You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Carlton Whitmore <cw...@Advocacyinc.org> on 2010/08/16 20:03:58 UTC
RE: Single Sign-On problems (SSO not the cause)
I just verified that the issue is not with SSO. I tested this by accessing the URL until I got "Page cannot be displayed" then I tried accessing https://myserver.advocacyinc.org:8443 and got the same thing.
We're not doing any redirects from IIS. Could JCifs be tying up the system?
Any ideas?
-----Original Message-----
From: Pid [mailto:pid@pidster.com]
Sent: Monday, August 16, 2010 11:54 AM
To: Tomcat Users List
Subject: Re: Single Sign-On problems
On 16/08/2010 15:16, Carlton Whitmore wrote:
> Andre,
> These are the settings that our vendor suggested adding to the web.xml came with Tomcat. If NtlmHttpFilter isn't recommended are there setup files for Waffle or Jespa that I could use? I'm a newbie to Tomcat.
> BTW - Someone asked what the guest OS was. It's Windows 2008 R2.
>
> Our users get intermittent SSO errors (looks to happen when we have over 20 users online), when they try to drag and drop from Word or Outlook plug-in the vendor developed. This is the error message "Invalid Domain acquired for SSO! Please Login Manually ". We also have issues trying to access the SSO logon page. Instead of the SSO error we get an error that the page cannot be displayed. It's like the app is trying to open the page before the authentication can take place. I did notice that the Max Ports setting is 150 on the server.xml. Is that number of users or total ports open? I have as many as 30-40 users on at a time.
> Here is my full web.xml and server.xml:
Are you supposed to edit the default web.xml or the one in your
application directory?
tomcat/conf/web.xml <- default descriptor
tomcat/webapps/myapp/WEB-INF/web.xml <- myapp specific descriptor
Usually the default web.xml isn't modified, you make changes to the one
in your application.
p
> Web.xml file:
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
> version="2.5">
>
> <!-- ======================== Introduction ============================== -->
> <!-- This document defines default values for *all* web applications -->
> <!-- loaded into this instance of Tomcat. As each application is -->
> <!-- deployed, this file is processed, followed by the -->
> <!-- "/WEB-INF/web.xml" deployment descriptor from your own -->
> <!-- applications. -->
> <!-- -->
> <!-- WARNING: Do not configure application-specific resources here! -->
> <!-- They should go in the "/WEB-INF/web.xml" file in your application. -->
>
>
> <!-- ================== Built In Servlet Definitions ==================== -->
>
>
> <!-- The default servlet for all web applications, that serves static -->
> <!-- resources. It processes all requests that are not mapped to other -->
> <!-- servlets with servlet mappings (defined either here or in your own -->
> <!-- web.xml file. This servlet supports the following initialization -->
> <!-- parameters (default values are in square brackets): -->
> <!-- -->
> <!-- debug Debugging detail level for messages logged -->
> <!-- by this servlet. [0] -->
> <!-- -->
> <!-- fileEncoding Encoding to be used to read static resources -->
> <!-- [platform default] -->
> <!-- -->
> <!-- input Input buffer size (in bytes) when reading -->
> <!-- resources to be served. [2048] -->
> <!-- -->
> <!-- listings Should directory listings be produced if there -->
> <!-- is no welcome file in this directory? [false] -->
> <!-- WARNING: Listings for directories with many -->
> <!-- entries can be slow and may consume -->
> <!-- significant proportions of server resources. -->
> <!-- -->
> <!-- output Output buffer size (in bytes) when writing -->
> <!-- resources to be served. [2048] -->
> <!-- -->
> <!-- readonly Is this context "read only", so HTTP -->
> <!-- commands like PUT and DELETE are -->
> <!-- rejected? [true] -->
> <!-- -->
> <!-- readmeFile File name to display with the directory -->
> <!-- contents. [null] -->
> <!-- -->
> <!-- sendfileSize If the connector used supports sendfile, this -->
> <!-- represents the minimal file size in KB for -->
> <!-- which sendfile will be used. Use a negative -->
> <!-- value to always disable sendfile. [48] -->
> <!-- -->
> <!-- For directory listing customization. Checks localXsltFile, then -->
> <!-- globalXsltFile, then defaults to original behavior. -->
> <!-- -->
> <!-- localXsltFile Make directory listings an XML doc and -->
> <!-- pass the result to this style sheet residing -->
> <!-- in that directory. This overrides -->
> <!-- globalXsltFile[null] -->
> <!-- -->
> <!-- globalXsltFile Site wide configuration version of -->
> <!-- localXsltFile This argument is expected -->
> <!-- to be a physical file. [null] -->
> <!-- -->
> <!-- -->
>
> <servlet>
> <servlet-name>default</servlet-name>
> <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>listings</param-name>
> <param-value>false</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
>
> <!-- The "invoker" servlet, which executes anonymous servlet classes -->
> <!-- that have not been defined in a web.xml file. Traditionally, this -->
> <!-- servlet is mapped to the URL pattern "/servlet/*", but you can map -->
> <!-- it to other patterns as well. The extra path info portion of such a -->
> <!-- request must be the fully qualified class name of a Java class that -->
> <!-- implements Servlet (or extends HttpServlet), or the servlet name -->
> <!-- of an existing servlet definition. This servlet supports the -->
> <!-- following initialization parameters (default values are in square -->
> <!-- brackets): -->
> <!-- -->
> <!-- debug Debugging detail level for messages logged -->
> <!-- by this servlet. [0] -->
>
> <!--
> <servlet>
> <servlet-name>invoker</servlet-name>
> <servlet-class>
> org.apache.catalina.servlets.InvokerServlet
> </servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <load-on-startup>2</load-on-startup>
> </servlet>
> -->
>
>
> <!-- The JSP page compiler and execution servlet, which is the mechanism -->
> <!-- used by Tomcat to support JSP pages. Traditionally, this servlet -->
> <!-- is mapped to the URL pattern "*.jsp". This servlet supports the -->
> <!-- following initialization parameters (default values are in square -->
> <!-- brackets): -->
> <!-- -->
> <!-- checkInterval If development is false and checkInterval is -->
> <!-- greater than zero, background compilations are -->
> <!-- enabled. checkInterval is the time in seconds -->
> <!-- between checks to see if a JSP page needs to -->
> <!-- be recompiled. [0] -->
> <!-- -->
> <!-- modificationTestInterval -->
> <!-- Causes a JSP (and its dependent files) to not -->
> <!-- be checked for modification during the -->
> <!-- specified time interval (in seconds) from the -->
> <!-- last time the JSP was checked for -->
> <!-- modification. A value of 0 will cause the JSP -->
> <!-- to be checked on every access. -->
> <!-- Used in development mode only. [4] -->
> <!-- -->
> <!-- compiler Which compiler Ant should use to compile JSP -->
> <!-- pages. See the jasper documentation for more -->
> <!-- information. -->
> <!-- -->
> <!-- classdebuginfo Should the class file be compiled with -->
> <!-- debugging information? [true] -->
> <!-- -->
> <!-- classpath What class path should I use while compiling -->
> <!-- generated servlets? [Created dynamically -->
> <!-- based on the current web application] -->
> <!-- -->
> <!-- development Is Jasper used in development mode? If true, -->
> <!-- the frequency at which JSPs are checked for -->
> <!-- modification may be specified via the -->
> <!-- modificationTestInterval parameter. [true] -->
> <!-- -->
> <!-- enablePooling Determines whether tag handler pooling is -->
> <!-- enabled [true] -->
> <!-- -->
> <!-- fork Tell Ant to fork compiles of JSP pages so that -->
> <!-- a separate JVM is used for JSP page compiles -->
> <!-- from the one Tomcat is running in. [true] -->
> <!-- -->
> <!-- ieClassId The class-id value to be sent to Internet -->
> <!-- Explorer when using <jsp:plugin> tags. -->
> <!-- [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93] -->
> <!-- -->
> <!-- javaEncoding Java file encoding to use for generating java -->
> <!-- source files. [UTF8] -->
> <!-- -->
> <!-- keepgenerated Should we keep the generated Java source code -->
> <!-- for each page instead of deleting it? [true] -->
> <!-- -->
> <!-- mappedfile Should we generate static content with one -->
> <!-- print statement per input line, to ease -->
> <!-- debugging? [true] -->
> <!-- -->
> <!-- trimSpaces Should white spaces in template text between -->
> <!-- actions or directives be trimmed? [false] -->
> <!-- -->
> <!-- suppressSmap Should the generation of SMAP info for JSR45 -->
> <!-- debugging be suppressed? [false] -->
> <!-- -->
> <!-- dumpSmap Should the SMAP info for JSR45 debugging be -->
> <!-- dumped to a file? [false] -->
> <!-- False if suppressSmap is true -->
> <!-- -->
> <!-- genStrAsCharArray Should text strings be generated as char -->
> <!-- arrays, to improve performance in some cases? -->
> <!-- [false] -->
> <!-- -->
> <!-- errorOnUseBeanInvalidClassAttribute -->
> <!-- Should Jasper issue an error when the value of -->
> <!-- the class attribute in an useBean action is -->
> <!-- not a valid bean class? [true] -->
> <!-- -->
> <!-- scratchdir What scratch directory should we use when -->
> <!-- compiling JSP pages? [default work directory -->
> <!-- for the current web application] -->
> <!-- -->
> <!-- xpoweredBy Determines whether X-Powered-By response -->
> <!-- header is added by generated servlet [false] -->
> <!-- -->
> <!-- compilerTargetVM Compiler target VM -->
> <!-- default is System.properties -->
> <!-- java.specification.version > 1.4 -->
> <!-- [1.5] else [1.4] -->
> <!-- -->
> <!-- compilerSourceVM Compiler source VM -->
> <!-- default is System.properties -->
> <!-- java.specification.version > 1.4 -->
> <!-- [1.5] else [1.4] -->
> <!-- -->
> <!-- If you wish to use Jikes to compile JSP pages: -->
> <!-- Please see the "Using Jikes" section of the Jasper-HowTo -->
> <!-- page in the Tomcat documentation. -->
>
> <servlet>
> <servlet-name>jsp</servlet-name>
> <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
> <init-param>
> <param-name>fork</param-name>
> <param-value>false</param-value>
> </init-param>
> <init-param>
> <param-name>xpoweredBy</param-name>
> <param-value>false</param-value>
> </init-param>
> <load-on-startup>3</load-on-startup>
> </servlet>
>
>
> <!-- NOTE: An SSI Filter is also available as an alternative SSI -->
> <!-- implementation. Use either the Servlet or the Filter but NOT both. -->
> <!-- -->
> <!-- Server Side Includes processing servlet, which processes SSI -->
> <!-- directives in HTML pages consistent with similar support in web -->
> <!-- servers like Apache. Traditionally, this servlet is mapped to the -->
> <!-- URL pattern "*.shtml". This servlet supports the following -->
> <!-- initialization parameters (default values are in square brackets): -->
> <!-- -->
> <!-- buffered Should output from this servlet be buffered? -->
> <!-- (0=false, 1=true) [0] -->
> <!-- -->
> <!-- debug Debugging detail level for messages logged -->
> <!-- by this servlet. [0] -->
> <!-- -->
> <!-- expires The number of seconds before a page with SSI -->
> <!-- directives will expire. [No default] -->
> <!-- -->
> <!-- isVirtualWebappRelative -->
> <!-- Should "virtual" paths be interpreted as -->
> <!-- relative to the context root, instead of -->
> <!-- the server root? (0=false, 1=true) [0] -->
> <!-- -->
> <!-- inputEncoding The encoding to assume for SSI resources if -->
> <!-- one is not available from the resource. -->
> <!-- [Platform default] -->
> <!-- -->
> <!-- outputEncoding The encoding to use for the page that results -->
> <!-- from the SSI processing. [UTF-8] -->
> <!-- -->
> <!-- -->
> <!-- IMPORTANT: To use the SSI servlet, you also need to rename the -->
> <!-- $CATALINA_HOME/server/lib/servlets-ssi.renametojar file -->
> <!-- to $CATALINA_HOME/server/lib/servlets-ssi.jar -->
>
> <!--
> <servlet>
> <servlet-name>ssi</servlet-name>
> <servlet-class>
> org.apache.catalina.ssi.SSIServlet
> </servlet-class>
> <init-param>
> <param-name>buffered</param-name>
> <param-value>1</param-value>
> </init-param>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>expires</param-name>
> <param-value>666</param-value>
> </init-param>
> <init-param>
> <param-name>isVirtualWebappRelative</param-name>
> <param-value>0</param-value>
> </init-param>
> <load-on-startup>4</load-on-startup>
> </servlet>
> -->
>
>
> <!-- Common Gateway Includes (CGI) processing servlet, which supports -->
> <!-- execution of external applications that conform to the CGI spec -->
> <!-- requirements. Typically, this servlet is mapped to the URL pattern -->
> <!-- "/cgi-bin/*", which means that any CGI applications that are -->
> <!-- executed must be present within the web application. This servlet -->
> <!-- supports the following initialization parameters (default values -->
> <!-- are in square brackets): -->
> <!-- -->
> <!-- cgiPathPrefix The CGI search path will start at -->
> <!-- webAppRootDir + File.separator + this prefix. -->
> <!-- [WEB-INF/cgi] -->
> <!-- -->
> <!-- debug Debugging detail level for messages logged -->
> <!-- by this servlet. [0] -->
> <!-- -->
> <!-- executable Name of the exectuable used to run the -->
> <!-- script. [perl] -->
> <!-- -->
> <!-- parameterEncoding Name of parameter encoding to be used with -->
> <!-- CGI servlet. -->
> <!-- [System.getProperty("file.encoding","UTF-8")] -->
> <!-- -->
> <!-- passShellEnvironment Should the shell environment variables (if -->
> <!-- any) be passed to the CGI script? [false] -->
> <!-- -->
> <!-- IMPORTANT: To use the CGI servlet, you also need to rename the -->
> <!-- $CATALINA_HOME/server/lib/servlets-cgi.renametojar file -->
> <!-- to $CATALINA_HOME/server/lib/servlets-cgi.jar -->
>
> <!--
> <servlet>
> <servlet-name>cgi</servlet-name>
> <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>cgiPathPrefix</param-name>
> <param-value>WEB-INF/cgi</param-value>
> </init-param>
> <load-on-startup>5</load-on-startup>
> </servlet>
> -->
>
>
> <!-- ================ Built In Servlet Mappings ========================= -->
>
>
> <!-- The servlet mappings for the built in servlets defined above. Note -->
> <!-- that, by default, the CGI and SSI servlets are *not* mapped. You -->
> <!-- must uncomment these mappings (or add them to your application's own -->
> <!-- web.xml deployment descriptor) to enable these services -->
>
> <!-- The mapping for the default servlet -->
> <servlet-mapping>
> <servlet-name>default</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
>
> <!-- The mapping for the invoker servlet -->
> <!--
> <servlet-mapping>
> <servlet-name>invoker</servlet-name>
> <url-pattern>/servlet/*</url-pattern>
> </servlet-mapping>
> -->
>
> <!-- The mapping for the JSP servlet -->
> <servlet-mapping>
> <servlet-name>jsp</servlet-name>
> <url-pattern>*.jsp</url-pattern>
> </servlet-mapping>
>
> <servlet-mapping>
> <servlet-name>jsp</servlet-name>
> <url-pattern>*.jspx</url-pattern>
> </servlet-mapping>
>
> <!-- The mapping for the SSI servlet -->
> <!--
> <servlet-mapping>
> <servlet-name>ssi</servlet-name>
> <url-pattern>*.shtml</url-pattern>
> </servlet-mapping>
> -->
>
> <!-- The mapping for the CGI Gateway servlet -->
>
> <!--
> <servlet-mapping>
> <servlet-name>cgi</servlet-name>
> <url-pattern>/cgi-bin/*</url-pattern>
> </servlet-mapping>
> -->
>
>
> <!-- ================== Built In Filter Definitions ===================== -->
>
> <!-- NOTE: An SSI Servlet is also available as an alternative SSI -->
> <!-- implementation. Use either the Servlet or the Filter but NOT both. -->
> <!-- -->
> <!-- Server Side Includes processing filter, which processes SSI -->
> <!-- directives in HTML pages consistent with similar support in web -->
> <!-- servers like Apache. Traditionally, this filter is mapped to the -->
> <!-- URL pattern "*.shtml", though it can be mapped to "*" as it will -->
> <!-- selectively enable/disable SSI processing based on mime types. For -->
> <!-- this to work you will need to uncomment the .shtml mime type -->
> <!-- definition towards the bottom of this file. -->
> <!-- The contentType init param allows you to apply SSI processing to JSP -->
> <!-- pages, javascript, or any other content you wish. This filter -->
> <!-- supports the following initialization parameters (default values are -->
> <!-- in square brackets): -->
> <!-- -->
> <!-- contentType A regex pattern that must be matched before -->
> <!-- SSI processing is applied. -->
> <!-- [text/x-server-parsed-html(;.*)?] -->
> <!-- -->
> <!-- debug Debugging detail level for messages logged -->
> <!-- by this servlet. [0] -->
> <!-- -->
> <!-- expires The number of seconds before a page with SSI -->
> <!-- directives will expire. [No default] -->
> <!-- -->
> <!-- isVirtualWebappRelative -->
> <!-- Should "virtual" paths be interpreted as -->
> <!-- relative to the context root, instead of -->
> <!-- the server root? (0=false, 1=true) [0] -->
> <!-- -->
> <!-- -->
> <!-- IMPORTANT: To use the SSI filter, you also need to rename the -->
> <!-- $CATALINA_HOME/server/lib/servlets-ssi.renametojar file -->
> <!-- to $CATALINA_HOME/server/lib/servlets-ssi.jar -->
>
> <!--
> <filter>
> <filter-name>ssi</filter-name>
> <filter-class>
> org.apache.catalina.ssi.SSIFilter
> </filter-class>
> <init-param>
> <param-name>contentType</param-name>
> <param-value>text/x-server-parsed-html(;.*)?</param-value>
> </init-param>
> <init-param>
> <param-name>debug</param-name>
> <param-value>0</param-value>
> </init-param>
> <init-param>
> <param-name>expires</param-name>
> <param-value>666</param-value>
> </init-param>
> <init-param>
> <param-name>isVirtualWebappRelative</param-name>
> <param-value>0</param-value>
> </init-param>
> </filter>
> -->
>
>
> <!-- ==================== Built In Filter Mappings ====================== -->
>
> <!-- The mapping for the SSI Filter -->
> <!--
> <filter-mapping>
> <filter-name>ssi</filter-name>
> <url-pattern>*.shtml</url-pattern>
> </filter-mapping>
> -->
>
>
> <!-- ==================== Default Session Configuration ================= -->
> <!-- You can set the default session timeout (in minutes) for all newly -->
> <!-- created sessions by modifying the value below. -->
>
> <session-config>
> <session-timeout>30</session-timeout>
> </session-config>
>
>
> <!-- ===================== Default MIME Type Mappings =================== -->
> <!-- When serving static resources, Tomcat will automatically generate -->
> <!-- a "Content-Type" header based on the resource's filename extension, -->
> <!-- based on these mappings. Additional mappings can be added here (to -->
> <!-- apply to all web applications), or in your own application's web.xml -->
> <!-- deployment descriptor. -->
>
> <mime-mapping>
> <extension>abs</extension>
> <mime-type>audio/x-mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ai</extension>
> <mime-type>application/postscript</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>aif</extension>
> <mime-type>audio/x-aiff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>aifc</extension>
> <mime-type>audio/x-aiff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>aiff</extension>
> <mime-type>audio/x-aiff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>aim</extension>
> <mime-type>application/x-aim</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>art</extension>
> <mime-type>image/x-jg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>asf</extension>
> <mime-type>video/x-ms-asf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>asx</extension>
> <mime-type>video/x-ms-asf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>au</extension>
> <mime-type>audio/basic</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>avi</extension>
> <mime-type>video/x-msvideo</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>avx</extension>
> <mime-type>video/x-rad-screenplay</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>bcpio</extension>
> <mime-type>application/x-bcpio</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>bin</extension>
> <mime-type>application/octet-stream</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>bmp</extension>
> <mime-type>image/bmp</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>body</extension>
> <mime-type>text/html</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>cdf</extension>
> <mime-type>application/x-cdf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>cer</extension>
> <mime-type>application/x-x509-ca-cert</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>class</extension>
> <mime-type>application/java</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>cpio</extension>
> <mime-type>application/x-cpio</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>csh</extension>
> <mime-type>application/x-csh</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>css</extension>
> <mime-type>text/css</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>dib</extension>
> <mime-type>image/bmp</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>doc</extension>
> <mime-type>application/msword</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>dtd</extension>
> <mime-type>application/xml-dtd</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>dv</extension>
> <mime-type>video/x-dv</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>dvi</extension>
> <mime-type>application/x-dvi</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>eps</extension>
> <mime-type>application/postscript</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>etx</extension>
> <mime-type>text/x-setext</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>exe</extension>
> <mime-type>application/octet-stream</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>gif</extension>
> <mime-type>image/gif</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>gtar</extension>
> <mime-type>application/x-gtar</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>gz</extension>
> <mime-type>application/x-gzip</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>hdf</extension>
> <mime-type>application/x-hdf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>hqx</extension>
> <mime-type>application/mac-binhex40</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>htc</extension>
> <mime-type>text/x-component</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>htm</extension>
> <mime-type>text/html</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>html</extension>
> <mime-type>text/html</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>hqx</extension>
> <mime-type>application/mac-binhex40</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ief</extension>
> <mime-type>image/ief</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jad</extension>
> <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jar</extension>
> <mime-type>application/java-archive</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>java</extension>
> <mime-type>text/plain</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jnlp</extension>
> <mime-type>application/x-java-jnlp-file</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jpe</extension>
> <mime-type>image/jpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jpeg</extension>
> <mime-type>image/jpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jpg</extension>
> <mime-type>image/jpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>js</extension>
> <mime-type>text/javascript</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jsf</extension>
> <mime-type>text/plain</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>jspf</extension>
> <mime-type>text/plain</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>kar</extension>
> <mime-type>audio/x-midi</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>latex</extension>
> <mime-type>application/x-latex</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>m3u</extension>
> <mime-type>audio/x-mpegurl</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mac</extension>
> <mime-type>image/x-macpaint</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>man</extension>
> <mime-type>application/x-troff-man</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mathml</extension>
> <mime-type>application/mathml+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>me</extension>
> <mime-type>application/x-troff-me</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mid</extension>
> <mime-type>audio/x-midi</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>midi</extension>
> <mime-type>audio/x-midi</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mif</extension>
> <mime-type>application/x-mif</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mov</extension>
> <mime-type>video/quicktime</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>movie</extension>
> <mime-type>video/x-sgi-movie</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mp1</extension>
> <mime-type>audio/x-mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mp2</extension>
> <mime-type>audio/x-mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mp3</extension>
> <mime-type>audio/x-mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mp4</extension>
> <mime-type>video/mp4</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mpa</extension>
> <mime-type>audio/x-mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mpe</extension>
> <mime-type>video/mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mpeg</extension>
> <mime-type>video/mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mpega</extension>
> <mime-type>audio/x-mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mpg</extension>
> <mime-type>video/mpeg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>mpv2</extension>
> <mime-type>video/mpeg2</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ms</extension>
> <mime-type>application/x-wais-source</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>nc</extension>
> <mime-type>application/x-netcdf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>oda</extension>
> <mime-type>application/oda</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Database -->
> <extension>odb</extension>
> <mime-type>application/vnd.oasis.opendocument.database</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Chart -->
> <extension>odc</extension>
> <mime-type>application/vnd.oasis.opendocument.chart</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Formula -->
> <extension>odf</extension>
> <mime-type>application/vnd.oasis.opendocument.formula</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Drawing -->
> <extension>odg</extension>
> <mime-type>application/vnd.oasis.opendocument.graphics</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Image -->
> <extension>odi</extension>
> <mime-type>application/vnd.oasis.opendocument.image</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Master Document -->
> <extension>odm</extension>
> <mime-type>application/vnd.oasis.opendocument.text-master</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Presentation -->
> <extension>odp</extension>
> <mime-type>application/vnd.oasis.opendocument.presentation</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Spreadsheet -->
> <extension>ods</extension>
> <mime-type>application/vnd.oasis.opendocument.spreadsheet</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Text -->
> <extension>odt</extension>
> <mime-type>application/vnd.oasis.opendocument.text</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ogg</extension>
> <mime-type>application/ogg</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Drawing Template -->
> <extension>otg </extension>
> <mime-type>application/vnd.oasis.opendocument.graphics-template</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- HTML Document Template -->
> <extension>oth</extension>
> <mime-type>application/vnd.oasis.opendocument.text-web</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Presentation Template -->
> <extension>otp</extension>
> <mime-type>application/vnd.oasis.opendocument.presentation-template</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Spreadsheet Template -->
> <extension>ots</extension>
> <mime-type>application/vnd.oasis.opendocument.spreadsheet-template </mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- OpenDocument Text Template -->
> <extension>ott</extension>
> <mime-type>application/vnd.oasis.opendocument.text-template</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pbm</extension>
> <mime-type>image/x-portable-bitmap</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pct</extension>
> <mime-type>image/pict</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pdf</extension>
> <mime-type>application/pdf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pgm</extension>
> <mime-type>image/x-portable-graymap</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pic</extension>
> <mime-type>image/pict</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pict</extension>
> <mime-type>image/pict</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pls</extension>
> <mime-type>audio/x-scpls</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>png</extension>
> <mime-type>image/png</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pnm</extension>
> <mime-type>image/x-portable-anymap</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>pnt</extension>
> <mime-type>image/x-macpaint</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ppm</extension>
> <mime-type>image/x-portable-pixmap</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ppt</extension>
> <mime-type>application/powerpoint</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ps</extension>
> <mime-type>application/postscript</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>psd</extension>
> <mime-type>image/x-photoshop</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>qt</extension>
> <mime-type>video/quicktime</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>qti</extension>
> <mime-type>image/x-quicktime</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>qtif</extension>
> <mime-type>image/x-quicktime</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ras</extension>
> <mime-type>image/x-cmu-raster</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>rdf</extension>
> <mime-type>application/rdf+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>rgb</extension>
> <mime-type>image/x-rgb</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>rm</extension>
> <mime-type>application/vnd.rn-realmedia</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>roff</extension>
> <mime-type>application/x-troff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>rtf</extension>
> <mime-type>application/rtf</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>rtx</extension>
> <mime-type>text/richtext</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>sh</extension>
> <mime-type>application/x-sh</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>shar</extension>
> <mime-type>application/x-shar</mime-type>
> </mime-mapping>
> <!--
> <mime-mapping>
> <extension>shtml</extension>
> <mime-type>text/x-server-parsed-html</mime-type>
> </mime-mapping>
> -->
> <mime-mapping>
> <extension>smf</extension>
> <mime-type>audio/x-midi</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>sit</extension>
> <mime-type>application/x-stuffit</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>snd</extension>
> <mime-type>audio/basic</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>src</extension>
> <mime-type>application/x-wais-source</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>sv4cpio</extension>
> <mime-type>application/x-sv4cpio</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>sv4crc</extension>
> <mime-type>application/x-sv4crc</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>swf</extension>
> <mime-type>application/x-shockwave-flash</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>t</extension>
> <mime-type>application/x-troff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tar</extension>
> <mime-type>application/x-tar</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tcl</extension>
> <mime-type>application/x-tcl</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tex</extension>
> <mime-type>application/x-tex</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>texi</extension>
> <mime-type>application/x-texinfo</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>texinfo</extension>
> <mime-type>application/x-texinfo</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tif</extension>
> <mime-type>image/tiff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tiff</extension>
> <mime-type>image/tiff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tr</extension>
> <mime-type>application/x-troff</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>tsv</extension>
> <mime-type>text/tab-separated-values</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>txt</extension>
> <mime-type>text/plain</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ulw</extension>
> <mime-type>audio/basic</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ustar</extension>
> <mime-type>application/x-ustar</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>vxml</extension>
> <mime-type>application/voicexml+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xbm</extension>
> <mime-type>image/x-xbitmap</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xht</extension>
> <mime-type>application/xhtml+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xhtml</extension>
> <mime-type>application/xhtml+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xml</extension>
> <mime-type>application/xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xpm</extension>
> <mime-type>image/x-xpixmap</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xsl</extension>
> <mime-type>application/xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xslt</extension>
> <mime-type>application/xslt+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xul</extension>
> <mime-type>application/vnd.mozilla.xul+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xwd</extension>
> <mime-type>image/x-xwindowdump</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>wav</extension>
> <mime-type>audio/x-wav</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>svg</extension>
> <mime-type>image/svg+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>svgz</extension>
> <mime-type>image/svg+xml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>vsd</extension>
> <mime-type>application/x-visio</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- Wireless Bitmap -->
> <extension>wbmp</extension>
> <mime-type>image/vnd.wap.wbmp</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- WML Source -->
> <extension>wml</extension>
> <mime-type>text/vnd.wap.wml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- Compiled WML -->
> <extension>wmlc</extension>
> <mime-type>application/vnd.wap.wmlc</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- WML Script Source -->
> <extension>wmls</extension>
> <mime-type>text/vnd.wap.wmlscript</mime-type>
> </mime-mapping>
> <mime-mapping>
> <!-- Compiled WML Script -->
> <extension>wmlscriptc</extension>
> <mime-type>application/vnd.wap.wmlscriptc</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>wmv</extension>
> <mime-type>video/x-ms-wmv</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>wrl</extension>
> <mime-type>x-world/x-vrml</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>Z</extension>
> <mime-type>application/x-compress</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>z</extension>
> <mime-type>application/x-compress</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>zip</extension>
> <mime-type>application/zip</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>xls</extension>
> <mime-type>application/vnd.ms-excel</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>doc</extension>
> <mime-type>application/vnd.ms-word</mime-type>
> </mime-mapping>
> <mime-mapping>
> <extension>ppt</extension>
> <mime-type>application/vnd.ms-powerpoint</mime-type>
> </mime-mapping>
>
> <!-- ==================== Default Welcome File List ===================== -->
> <!-- When a request URI refers to a directory, the default servlet looks -->
> <!-- for a "welcome file" within that directory and, if present, -->
> <!-- to the corresponding resource URI for display. If no welcome file -->
> <!-- is present, the default servlet either serves a directory listing, -->
> <!-- or returns a 404 status, depending on how it is configured. -->
> <!-- -->
> <!-- If you define welcome files in your own application's web.xml -->
> <!-- deployment descriptor, that list *replaces* the list configured -->
> <!-- here, so be sure that you include any of the default values that -->
> <!-- you wish to include. -->
>
> <welcome-file-list>
> <welcome-file>index.html</welcome-file>
> <welcome-file>index.htm</welcome-file>
> <welcome-file>index.jsp</welcome-file>
> </welcome-file-list>
>
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name>jcifs.http.domainController</param-name>
> <param-value>192.168.100.6</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.domain</param-name>
> <param-value>advocacyinc</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.username</param-name>
> <param-value>SQL_LegalFiles</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.password</param-name>
> <param-value>>*******</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.lmCompatibility</param-name>
> <param-value>3</param-value>
> </init-param>
>
> <!-- ** needs reviewed to avoid domain Preauth check
> init-param>
> <param-name>jcifs.smb.client.ssnLimit</param-name>
> <param-value>1</param-value>
> </init-param>
> -->
> </filter>
>
> <filter-mapping>
> <filter-name>NtlmHttpFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> </web-app>
>
>
>
>
>
>
>
> Server.xml file:
>
>
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
>
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
> <Listener className="org.apache.catalina.core.JasperListener" />
> <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>
> <!-- Global JNDI resources
> Documentation at /docs/jndi-resources-howto.html
> -->
> <GlobalNamingResources>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users
> -->
> <Resource name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase"
> description="User database that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
> </GlobalNamingResources>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL HTTP/1.1 Connector on port 8080
> -->
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> <!-- A "Connector" using the shared thread pool-->
> <!--
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
> -->
> <!-- Define a SSL HTTP/1.1 Connector on port 8443
> This connector uses the JSSE configuration, when using APR, the
> connector should be using the OpenSSL style configuration
> described in the APR documentation -->
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> keystoreFile="c:\certs\advocacyinc.key" keystorePass="*******"
> clientAuth="false" sslProtocol="TLS" />
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> <!-- An Engine represents the entry point (within Catalina) that processes
> every request. The Engine implementation for Tomcat stand alone
> analyzes the HTTP headers included with the request, and passes them
> on to the appropriate Host (virtual host).
> Documentation at /docs/config/engine.html -->
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
> -->
> <Engine name="Catalina" defaultHost="localhost">
>
> <!--For clustering, please take a look at documentation at:
> /docs/cluster-howto.html (simple how to)
> /docs/config/cluster.html (reference documentation) -->
> <!--
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
> <!-- The request dumper valve dumps useful debugging information about
> the request and response data received and sent by Tomcat.
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
> -->
>
> <!-- This Realm uses the UserDatabase configured in the global JNDI
> resources under the key "UserDatabase". Any edits
> that are performed against this UserDatabase are immediately
> available for use by the Realm. -->
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
>
> <!-- Define the default virtual host
> Note: XML Schema validation will not work with Xerces 2.2.
> -->
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
>
> <!-- SingleSignOn valve, share authentication between web applications
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
> -->
>
> <!-- Access log processes all example.
> Documentation at: /docs/config/valve.html -->
> <!--
> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
> prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
> -->
>
> </Host>
> </Engine>
> </Service>
> </Server>
>
>
> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com]
> Sent: Monday, August 16, 2010 2:43 AM
> To: Tomcat Users List
> Subject: Re: Single Sign-On problems
>
> Carlton Whitmore wrote:
>> Andre,
>> The only reason I think it's Tomcat because when we change the Tomcat version it seems to affect the speed of the application (Tomcat 7 runs very slow, but no SSO errors; Tomcat 6 runs fast, but SSO errors). We're using Active Directory to authenticate. I guess it could be SSL as well. I've change the domain controller, but that didn't affect the issue. Here is the code we changed in the conf\web.xml file:
>>
>> <welcome-file-list>
>> <welcome-file>index.html</welcome-file>
>> <welcome-file>index.htm</welcome-file>
>> <welcome-file>index.jsp</welcome-file>
>> </welcome-file-list>
>>
>> <filter>
>> <filter-name>NtlmHttpFilter</filter-name>
>> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>> <init-param>
>> <param-name>jcifs.http.domainController</param-name>
>> <param-value>192.168.100.6</param-value>
>> </init-param>
>> <init-param>
>> <param-name>jcifs.smb.client.domain</param-name>
>> <param-value>advocacyinc</param-value>
>> </init-param>
>> <init-param>
>> <param-name>jcifs.smb.client.username</param-name>
>> <param-value>SQL_LegalFiles</param-value>
>> </init-param>
>> <init-param>
>> <param-name>jcifs.smb.client.password</param-name>
>> <param-value>>password</param-value>
>> </init-param>
>> <init-param>
>> <param-name>jcifs.smb.lmCompatibility</param-name>
>> <param-value>3</param-value>
>> </init-param>
>> <!-- ** needs reviewed to avoid domain Preauth check
>> init-param>
>> <param-name>jcifs.smb.client.ssnLimit</param-name>
>> <param-value>1</param-value>
>> </init-param>
>> -->
>> </filter>
>> <filter-mapping>
>> <filter-name>NtlmHttpFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>>
>
> 1) you do know that this NtlmHttpFilter is no longer developed or supported, and that it
> will never support NTLM v2 (as is standard with Windows Vista, 7 and later), right ?
> You should be thinking about switching to Jespa or Waffle.
>
> 2) anyway, the jCIFS filter can do quite extensive logs of what it does (see
> jcifs.util.loglevel). You could try using that and check what it is telling you about the
> failures.
>
> 3) when you mention "SSO failures", what do you mean exactly ? the browser popping up a
> builtin authentication dialog ? or something else ?
> And is the above your standard operational configuration, or a simplified one you are just
> using for this test ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Single Sign-On problems (SSO not the cause)
Posted by André Warnier <aw...@ice-sa.com>.
Carlton Whitmore wrote:
> I just verified that the issue is not with SSO. I tested this by accessing the URL until I got "Page cannot be displayed" then I tried accessing https://myserver.advocacyinc.org:8443 and got the same thing.
>
> We're not doing any redirects from IIS. Could JCifs be tying up the system?
> Any ideas?
>
With respect, I think that you are getting quite a few things mixed up.
There are threee different things altogether :
- User Authentication, here achieved (or not) at the Tomcat level by the jCIFS NtlmHttp
filter.
- SSO, meaning Single-Sign-On, which means that the user needs to authenticate to the
application (or system) only once, and can subsequently call one or more applications
without having to login again.
Here, SSO is achieved indirectly by the jCIFS authentication, but that is only because
this kind of authentication is implicitly carried over to the entire browser/server
connection.
- and then there is SSL, which is implicated when you use the HTTPS protocol (which is
really a HTTP conversation, but carried over an encrypted SSL link). That implies that
the data circulating between the browser and the server (and vice-versa) is encrypted.
But in this case it has nothing to do with Authentication or SSO.
The 3 above things do "exist" in your case, but they do not really have much to do with
one another.
And what you tried above does not "prove" anything.
Considering what you have told us so far, I believe that IIS has nothing to do with the
problem, and neither does SSL/HTTPS.
I believe that your problem is at the jCIFS/NTLM Authentication level, but at this point
this is more a hunch than a certainty.
To your question "Could JCifs be tying up the system?", my answer would be "yes, it could,
very easily".
And the entire thing seems quite off-topic for this Tomcat users list (because the problem
does not seem at this point to be linked to any Tomcat code, but more to the
authentication side, which is code coming from somwhere else).
Unfortunately, I don't really know where to send you, because the jCIFS HTTP filter is no
longer developed nor supported, and has not been for quite a few years.
I believe that the people which you should first contact on this are the vendor of your
application, since after all your setup is their recommendation.
Maybe you should point out to them that they are recommending a solution which is by now
outdated and no longer technically working; and ask them for an alternative recommendation.
Additional info :
Jespa (see www.ioplex.com) is the closest relative to the jCIFS filter. It is also a
servlet filter, which works (from the Tomcat point of view) much like the jCIFS filter.
You can download and test it for free.
But setting it up is not necessarily easy if you do not have some background knowledge of
how NTLM authentication works in the first place.
I not tried Waffle myself. But Melinda who has, seems to have gotten her system to work
with it in .. a short time, after spending many hours trying to do NTLM authentication in
other ways. From what I checked just now at waffle.codeplex.com, they even propose a
servlet filter, which should make it all the easier for you to replace jCIFS.
From what I know (first-hand for Jespa, hearsay for Waffle) both will work will all
versions of NTLM and all kinds of Windows workstations (including XP, Vista and W7).
Otherwise, try what I mentioned before : increase the log level of the jCIFS filter, and
look in its logfile what it has to say about the failed authentications.
But this exercise may turn out to be quite pointless, as you should no longer be using
this filter anyway. Even if you fix your current issue, new ones are bound to appear as
your workstations or servers get updated.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org