tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hua, Gary - Saint Louis, MO - Contractor" <Gang....@usps.gov.INVALID>
Subject RE: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Date Tue, 16 Apr 2019 01:02:22 GMT
Luis:

     	Thanks for your input.   I put the following into conf/logging.properties and add  debug="99"
 in the Realm definition  so I can see more Realm logging information:

org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true


	After the first login attempt in the application TOPS login screen,   the URL was redirected
to  https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check  with invalid UID/PW message.   
Then I entered  topsadmin/@88Topstopstops as id/pd and clicked  the Login button again,  I
got the following message in the catalina.out:


15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke
Security checking request POST /TOPS-WEB/j_security_check
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check
--> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST
/j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check
--> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check
--> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST
/j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check
--> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Calling hasUserDataPermission()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission
  User data constraint already satisfied
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Calling authenticate()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
Authenticating username 'topsadmin'
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate
Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate
Exception performing authentication. Retrying...
 javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException:
Connection reset]; remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
        at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
        at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
        at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
        at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
        at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
        at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
        at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
        at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:210)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
        at com.sun.jndi.ldap.Connection.run(Connection.java:877)
        ... 1 more

15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate
Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
Authentication of 'topsadmin' was successful
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
Redirecting to original '/TOPS-WEB/'
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Failed authenticate() test
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke
Security checking request GET /TOPS-WEB/
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp -->
true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET
/index.jsp --> false
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints
  Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp -->
true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Calling hasUserDataPermission()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission
  User data constraint has no restrictions
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Calling authenticate()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register
Authenticated 'topsadmin' with type 'FORM'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register
Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
Proceed to restored request
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Calling accessControl()
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
  Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_INQUIRY
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_ADMIN]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_ADMIN
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_FIELD_USER_SFO
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_MODELING]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_MODELING
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INQUIRY
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_EDITOR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_EDITOR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_FIELD_USER_JFK
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_FIELD_USER_JECEWR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_FIELD_USER_ORD
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTERNATIONAL
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_FIELD_USER_LAX
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole
Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission
No role found:  TOPS_INTL_FIELD_USER_MIA
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke
 Failed accessControl() test



The error messages on the screen looks like below:

HTTP Status 403 – Forbidden

Type Status Report

Message Access to the requested resource has been denied

Description The server understood the request but refuses to authorize it.

USPS_restricted






Any idea what is that about?   Again the Ream definition is:

<Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
   connectionName="wasdev2@devsub.dev.dce.usps.gov"
   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
   authentication="simple"
   referrals="ignore"
   userSearch="(sAMAccountName={0})"
   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   userSubtree="true"
   roleSearch="(member={0})"
   roleName="cn"
   roleSubtree="true"
   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   adCompat="true"
/>



Thanks
Gary


-----Original Message-----
From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com] 
Sent: Monday, April 15, 2019 3:47 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Hello Gary,

I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search
filters ldapsearch can be your friend [2] :)

Hope it helps,

Luis

[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html







El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
(<Gang.Hua@usps.gov.invalid>) escribió:

> All:
>
>
>
>      Sorry on my previous email I have some graphic contents that can not
> be displayed.   Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [ 
> mailto:Gang.Hua@usps.gov.INVALID <Gang.Hua@usps.gov.INVALID>]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
>                 The Tomcat server works fine in my local computer with  
> application “TOPS“ in Eclipse.  I deployed the TOPS application to our 
> DEV web server eagnmnmed1f45 under webapps.
>
>
>
>                 After I started the Tomcat  server (9.0.13) in DEV 
> server and entered the TOPS home page URL 
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the
> browser,       it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:
>
>
>
>
>
> *The website cannot display the page*
>
>   HTTP 500
>
>
>
> *Most likely causes:*
>
>    - The website is under maintenance.
>    - The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f 
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find 
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not 
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded 
> for module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules 
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules 
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for 
> module ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  - 
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
>         at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> n.java:120)
>
>         at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> n.java:61)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> (AbstractDispatchAction.java:136)
>
>         at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> ctDispatchAction.java:84)
>
>         at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> (AbstractTOPSDispatchAction.java:258)
>
>         at
> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> Processor.java:419)
>
>         at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> a:224)
>
>         at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> )
>
>         at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
>         at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
>         at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:170)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:225)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> Filter.java:125)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> )
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> lve.java:199)
>
>         at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> lve.java:96)
>
>         at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> orBase.java:607)
>
>         at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> va:139)
>
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> va:92)
>
>         at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> sLogValve.java:668)
>
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> e.java:74)
>
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> :343)
>
>         at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> 408)
>
>         at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> t.java:66)
>
>         at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> rotocol.java:791)
>
>         at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> nt.java:1417)
>
>         at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> .java:49)
>
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> ava:1149)
>
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> java:624)
>
>         at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> ead.java:61)
>
>         at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
>
>
>          If I only entered  “http://eagnmnmed1f45:9080/TOPS-WEB/”,  
> the login screen showed up.
>
>         After I entered   topsadmin/@88Topstopstops as id/pd and clicked
> Login button on the login screen,    I got the following error:
>
>
>
>
>
> *Error*
>
> Error Message: You've entered an invalid Logon ID or Password. Please 
> check that your Logon ID and Password are correct and try again.
>
>
>
>
>
>
>
>
>
> I know the  topsadmin/@88Topstopstops is the correct id/pd.
>
>
>
> Any idea what happens here?     Any input is appreciated.   Following is
> the contents of server.xml and LDAP_realm.xml
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <!DOCTYPE server-xml [
>
>   <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>
> ]>
>
> <!--
>
>   Licensed to the Apache Software Foundation (ASF) under one or more
>
>   contributor license agreements.  See the NOTICE file distributed 
> with
>
>   this work for additional information regarding copyright ownership.
>
>   The ASF licenses this file to You under the Apache License, Version 
> 2.0
>
>   (the "License"); you may not use this file except in compliance with
>
>   the License.  You may obtain a copy of the License at
>
>
>
>       http://www.apache.org/licenses/LICENSE-2.0
>
>
>
>   Unless required by applicable law or agreed to in writing, software
>
>   distributed under the License is distributed on an "AS IS" BASIS,
>
>   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>
>   See the License for the specific language governing permissions and
>
>   limitations under the License.
>
> -->
>
> <!-- Note:  A "Server" is not itself a "Container", so you may not
>
>      define subcomponents such as "Valves" at this level.
>
>      Documentation at /docs/config/server.html
>
> -->
>
> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>
>   <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
>
>
>
>   <!-- Security listener. Documentation at /docs/config/listeners.html 
> -->
>
>   <Listener className="org.apache.catalina.security.SecurityListener"
> checkedOsUsers="root" minimumUmask="0007"/>
>
>
>
>   <!--APR library loader. Documentation at /docs/apr.html -->
>
>   <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
>   <!-- Prevent memory leaks due to use of particular java/javax 
> APIs-->
>
>   <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" 
> />
>
>   <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> " />
>
>   <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" 
> />
>
>
>
>   <!-- Global JNDI resources Documentation at 
> /docs/jndi-resources-howto.html -->
>
>   <GlobalNamingResources>
>
>     <!-- Editable user database that can also be used by 
> UserDatabaseRealm to authenticate users -->
>
>     <!--  *** Not needed, because we use JNDI Realm ***     -->
>
> <!--    <Resource name="UserDatabase" auth="Container"
>
>               type="org.apache.catalina.UserDatabase"
>
>               description="User database that can be updated and saved"
>
>               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>
>               pathname="tomcat-users.xml" />
>
> -->
>
>   </GlobalNamingResources>
>
>
>
> <!-- A "Service" is a collection of one or more "Connectors" that 
> share
>
>        a single "Container" Note:  A "Service" is not itself a 
> "Container",
>
>        so you may not define subcomponents such as "Valves" at this level.
>
>        Documentation at /docs/config/service.html
>
>    -->
>
>   <Service name="Catalina">
>
>
>
>     <!--The connectors can use a shared executor, you can define one 
> or more named thread pools-->
>
>     <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>   -->
>
>
>
>     <!-- A "Connector" represents an endpoint by which requests are 
> received
>
>          and responses are returned. Documentation at :
>
>         Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>
>          Java AJP  Connector: /docs/config/ajp.html
>
>          APR (HTTP/AJP) Connector: /docs/apr.html
>
>          Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>
>     -->
>
>     <Connector port="9080"
>
>                protocol="HTTP/1.1"
>
>                connectionTimeout="20000"
>
>                redirectPort="9443"
>
>                maxHttpHeaderSize="8192"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                enableLookups="false" />
>
>     <!-- A "Connector" using the shared thread pool-->
>
>     <!--
>
>     <Connector executor="tomcatThreadPool"
>
>                port="9080" protocol="HTTP/1.1"
>
>                connectionTimeout="20000"
>
>                redirectPort="9443"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                server="USPS"
>
>                enableLookups="false" />
>
>     -->
>
>     <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>
>          This connector uses the NIO implementation that requires the 
> JSSE
>
>          style configuration. When using the APR/native 
> implementation, the
>
>          OpenSSL style configuration is required as described in the 
> APR/native
>
>          documentation -->
>
> <Connector port="9443"
>
>                protocol="org.apache.coyote.http11.Http11NioProtocol"
>
>                connectionTimeout="60000"
>
>                maxThreads="150"
>
>                SSLEnabled="true"
>
>                scheme="https"
>
>                secure="true"
>
>                keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>
>                keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
>
>                clientAuth="want"
>
>                ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>
>                         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>
>                         TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_RSA_WITH_AES_256_CBC_SHA256,
>
>                         TLS_RSA_WITH_AES_256_GCM_SHA384"
>
>                maxHttpHeaderSize="8192"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                server="USPS"
>
>                enableLookups="false" />
>
>
>
>     <!-- Define an AJP 1.3 Connector on port 8009 -->
>
>     <!--
>
>     <Connector port="8009" protocol="AJP/1.3"
>
>                connectionTimeout="20000"
>
>                protocol="AJP/1.3"
>
>                redirectPort="9443"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                enableLookups="false" />
>
>     -->
>
>
>
>     <!-- An Engine represents the entry point (within Catalina) that 
> processes
>
>          every request.  The Engine implementation for Tomcat stand 
> alone
>
>          analyzes the HTTP headers included with the request, and 
> passes them
>
>          on to the appropriate Host (virtual host).
>
>          Documentation at /docs/config/engine.html -->
>
>
>
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>
>     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>
>     -->
>
>     <Engine name="Catalina" defaultHost="localhost">
>
>
>
>       <!--For clustering, please take a look at documentation at:
>
>           /docs/cluster-howto.html  (simple how to)
>
>           /docs/config/cluster.html (reference documentation) -->
>
>       <!--
>
>       <Cluster 
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
>
>
>       <!-- Use the LockOutRealm to prevent attempts to guess user 
> passwords
>
>            via a brute-force attack -->
>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
>
>
>
>         <!-- This Realm uses the UserDatabase configured in the global 
> JNDI
>
>              resources under the key "UserDatabase".  Any edits
>
>              that are performed against this UserDatabase are 
> immediately
>
>              available for use by the Realm.  -->
>
>         <!--
>
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
>                resourceName="UserDatabase"/>
>
>         -->
>
>         &LDAP_realm;
>
>       </Realm>
>
>
>
>       <Host name="localhost"
>
>             appBase="webapps"
>
>             unpackWARs="true"
>
>             deployOnStartup="false"
>
>             autoDeploy="false">
>
>
>
>          <Context path=""
>
>             docBase="/opt/TomCat/tomcat/webapps/ROOT"
>
>             debug="0"
>
>             privileged="true">
>
>          </Context>
>
>
>
>          <Context path="/TOPS-WEB"
>
>                   docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>
>                   debug="0"
>
>                   privileged="true">
>
>                   <Resource name="jdbc/TOPSDB"
>
>                             auth="Container"
>
>                             type="javax.sql.DataSource"
>
>                             driverClassName="oracle.jdbc.OracleDriver"
>
>                             inactiveConnectionTimeout="120"
>
>                             maxPoolSize="20"
>
>                             minPoolSize="1"
>
>                             password="g3td0wn"
>
>                             url="jdbc:oracle:thin:@ 
> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>
>
> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> dtops.usps.gov)))"
>
>                             username="TOPS_ADMIN"
>
>                             validateConnectionOnBorrow="true"/>
>
>          </Context>
>
>
>
> <!-- SingleSignOn valve, share authentication between web applications
>
>               Documentation at: /docs/config/valve.html -->
>
>          <!--
>
>          <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
>          -->
>
>
>
>          <!-- Access log processes all example.
>
>               Documentation at: /docs/config/valve.html
>
>               Note: The pattern used is equivalent to using 
> pattern="common" -->
>
>          <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>
>                 prefix="localhost_access_log" suffix=".txt"
>
>                 pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>
>
>
>       </Host>
>
>     </Engine>
>
>   </Service>
>
> </Server>
>
>
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>
>    connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>
>    connectionName="wasdev2@devsub.dev.dce.usps.gov"
>
>    connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
>
>    authentication="simple"
>
>    referrals="ignore"
>
>    userSearch="(sAMAccountName={0})"
>
>    userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
>    userSubtree="true"
>
>    roleSearch="(member={0})"
>
>    roleName="cn"
>
>    roleSubtree="true"
>
>    roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
>    adCompat="true"
>
> />
>
>
>
>
>
> Thanks
>
> Gary
>
>
>
>
>
>
>
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message