tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Rodríguez Fernández <uo67...@gmail.com>
Subject Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Date Tue, 16 Apr 2019 07:20:21 GMT
Hello Gary,

Your user, topsadmin is has the role NAT_TOPS_ADMIN, see [1], however the
application is looking for another bunch of roles like
TOPS_INTL_FIELD_USER_MIA, TOPS_MODELING, etc... I suggest you to check your
user membership [2] and try with the roleNested=true in your configuration
[3]

Hope it helps,

Luis

[1] Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
[2] https://stackoverflow.com/questions/6195812/ldap-nested-group-membership
[3] https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm &
https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html






El mar., 16 abr. 2019 a las 9:03, Peter@Kreuser-Online (<logo@kreuser.name>)
escribió:

> Hi Gary,
>
> see way below inline...
>
> > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor
> <Gang.Hua@usps.gov.invalid>:
> >
> > Luis:
> >
> >         Thanks for your input.   I put the following into
> conf/logging.properties and add  debug="99"  in the Realm definition  so I
> can see more Realm logging information:
> >
> > org.apache.catalina.realm.level = ALL
> > org.apache.catalina.realm.useParentHandlers = true
> > org.apache.catalina.authenticator.level = ALL
> > org.apache.catalina.authenticator.useParentHandlers = true
> >
> >
> >    After the first login attempt in the application TOPS login screen,
>  the URL was redirected to
> https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check  with invalid UID/PW
> message.    Then I entered  topsadmin/@88Topstopstops as id/pd and clicked
> the Login button again,  I got the following message in the catalina.out:
> >
> >
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request POST /TOPS-WEB/j_security_check
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data
> constraint already satisfied
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> authenticate()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authenticating username 'topsadmin'
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Attempting to
> authenticate user [topsadmin] with realm
> [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.JNDIRealm.authenticate Exception performing
> authentication. Retrying...
> > javax.naming.CommunicationException: Connection reset [Root exception is
> java.net.SocketException: Connection reset];
> ^^^^^^^^^^^^
> That may be the reason!?
> It cannot connect and everything following is just bad error handling?
>
> > remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
> >        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
> >        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> >        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> >        at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> >        at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> >        at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> >        at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> >        at
> org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
> >        at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
> >        at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
> >        at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
> >        at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
> >        at
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
> >        at
> org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
> >        at
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
> >        at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
> >        at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> >        at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> >        at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> >        at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> >        at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> >        at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> >        at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> >        at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
> >        at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> >        at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> >        at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >        at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >        at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> >        at java.lang.Thread.run(Thread.java:748)
> > Caused by: java.net.SocketException: Connection reset
> >        at java.net.SocketInputStream.read(SocketInputStream.java:210)
> >        at java.net.SocketInputStream.read(SocketInputStream.java:141)
> >        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> >        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> >        at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
> >        at
> sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
> >        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> >        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> >        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> >        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> >        at com.sun.jndi.ldap.Connection.run(Connection.java:877)
> >        ... 1 more
> >
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user
> [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authentication of 'topsadmin' was successful
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Redirecting to original '/TOPS-WEB/'
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed
> authenticate() test
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request GET /TOPS-WEB/
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp
> --> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> GET /index.jsp --> false
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp -->
> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data
> constraint has no restrictions
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> authenticate()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore
> request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated
> 'topsadmin' with type 'FORM'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Session ID
> changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to
> [811799F279932B4B67D44931980994A7]
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed
> to restored request
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> accessControl()
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission   Checking roles
> GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_INQUIRY
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_ADMIN]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_ADMIN
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_SFO]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_SFO
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_MODELING]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_MODELING
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INQUIRY
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_EDITOR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_EDITOR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JFK]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JFK
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JECEWR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JECEWR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_ORD]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_ORD
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTERNATIONAL]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTERNATIONAL
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_LAX]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_LAX
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_MIA]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_MIA
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed
> accessControl() test
> >
> >
> >
> > The error messages on the screen looks like below:
> >
> > HTTP Status 403 – Forbidden
> >
> > Type Status Report
> >
> > Message Access to the requested resource has been denied
> >
> > Description The server understood the request but refuses to authorize
> it.
> >
> > USPS_restricted
> >
> >
> >
> >
> >
> >
> > Any idea what is that about?   Again the Ream definition is:
> >
> > <Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
> >   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >   connectionName="wasdev2@devsub.dev.dce.usps.gov"
> >   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
> >   authentication="simple"
> >   referrals="ignore"
> >   userSearch="(sAMAccountName={0})"
> >   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >   userSubtree="true"
> >   roleSearch="(member={0})"
> >   roleName="cn"
> >   roleSubtree="true"
> >   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >   adCompat="true"
> > />
> >
> >
> >
> > Thanks
> > Gary
> >
> >
>
> Peter
>
> PS: you should redact sensitive data from your mails. At least change
> passwords now... google is NOT your friend in this case...
>
> > -----Original Message-----
> > From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
> > Sent: Monday, April 15, 2019 3:47 AM
> > To: Tomcat Users List <users@tomcat.apache.org>
> > Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
> >
> > Hello Gary,
> >
> > I would recommend you to add some debug to your JNDIReam [1]. For
> debugging your ldap search filters ldapsearch can be your friend [2] :)
> >
> > Hope it helps,
> >
> > Luis
> >
> > [1]
> >
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> > [2]
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
> >
> >
> >
> >
> >
> >
> >
> > El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO -
> Contractor
> > (<Gang.Hua@usps.gov.invalid>) escribió:
> >
> >> All:
> >>
> >>
> >>
> >>     Sorry on my previous email I have some graphic contents that can not
> >> be displayed.   Now I change it to texts so you can see them
> >>
> >>
> >>
> >> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> >> mailto:Gang.Hua@usps.gov.INVALID <Gang.Hua@usps.gov.INVALID>]
> >> *Sent:* Thursday, April 11, 2019 4:29 PM
> >> *To:* users@tomcat.apache.org
> >> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
> >>
> >>
> >>
> >> Tomcat Experts:
> >>
> >>
> >>
> >>                The Tomcat server works fine in my local computer with
> >> application “TOPS“ in Eclipse.  I deployed the TOPS application to our
> >> DEV web server eagnmnmed1f45 under webapps.
> >>
> >>
> >>
> >>                After I started the Tomcat  server (9.0.13) in DEV
> >> server and entered the TOPS home page URL
> >> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> >> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in
> the
> >> browser,       it was re-directed to
> >> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:
> >>
> >>
> >>
> >>
> >>
> >> *The website cannot display the page*
> >>
> >>  HTTP 500
> >>
> >>
> >>
> >> *Most likely causes:*
> >>
> >>   - The website is under maintenance.
> >>   - The website has a programming error.
> >>
> >>
> >>
> >> *What you can try:*
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Refresh the page.Refresh the page.
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Go back to the previous page.Go back to the previous page.
> >>
> >>
> >>
> >> [image: More information]
> >>
> >> More information
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> >> catalina.out
> >>
> >> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> >> configuration [LegDistanceImpl]; using defaults.
> >>
> >> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> >> binding factory to JNDI, no JNDI name configured
> >>
> >> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
> >> Response buffering is enabled
> >>
> >> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded
> >> for module ''.
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> >> file from '/WEB-INF/validator-rules.xml'
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> >> file from '/WEB-INF/validation.xml'
> >>
> >> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for
> >> module ''. The factory found is from module ''. No new creation.
> >>
> >> 05-Apr-2019 11:18:01.913 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["http-nio-9080"]
> >>
> >> 05-Apr-2019 11:18:01.928 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["https-jsse-nio-9443"]
> >>
> >> 05-Apr-2019 11:18:01.932 INFO [main]
> >> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
> >>
> >> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  -
> >> Tiles definition factory found for request processor ''.
> >>
> >> Error connecting to LDAP server.
> >>
> >> java.lang.NullPointerException
> >>
> >>        at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> >> n.java:120)
> >>
> >>        at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> >> n.java:61)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> >> (AbstractDispatchAction.java:136)
> >>
> >>        at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> >> ctDispatchAction.java:84)
> >>
> >>        at
> >> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> >> (AbstractTOPSDispatchAction.java:258)
> >>
> >>        at
> >> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> >> Processor.java:419)
> >>
> >>        at
> >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> >> a:224)
> >>
> >>        at
> >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> >> )
> >>
> >>        at
> >> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
> >>
> >>        at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> >>
> >>        at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:170)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:225)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> >> Filter.java:125)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> >> )
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> >> lve.java:199)
> >>
> >>        at
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> >> lve.java:96)
> >>
> >>        at
> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> >> orBase.java:607)
> >>
> >>        at
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> >> va:139)
> >>
> >>        at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> >> va:92)
> >>
> >>        at
> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> >> sLogValve.java:668)
> >>
> >>        at
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> >> e.java:74)
> >>
> >>        at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> >> :343)
> >>
> >>        at
> >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> >> 408)
> >>
> >>        at
> >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> >> t.java:66)
> >>
> >>        at
> >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> >> rotocol.java:791)
> >>
> >>        at
> >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> >> nt.java:1417)
> >>
> >>        at
> >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> >> .java:49)
> >>
> >>        at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> >> ava:1149)
> >>
> >>        at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> >> java:624)
> >>
> >>        at
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> >> ead.java:61)
> >>
> >>        at java.lang.Thread.run(Thread.java:748)
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>         If I only entered  “http://eagnmnmed1f45:9080/TOPS-WEB/”,
> >> the login screen showed up.
> >>
> >>        After I entered   topsadmin/@88Topstopstops as id/pd and clicked
> >> Login button on the login screen,    I got the following error:
> >>
> >>
> >>
> >>
> >>
> >> *Error*
> >>
> >> Error Message: You've entered an invalid Logon ID or Password. Please
> >> check that your Logon ID and Password are correct and try again.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> I know the  topsadmin/@88Topstopstops is the correct id/pd.
> >>
> >>
> >>
> >> Any idea what happens here?     Any input is appreciated.   Following is
> >> the contents of server.xml and LDAP_realm.xml
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
> >>
> >> <?xml version='1.0' encoding='utf-8'?>
> >>
> >> <!DOCTYPE server-xml [
> >>
> >>  <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
> >>
> >> ]>
> >>
> >> <!--
> >>
> >>  Licensed to the Apache Software Foundation (ASF) under one or more
> >>
> >>  contributor license agreements.  See the NOTICE file distributed
> >> with
> >>
> >>  this work for additional information regarding copyright ownership.
> >>
> >>  The ASF licenses this file to You under the Apache License, Version
> >> 2.0
> >>
> >>  (the "License"); you may not use this file except in compliance with
> >>
> >>  the License.  You may obtain a copy of the License at
> >>
> >>
> >>
> >>      http://www.apache.org/licenses/LICENSE-2.0
> >>
> >>
> >>
> >>  Unless required by applicable law or agreed to in writing, software
> >>
> >>  distributed under the License is distributed on an "AS IS" BASIS,
> >>
> >>  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>
> >>  See the License for the specific language governing permissions and
> >>
> >>  limitations under the License.
> >>
> >> -->
> >>
> >> <!-- Note:  A "Server" is not itself a "Container", so you may not
> >>
> >>     define subcomponents such as "Valves" at this level.
> >>
> >>     Documentation at /docs/config/server.html
> >>
> >> -->
> >>
> >> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
> >>
> >>  <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> >> />
> >>
> >>
> >>
> >>  <!-- Security listener. Documentation at /docs/config/listeners.html
> >> -->
> >>
> >>  <Listener className="org.apache.catalina.security.SecurityListener"
> >> checkedOsUsers="root" minimumUmask="0007"/>
> >>
> >>
> >>
> >>  <!--APR library loader. Documentation at /docs/apr.html -->
> >>
> >>  <Listener className="org.apache.catalina.core.AprLifecycleListener"
> >> SSLEngine="on" />
> >>
> >>  <!-- Prevent memory leaks due to use of particular java/javax
> >> APIs-->
> >>
> >>  <Listener
> >> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> >> />
> >>
> >>  <Listener
> >> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> >> " />
> >>
> >>  <Listener
> >> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> >> />
> >>
> >>
> >>
> >>  <!-- Global JNDI resources Documentation at
> >> /docs/jndi-resources-howto.html -->
> >>
> >>  <GlobalNamingResources>
> >>
> >>    <!-- Editable user database that can also be used by
> >> UserDatabaseRealm to authenticate users -->
> >>
> >>    <!--  *** Not needed, because we use JNDI Realm ***     -->
> >>
> >> <!--    <Resource name="UserDatabase" auth="Container"
> >>
> >>              type="org.apache.catalina.UserDatabase"
> >>
> >>              description="User database that can be updated and saved"
> >>
> >>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >>
> >>              pathname="tomcat-users.xml" />
> >>
> >> -->
> >>
> >>  </GlobalNamingResources>
> >>
> >>
> >>
> >> <!-- A "Service" is a collection of one or more "Connectors" that
> >> share
> >>
> >>       a single "Container" Note:  A "Service" is not itself a
> >> "Container",
> >>
> >>       so you may not define subcomponents such as "Valves" at this
> level.
> >>
> >>       Documentation at /docs/config/service.html
> >>
> >>   -->
> >>
> >>  <Service name="Catalina">
> >>
> >>
> >>
> >>    <!--The connectors can use a shared executor, you can define one
> >> or more named thread pools-->
> >>
> >>    <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> >> maxThreads="150" minSpareThreads="4"/>   -->
> >>
> >>
> >>
> >>    <!-- A "Connector" represents an endpoint by which requests are
> >> received
> >>
> >>         and responses are returned. Documentation at :
> >>
> >>        Java HTTP Connector: /docs/config/http.html (blocking &
> >> non-blocking)
> >>
> >>         Java AJP  Connector: /docs/config/ajp.html
> >>
> >>         APR (HTTP/AJP) Connector: /docs/apr.html
> >>
> >>         Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
> >>
> >>    -->
> >>
> >>    <Connector port="9080"
> >>
> >>               protocol="HTTP/1.1"
> >>
> >>               connectionTimeout="20000"
> >>
> >>               redirectPort="9443"
> >>
> >>               maxHttpHeaderSize="8192"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               enableLookups="false" />
> >>
> >>    <!-- A "Connector" using the shared thread pool-->
> >>
> >>    <!--
> >>
> >>    <Connector executor="tomcatThreadPool"
> >>
> >>               port="9080" protocol="HTTP/1.1"
> >>
> >>               connectionTimeout="20000"
> >>
> >>               redirectPort="9443"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               server="USPS"
> >>
> >>               enableLookups="false" />
> >>
> >>    -->
> >>
> >>    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
> >>
> >>         This connector uses the NIO implementation that requires the
> >> JSSE
> >>
> >>         style configuration. When using the APR/native
> >> implementation, the
> >>
> >>         OpenSSL style configuration is required as described in the
> >> APR/native
> >>
> >>         documentation -->
> >>
> >> <Connector port="9443"
> >>
> >>               protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>
> >>               connectionTimeout="60000"
> >>
> >>               maxThreads="150"
> >>
> >>               SSLEnabled="true"
> >>
> >>               scheme="https"
> >>
> >>               secure="true"
> >>
> >>               keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
> >>
> >>
>  keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
> >>
> >>               clientAuth="want"
> >>
> >>               ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> >>
> >>                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> >>
> >>                        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_RSA_WITH_AES_256_CBC_SHA256,
> >>
> >>                        TLS_RSA_WITH_AES_256_GCM_SHA384"
> >>
> >>               maxHttpHeaderSize="8192"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               server="USPS"
> >>
> >>               enableLookups="false" />
> >>
> >>
> >>
> >>    <!-- Define an AJP 1.3 Connector on port 8009 -->
> >>
> >>    <!--
> >>
> >>    <Connector port="8009" protocol="AJP/1.3"
> >>
> >>               connectionTimeout="20000"
> >>
> >>               protocol="AJP/1.3"
> >>
> >>               redirectPort="9443"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               enableLookups="false" />
> >>
> >>    -->
> >>
> >>
> >>
> >>    <!-- An Engine represents the entry point (within Catalina) that
> >> processes
> >>
> >>         every request.  The Engine implementation for Tomcat stand
> >> alone
> >>
> >>         analyzes the HTTP headers included with the request, and
> >> passes them
> >>
> >>         on to the appropriate Host (virtual host).
> >>
> >>         Documentation at /docs/config/engine.html -->
> >>
> >>
> >>
> >>    <!-- You should set jvmRoute to support load-balancing via AJP ie :
> >>
> >>    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> >>
> >>    -->
> >>
> >>    <Engine name="Catalina" defaultHost="localhost">
> >>
> >>
> >>
> >>      <!--For clustering, please take a look at documentation at:
> >>
> >>          /docs/cluster-howto.html  (simple how to)
> >>
> >>          /docs/config/cluster.html (reference documentation) -->
> >>
> >>      <!--
> >>
> >>      <Cluster
> >> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> >> -->
> >>
> >>
> >>
> >>      <!-- Use the LockOutRealm to prevent attempts to guess user
> >> passwords
> >>
> >>           via a brute-force attack -->
> >>
> >> <Realm className="org.apache.catalina.realm.LockOutRealm">
> >>
> >>
> >>
> >>        <!-- This Realm uses the UserDatabase configured in the global
> >> JNDI
> >>
> >>             resources under the key "UserDatabase".  Any edits
> >>
> >>             that are performed against this UserDatabase are
> >> immediately
> >>
> >>             available for use by the Realm.  -->
> >>
> >>        <!--
> >>
> >>        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >>
> >>               resourceName="UserDatabase"/>
> >>
> >>        -->
> >>
> >>        &LDAP_realm;
> >>
> >>      </Realm>
> >>
> >>
> >>
> >>      <Host name="localhost"
> >>
> >>            appBase="webapps"
> >>
> >>            unpackWARs="true"
> >>
> >>            deployOnStartup="false"
> >>
> >>            autoDeploy="false">
> >>
> >>
> >>
> >>         <Context path=""
> >>
> >>            docBase="/opt/TomCat/tomcat/webapps/ROOT"
> >>
> >>            debug="0"
> >>
> >>            privileged="true">
> >>
> >>         </Context>
> >>
> >>
> >>
> >>         <Context path="/TOPS-WEB"
> >>
> >>                  docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
> >>
> >>                  debug="0"
> >>
> >>                  privileged="true">
> >>
> >>                  <Resource name="jdbc/TOPSDB"
> >>
> >>                            auth="Container"
> >>
> >>                            type="javax.sql.DataSource"
> >>
> >>                            driverClassName="oracle.jdbc.OracleDriver"
> >>
> >>                            inactiveConnectionTimeout="120"
> >>
> >>                            maxPoolSize="20"
> >>
> >>                            minPoolSize="1"
> >>
> >>                            password="g3td0wn"
> >>
> >>                            url="jdbc:oracle:thin:@
> >> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> >> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
> >>
> >>
> >> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> >> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> >> dtops.usps.gov)))"
> >>
> >>                            username="TOPS_ADMIN"
> >>
> >>                            validateConnectionOnBorrow="true"/>
> >>
> >>         </Context>
> >>
> >>
> >>
> >> <!-- SingleSignOn valve, share authentication between web applications
> >>
> >>              Documentation at: /docs/config/valve.html -->
> >>
> >>         <!--
> >>
> >>         <Valve
> className="org.apache.catalina.authenticator.SingleSignOn"
> >> />
> >>
> >>         -->
> >>
> >>
> >>
> >>         <!-- Access log processes all example.
> >>
> >>              Documentation at: /docs/config/valve.html
> >>
> >>              Note: The pattern used is equivalent to using
> >> pattern="common" -->
> >>
> >>         <Valve className="org.apache.catalina.valves.AccessLogValve"
> >> directory="logs"
> >>
> >>                prefix="localhost_access_log" suffix=".txt"
> >>
> >>                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
> >>
> >>
> >>
> >>      </Host>
> >>
> >>    </Engine>
> >>
> >>  </Service>
> >>
> >> </Server>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
> >>
> >> <Realm className="org.apache.catalina.realm.JNDIRealm"
> >>
> >>   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >>
> >>   connectionName="wasdev2@devsub.dev.dce.usps.gov"
> >>
> >>   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
> >>
> >>   authentication="simple"
> >>
> >>   referrals="ignore"
> >>
> >>   userSearch="(sAMAccountName={0})"
> >>
> >>   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >>   userSubtree="true"
> >>
> >>   roleSearch="(member={0})"
> >>
> >>   roleName="cn"
> >>
> >>   roleSubtree="true"
> >>
> >>   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >>   adCompat="true"
> >>
> >> />
> >>
> >>
> >>
> >>
> >>
> >> Thanks
> >>
> >> Gary
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message