tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dB. <dbl...@dblock.org>
Subject RE: Tomcat 5.5: how doesone configure an authenticator valve?
Date Tue, 02 Nov 2010 22:03:46 GMT
After some more code-reading I found the problem. Looking at the implementation of response.sendError
in TC5, it's clear that it dumps whatever headers you added prior to the call. Changing this
to setStatus fixed the problem. I assume this means that Tomcat doesn't get a chance to render
it's custom 401 page, but I might be speculating.

I'd appreciate if someone shed some light on which way the code below should be implemented
(setStatus/sendError/something else?) in various versions of Tomcat.

Thx
dB.

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York



-----Original Message-----
From: dB. [mailto:dblock@dblock.org] 
Sent: Tuesday, November 02, 2010 4:55 PM
To: Tomcat Users List
Subject: RE: Tomcat 5.5: how doesone configure an authenticator valve?

Thanks for your help. I should have done this (logging) in the first place, sorry. The filter
is invoked properly. 
The new problem is that the headers aren't added (or sent to the client). The code looks like
this:

			response.addHeader("WWW-Authenticate", "Negotiate");
			response.addHeader("WWW-Authenticate", "NTLM");
			response.setHeader("Connection", "close");
			response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
			response.flushBuffer();	

This is executed for sure (put a logging statement in front of it) but has no effect, the
response looks like a boilerplate 401. 
Where did my WWW-Authenticate headers and "Connection: close" go? (Maybe it helps, it does
work in 6.x).

Thx
dB.

PS: you're looking at some intermediate waffle check-in, the namespace was renamed at some
point, it's waffle.apache.

dB. @ dblock.org 
Moscow|Geneva|Seattle|New York


-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
Sent: Tuesday, November 02, 2010 8:39 AM
To: Tomcat Users List
Subject: Re: Tomcat 5.5: how doesone configure an authenticator valve?

2010/11/2 dB. <dblock@dblock.org>:
> I am trying to help someone with a Tomcat 5.5 implementation of waffle (waffle.codeplex.com).
It has authenticator valve that works well with tc6.
> I declare a valve inside the web app:
>
> Context.xml
>
> <?xml version='1.0' encoding='utf-8'?> <Context>
>  <Valve className="waffle.apache.NegotiateAuthenticator" 
> principalFormat="fqn" roleFormat="both" />
>  <Realm className="waffle.apache.WindowsRealm" /> </Context>
>

Note, that META-INF/context.xml  (case matters!) is copied to $CATALINA_BASE\conf\Catalina\localhost\<yourapp>.xml
 when the webappication starts for the first time.  You can have a stale copy there.

I would suggest you to enable more detailed logging.

Something like adding the following line to conf/logging.properties:
waffle.apache.NegotiateAuthenticator.level=FINE

BTW, the waffle docs say "waffle.apache.NegotiateAuthenticator", but in the source code it
is "waffle.tomcat.NegotiateAuthenticator", i.e.
a different package

http://waffle.codeplex.com/SourceControl/changeset/view/52761#1097376


Are there any interesting messages in the log filess already?

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message