java-jnlp-file</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpe</extension>
        <mime-type>image/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpeg</extension>
        <mime-type>image/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jpg</extension>
        <mime-type>image/jpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>js</extension>
        <mime-type>text/javascript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jsf</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>jspf</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>kar</extension>
        <mime-type>audio/x-midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>latex</extension>
        <mime-type>application/x-latex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>m3u</extension>
        <mime-type>audio/x-mpegurl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mac</extension>
        <mime-type>image/x-macpaint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>man</extension>
        <mime-type>application/x-troff-man</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mathml</extension>
        <mime-type>application/mathml+xml</mime-type>=20
    </mime-mapping>
    <mime-mapping>
        <extension>me</extension>
        <mime-type>application/x-troff-me</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mid</extension>
        <mime-type>audio/x-midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>midi</extension>
        <mime-type>audio/x-midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mif</extension>
        <mime-type>application/x-mif</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mov</extension>
        <mime-type>video/quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>movie</extension>
        <mime-type>video/x-sgi-movie</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp1</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp2</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp3</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mp4</extension>
        <mime-type>video/mp4</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpa</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpe</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpeg</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpega</extension>
        <mime-type>audio/x-mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpg</extension>
        <mime-type>video/mpeg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>mpv2</extension>
        <mime-type>video/mpeg2</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ms</extension>
        <mime-type>application/x-wais-source</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>nc</extension>
        <mime-type>application/x-netcdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>oda</extension>
        <mime-type>application/oda</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Database -->
        <extension>odb</extension>
        =
<mime-type>application/vnd.oasis.opendocument.database</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Chart -->
        <extension>odc</extension>
        <mime-type>application/vnd.oasis.opendocument.chart</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Formula -->
        <extension>odf</extension>
        =
<mime-type>application/vnd.oasis.opendocument.formula</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Drawing -->
        <extension>odg</extension>
        =
<mime-type>application/vnd.oasis.opendocument.graphics</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Image -->
        <extension>odi</extension>
        <mime-type>application/vnd.oasis.opendocument.image</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Master Document -->
        <extension>odm</extension>
        =
<mime-type>application/vnd.oasis.opendocument.text-master</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Presentation -->
        <extension>odp</extension>
        =
<mime-type>application/vnd.oasis.opendocument.presentation</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Spreadsheet -->
        <extension>ods</extension>
        =
<mime-type>application/vnd.oasis.opendocument.spreadsheet</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Text -->
        <extension>odt</extension>
        <mime-type>application/vnd.oasis.opendocument.text</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ogg</extension>
        <mime-type>application/ogg</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Drawing Template -->
        <extension>otg </extension>
        =
<mime-type>application/vnd.oasis.opendocument.graphics-template</mime-typ=
e>
    </mime-mapping>
    <mime-mapping>
        <!-- HTML Document Template -->
        <extension>oth</extension>
        =
<mime-type>application/vnd.oasis.opendocument.text-web</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Presentation Template -->
        <extension>otp</extension>
        =
<mime-type>application/vnd.oasis.opendocument.presentation-template</mime=
-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Spreadsheet Template -->
        <extension>ots</extension>
        =
<mime-type>application/vnd.oasis.opendocument.spreadsheet-template =
</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- OpenDocument Text Template -->
        <extension>ott</extension>
        =
<mime-type>application/vnd.oasis.opendocument.text-template</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pbm</extension>
        <mime-type>image/x-portable-bitmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pct</extension>
        <mime-type>image/pict</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pdf</extension>
        <mime-type>application/pdf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pgm</extension>
        <mime-type>image/x-portable-graymap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pic</extension>
        <mime-type>image/pict</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pict</extension>
        <mime-type>image/pict</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pls</extension>
        <mime-type>audio/x-scpls</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>png</extension>
        <mime-type>image/png</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pnm</extension>
        <mime-type>image/x-portable-anymap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>pnt</extension>
        <mime-type>image/x-macpaint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppm</extension>
        <mime-type>image/x-portable-pixmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppt</extension>
        <mime-type>application/powerpoint</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ps</extension>
        <mime-type>application/postscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>psd</extension>
        <mime-type>image/x-photoshop</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qt</extension>
        <mime-type>video/quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qti</extension>
        <mime-type>image/x-quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>qtif</extension>
        <mime-type>image/x-quicktime</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ras</extension>
        <mime-type>image/x-cmu-raster</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rdf</extension>
        <mime-type>application/rdf+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rgb</extension>
        <mime-type>image/x-rgb</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rm</extension>
        <mime-type>application/vnd.rn-realmedia</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>roff</extension>
        <mime-type>application/x-troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rtf</extension>
        <mime-type>application/rtf</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>rtx</extension>
        <mime-type>text/richtext</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sh</extension>
        <mime-type>application/x-sh</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>shar</extension>
        <mime-type>application/x-shar</mime-type>
    </mime-mapping>
<!--
    <mime-mapping>
        <extension>shtml</extension>
        <mime-type>text/x-server-parsed-html</mime-type>
    </mime-mapping>
-->
    <mime-mapping>
        <extension>smf</extension>
        <mime-type>audio/x-midi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sit</extension>
        <mime-type>application/x-stuffit</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>snd</extension>
        <mime-type>audio/basic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>src</extension>
        <mime-type>application/x-wais-source</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sv4cpio</extension>
        <mime-type>application/x-sv4cpio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>sv4crc</extension>
        <mime-type>application/x-sv4crc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>swf</extension>
        <mime-type>application/x-shockwave-flash</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>t</extension>
        <mime-type>application/x-troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tar</extension>
        <mime-type>application/x-tar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tcl</extension>
        <mime-type>application/x-tcl</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tex</extension>
        <mime-type>application/x-tex</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>texi</extension>
        <mime-type>application/x-texinfo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>texinfo</extension>
        <mime-type>application/x-texinfo</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tif</extension>
        <mime-type>image/tiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tiff</extension>
        <mime-type>image/tiff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tr</extension>
        <mime-type>application/x-troff</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>tsv</extension>
        <mime-type>text/tab-separated-values</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>txt</extension>
        <mime-type>text/plain</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ulw</extension>
        <mime-type>audio/basic</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ustar</extension>
        <mime-type>application/x-ustar</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vxml</extension>
        <mime-type>application/voicexml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xbm</extension>
        <mime-type>image/x-xbitmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xht</extension>
        <mime-type>application/xhtml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xhtml</extension>
        <mime-type>application/xhtml+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xml</extension>
        <mime-type>application/xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xpm</extension>
        <mime-type>image/x-xpixmap</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xsl</extension>
        <mime-type>application/xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xslt</extension>
        <mime-type>application/xslt+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xul</extension>
        <mime-type>application/vnd.mozilla.xul+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xwd</extension>
        <mime-type>image/x-xwindowdump</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wav</extension>
        <mime-type>audio/x-wav</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>svg</extension>
        <mime-type>image/svg+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>svgz</extension>
        <mime-type>image/svg+xml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>vsd</extension>
        <mime-type>application/x-visio</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- Wireless Bitmap -->
        <extension>wbmp</extension>
        <mime-type>image/vnd.wap.wbmp</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- WML Source -->
        <extension>wml</extension>
        <mime-type>text/vnd.wap.wml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- Compiled WML -->
        <extension>wmlc</extension>
        <mime-type>application/vnd.wap.wmlc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- WML Script Source -->
        <extension>wmls</extension>
        <mime-type>text/vnd.wap.wmlscript</mime-type>
    </mime-mapping>
    <mime-mapping>
        <!-- Compiled WML Script -->
        <extension>wmlscriptc</extension>
        <mime-type>application/vnd.wap.wmlscriptc</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wmv</extension>
        <mime-type>video/x-ms-wmv</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>wrl</extension>
        <mime-type>x-world/x-vrml</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>Z</extension>
        <mime-type>application/x-compress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>z</extension>
        <mime-type>application/x-compress</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>zip</extension>
        <mime-type>application/zip</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>xls</extension>
        <mime-type>application/vnd.ms-excel</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>doc</extension>
        <mime-type>application/vnd.ms-word</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>ppt</extension>
        <mime-type>application/vnd.ms-powerpoint</mime-type>
    </mime-mapping>

  <!-- =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
Default Welcome File List =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D -->
  <!-- When a request URI refers to a directory, the default servlet =
looks  -->
  <!-- for a "welcome file" within that directory and, if present,       =
   -->
  <!-- to the corresponding resource URI for display.  If no welcome =
file   -->
  <!-- is present, the default servlet either serves a directory =
listing,   -->
  <!-- or returns a 404 status, depending on how it is configured.       =
   -->
  <!--                                                                   =
   -->
  <!-- If you define welcome files in your own application's web.xml     =
   -->
  <!-- deployment descriptor, that list *replaces* the list configured   =
   -->
  <!-- here, so be sure that you include any of the default values that  =
   -->
  <!-- you wish to include.                                              =
   -->

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
=09
	  <filter>
     <filter-name>NtlmHttpFilter</filter-name>
     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
     <init-param>
         <param-name>jcifs.http.domainController</param-name>
         <param-value>192.168.100.6</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.smb.client.domain</param-name>
         <param-value>advocacyinc</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.smb.client.username</param-name>
         <param-value>SQL_LegalFiles</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.smb.client.password</param-name>
         <param-value>>*******</param-value>
     </init-param>
     <init-param>
         <param-name>jcifs.smb.lmCompatibility</param-name>
         <param-value>3</param-value>
     </init-param>

    <!-- ** needs reviewed to avoid domain Preauth check
    init-param>
        <param-name>jcifs.smb.client.ssnLimit</param-name>
        <param-value>1</param-value>
    </init-param>
    -->
</filter>

<filter-mapping>
    <filter-name>NtlmHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


</web-app>


Server.xml file:


<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port=3D"8005" shutdown=3D"SHUTDOWN">

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className=3D"org.apache.catalina.core.AprLifecycleListener" =
SSLEngine=3D"off" />
  <!--Initialize Jasper prior to webapps are loaded. Documentation at =
/docs/jasper-howto.html -->
  <Listener className=3D"org.apache.catalina.core.JasperListener" />
  <!-- JMX Support for the Tomcat server. Documentation at =
/docs/non-existent.html -->
  <Listener =
className=3D"org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener =
className=3D"org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"=
 />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name=3D"UserDatabase" auth=3D"Container"
              type=3D"org.apache.catalina.UserDatabase"
              description=3D"User database that can be updated and =
saved"
              =
factory=3D"org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname=3D"conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that =
share
       a single "Container" Note:  A "Service" is not itself a =
"Container",=20
       so you may not define subcomponents such as "Valves" at this =
level.
       Documentation at /docs/config/service.html
   -->
  <Service name=3D"Catalina">
 =20
    <!--The connectors can use a shared executor, you can define one or =
more named thread pools-->
    <!--
    <Executor name=3D"tomcatThreadPool" namePrefix=3D"catalina-exec-"=20
        maxThreads=3D"150" minSpareThreads=3D"4"/>
    -->
   =20
   =20
    <!-- A "Connector" represents an endpoint by which requests are =
received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking & =
non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL HTTP/1.1 Connector on port 8080
    -->
    <Connector port=3D"8080" protocol=3D"HTTP/1.1"=20
               connectionTimeout=3D"20000"=20
               redirectPort=3D"8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor=3D"tomcatThreadPool"
               port=3D"8080" protocol=3D"HTTP/1.1"=20
               connectionTimeout=3D"20000"=20
               redirectPort=3D"8443" />
    -->          =20
    <!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the =

         connector should be using the OpenSSL style configuration
         described in the APR documentation -->

         <Connector port=3D"8443" protocol=3D"HTTP/1.1" =
SSLEnabled=3D"true"
               maxThreads=3D"150" scheme=3D"https" secure=3D"true"
               keystoreFile=3D"c:\certs\advocacyinc.key" =
keystorePass=3D"*******"
	       clientAuth=3D"false" sslProtocol=3D"TLS" />


    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port=3D"8009" protocol=3D"AJP/1.3" redirectPort=3D"8443" =
/>


    <!-- An Engine represents the entry point (within Catalina) that =
processes
         every request.  The Engine implementation for Tomcat stand =
alone
         analyzes the HTTP headers included with the request, and passes =
them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name=3D"Standalone" defaultHost=3D"localhost" =
jvmRoute=3D"jvm1">        =20
    -->=20
    <Engine name=3D"Catalina" defaultHost=3D"localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster =
className=3D"org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->       =20

      <!-- The request dumper valve dumps useful debugging information =
about
           the request and response data received and sent by Tomcat.
           Documentation at: /docs/config/valve.html -->
      <!--
      <Valve =
className=3D"org.apache.catalina.valves.RequestDumperValve"/>
      -->

      <!-- This Realm uses the UserDatabase configured in the global =
JNDI
           resources under the key "UserDatabase".  Any edits
           that are performed against this UserDatabase are immediately
           available for use by the Realm.  -->
      <Realm className=3D"org.apache.catalina.realm.UserDatabaseRealm"
             resourceName=3D"UserDatabase"/>

      <!-- Define the default virtual host
           Note: XML Schema validation will not work with Xerces 2.2.
       -->
      <Host name=3D"localhost"  appBase=3D"webapps"
            unpackWARs=3D"true" autoDeploy=3D"true"
            xmlValidation=3D"false" xmlNamespaceAware=3D"false">

        <!-- SingleSignOn valve, share authentication between web =
applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve =
className=3D"org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className=3D"org.apache.catalina.valves.AccessLogValve" =
directory=3D"logs" =20
               prefix=3D"localhost_access_log." suffix=3D".txt" =
pattern=3D"common" resolveHosts=3D"false"/>
        -->

      </Host>
    </Engine>
  </Service>
</Server>


-----Original Message-----
From: Andr=E9 Warnier [mailto:aw@ice-sa.com]=20
Sent: Monday, August 16, 2010 2:43 AM
To: Tomcat Users List
Subject: Re: Single Sign-On problems

Carlton Whitmore wrote:
> Andre,
> The only reason I think it's Tomcat because when we change the Tomcat =
version it seems to affect the speed of the application (Tomcat 7 runs =
very slow, but no SSO errors; Tomcat 6 runs fast, but SSO errors). We're =
using Active Directory to authenticate. I guess it could be SSL as well. =
I've change the domain controller, but that didn't affect the issue. =
Here is the code we changed in the conf\web.xml file:
> =20
>  <welcome-file-list>
>         <welcome-file>index.html</welcome-file>
>         <welcome-file>index.htm</welcome-file>
>         <welcome-file>index.jsp</welcome-file>
>     </welcome-file-list>
> =20
>    <filter>
>      <filter-name>NtlmHttpFilter</filter-name>
>      <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>      <init-param>
>          <param-name>jcifs.http.domainController</param-name>
>          <param-value>192.168.100.6</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.client.domain</param-name>
>          <param-value>advocacyinc</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.client.username</param-name>
>          <param-value>SQL_LegalFiles</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.client.password</param-name>
>          <param-value>>password</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.lmCompatibility</param-name>
>          <param-value>3</param-value>
>      </init-param>
>     <!-- ** needs reviewed to avoid domain Preauth check
>     init-param>
>         <param-name>jcifs.smb.client.ssnLimit</param-name>
>         <param-value>1</param-value>
>     </init-param>
>     -->
> </filter>
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>
>=20
> =20

1) you do know that this NtlmHttpFilter is no longer developed or =
supported, and that it=20
will never support NTLM v2 (as is standard with Windows Vista, 7 and =
later), right ?
You should be thinking about switching to Jespa or Waffle.

2) anyway, the jCIFS filter can do quite extensive logs of what it does =
(see=20
jcifs.util.loglevel).  You could try using that and check what it is =
telling you about the=20
failures.

3) when you mention "SSO failures", what do you mean exactly ? the =
browser popping up a=20
builtin authentication dialog ? or something else ?
And is the above your standard operational configuration, or a =
simplified one you are just=20
using for this test ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org