Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 13387 invoked from network); 2 Nov 2010 22:04:30 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 2 Nov 2010 22:04:30 -0000 Received: (qmail 40414 invoked by uid 500); 2 Nov 2010 22:04:58 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 40362 invoked by uid 500); 2 Nov 2010 22:04:57 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 40353 invoked by uid 99); 2 Nov 2010 22:04:57 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Nov 2010 22:04:57 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [74.208.4.194] (HELO mout.perfora.net) (74.208.4.194) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Nov 2010 22:04:53 +0000 Received: from winxedgeus01.exchange.xchg (winxedgeus01.lxa.perfora.net [172.23.130.53]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0MV65l-1P3tUQ1LHJ-00Yb6y; Tue, 02 Nov 2010 18:04:31 -0400 Received: from winxhubus02.exchange.xchg (172.23.130.14) by winxedgeus01.exchange.xchg (172.23.130.53) with Microsoft SMTP Server (TLS) id 8.3.83.0; Tue, 2 Nov 2010 18:03:52 -0400 Received: from winxbeus13.exchange.xchg ([172.23.130.73]) by winxhubus02.exchange.xchg ([172.23.130.14]) with mapi; Tue, 2 Nov 2010 18:03:48 -0400 From: dB. To: Tomcat Users List Date: Tue, 2 Nov 2010 18:03:46 -0400 Subject: RE: Tomcat 5.5: how doesone configure an authenticator valve? Thread-Topic: Tomcat 5.5: how doesone configure an authenticator valve? Thread-Index: Act6iwGcwTVqCoLsTaujh8PoiBUQIgARFm2QAAKNs3A= Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US x-provags-id: V02:K0:bYaH3rVV56RbXfx/nKqj29OdSXl8LPVIktyP1tvT4Ac 6rPOEmPLGb18sV3/BrlmgZMxr8En2jC4TqiCJyJEEi/H5OAYgr pqPEWvuxIjmRdJTjh9b/rVWjmkyuQKNOQhMCCNTjdTFIDodHIm 4HZfGnjirs++HxL7Ry8Ip4rr5HZvKNNU4do1I89sW2G3UQ3Dt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 After some more code-reading I found the problem. Looking at the implementa= tion of response.sendError in TC5, it's clear that it dumps whatever header= s you added prior to the call. Changing this to setStatus fixed the problem= . I assume this means that Tomcat doesn't get a chance to render it's custo= m 401 page, but I might be speculating. I'd appreciate if someone shed some light on which way the code below shoul= d be implemented (setStatus/sendError/something else?) in various versions = of Tomcat. Thx dB. dB. @ dblock.org=20 Moscow|Geneva|Seattle|New York -----Original Message----- From: dB. [mailto:dblock@dblock.org]=20 Sent: Tuesday, November 02, 2010 4:55 PM To: Tomcat Users List Subject: RE: Tomcat 5.5: how doesone configure an authenticator valve? Thanks for your help. I should have done this (logging) in the first place,= sorry. The filter is invoked properly.=20 The new problem is that the headers aren't added (or sent to the client). T= he code looks like this: response.addHeader("WWW-Authenticate", "Negotiate"); response.addHeader("WWW-Authenticate", "NTLM"); response.setHeader("Connection", "close"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.flushBuffer();=09 This is executed for sure (put a logging statement in front of it) but has = no effect, the response looks like a boilerplate 401.=20 Where did my WWW-Authenticate headers and "Connection: close" go? (Maybe it= helps, it does work in 6.x). Thx dB. PS: you're looking at some intermediate waffle check-in, the namespace was = renamed at some point, it's waffle.apache. dB. @ dblock.org=20 Moscow|Geneva|Seattle|New York -----Original Message----- From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com] Sent: Tuesday, November 02, 2010 8:39 AM To: Tomcat Users List Subject: Re: Tomcat 5.5: how doesone configure an authenticator valve? 2010/11/2 dB. : > I am trying to help someone with a Tomcat 5.5 implementation of waffle (w= affle.codeplex.com). It has authenticator valve that works well with tc6. > I declare a valve inside the web app: > > Context.xml > > > =A0 principalFormat=3D"fqn" roleFormat=3D"both" /> > =A0 > Note, that META-INF/context.xml (case matters!) is copied to $CATALINA_BAS= E\conf\Catalina\localhost\.xml when the webappication starts for = the first time. You can have a stale copy there. I would suggest you to enable more detailed logging. Something like adding the following line to conf/logging.properties: waffle.apache.NegotiateAuthenticator.level=3DFINE BTW, the waffle docs say "waffle.apache.NegotiateAuthenticator", but in the= source code it is "waffle.tomcat.NegotiateAuthenticator", i.e. a different package http://waffle.codeplex.com/SourceControl/changeset/view/52761#1097376 Are there any interesting messages in the log filess already? Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org