You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Venkata Reddy P <Ve...@trianz.com> on 2016/05/18 10:07:59 UTC
BASIC authentication problem in tomcat8.0.33
Hi,
I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken. Could you please help on this what is going wrong?
Step1)-------Realm customization--------
The customized classes are:-
a) CustomizedPrincipal implements Principal
b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource has been forbidden.
Step2) I have removed the files 'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config
Spte3)-----Web.xml basic authentication configuration--------
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>bauth </role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Basic authentication</realm-name>
</login-config>
Thanks in advance.
RE: BASIC authentication problem in tomcat8.0.33
Posted by Venkata Reddy P <Ve...@trianz.com>.
Many thanks Mark for all your valuable help. I have managed it working my customization by extending the class GenericPrinicipal.
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Thursday, May 19, 2016 4:33 PM
To: Tomcat Users List
Subject: Re: BASIC authentication problem in tomcat8.0.33
On 18/05/2016 15:33, Venkata Reddy P wrote:
> Hi,
>
> It looks like below comparison(principal instanceof GenericPrincipal) is failing as I am returning the CustomizedPrincipal which implements the java.security.Principal.
>
> Is it something introduced in tomcat7.x/tomcat8.x?
No.
The source code, including full history, is available in svn if you want to find out how far back this code goes.
Mark
> RealBase.hasRole()
>
> {
>
> // Should be overridden in JAASRealm - to avoid pretty inefficient
> conversions
>
> if ((principal == null) || (role == null) ||
>
> !(principal instanceof GenericPrincipal))
>
> return (false);
>
> }
>
>
>
> Thanks in advance
>
>
>
> -----Original Message-----
> From: Venkata Reddy P [mailto:Venkata.Reddy@trianz.com]
> Sent: Wednesday, May 18, 2016 5:23 PM
> To: Tomcat Users List
> Subject: RE: BASIC authentication problem in tomcat8.0.33
>
>
>
> This was typo in while writing mail. When I debug my customized code until it is returning the principal everything seems to be good from customization point of view.
>
> Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config, will it make any difference?
>
>
>
> Thanks in advance
>
>
>
> -----Original Message-----
>
> From: Mark Thomas [mailto:markt@apache.org]
>
> Sent: Wednesday, May 18, 2016 5:18 PM
>
> To: Tomcat Users List
>
> Subject: Re: BASIC authentication problem in tomcat8.0.33
>
>
>
> On 18/05/2016 12:47, Mark Thomas wrote:
>
>> On 18/05/2016 11:07, Venkata Reddy P wrote:
>
>>> Hi,
>
>>>
>
>>> I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken.
>
>>
>
>> BASIC auth works for me with a clean 8.0.33 install. Therefore this
>
>> looks like a problem with your custom code.
>
>
>
> And the space after the role name in web.xml might not help either.
>
>
>
> Mark
>
>
>
>
>
>>
>
>> Mark
>
>>
>
>>> Could you please help on this what is going wrong?
>
>>>
>
>>> Step1)-------Realm customization--------
>
>>> The customized classes are:-
>
>>> a) CustomizedPrincipal implements Principal
>
>>> b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
>
>>>
>>> HTTP Status 403 - Access to the requested resource has been denied
>
>>>
>>> type Status report
>
>>>
>>> message Access to the requested resource has been denied
>
>>> description Access to the specified resource has been forbidden.
>
>>> Step2) I have removed the files 'tomcat-users.txt' and
>
>>> 'tomcat-users.xsd' from <catalina_home>\config Spte3)-----Web.xml
>>> basic authentication configuration--------
>
>>> <security-constraint>
>
>>> <display-name>Security Constraint</display-name>
>
>>> <web-resource-collection>
>
>>> <web-resource-name>Restricted Area</web-resource-name>
>
>>> <url-pattern>/*</url-pattern>
>
>>> </web-resource-collection>
>
>>> <auth-constraint>
>
>>> <role-name>bauth </role-name>
>
>>> </auth-constraint>
>
>>> </security-constraint>
>
>>>
>
>>> <login-config>
>
>>> <auth-method>BASIC</auth-method>
>
>>> <realm-name>Basic authentication</realm-name>
>
>>> </login-config>
>
>>>
>
>>> Thanks in advance.
>
>>>
>
>>
>
>>
>
>> ---------------------------------------------------------------------
>
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org<mailto:users-unsubscribe@tomcat.a
>> pache.org>
>
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
>>
>
>
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org<mailto:users-unsubscribe@tomcat.ap
> ache.org>
>
> For additional commands, e-mail:
> users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
>
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail:
> users-unsubscribe@tomcat.apache.org<mailto:users-unsubscribe@tomcat.ap
> ache.org>
>
> For additional commands, e-mail:
> users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: BASIC authentication problem in tomcat8.0.33
Posted by Mark Thomas <ma...@apache.org>.
On 18/05/2016 15:33, Venkata Reddy P wrote:
> Hi,
>
> It looks like below comparison(principal instanceof GenericPrincipal) is failing as I am returning the CustomizedPrincipal which implements the java.security.Principal.
>
> Is it something introduced in tomcat7.x/tomcat8.x?
No.
The source code, including full history, is available in svn if you want
to find out how far back this code goes.
Mark
> RealBase.hasRole()
>
> {
>
> // Should be overridden in JAASRealm - to avoid pretty inefficient conversions
>
> if ((principal == null) || (role == null) ||
>
> !(principal instanceof GenericPrincipal))
>
> return (false);
>
> }
>
>
>
> Thanks in advance
>
>
>
> -----Original Message-----
> From: Venkata Reddy P [mailto:Venkata.Reddy@trianz.com]
> Sent: Wednesday, May 18, 2016 5:23 PM
> To: Tomcat Users List
> Subject: RE: BASIC authentication problem in tomcat8.0.33
>
>
>
> This was typo in while writing mail. When I debug my customized code until it is returning the principal everything seems to be good from customization point of view.
>
> Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config, will it make any difference?
>
>
>
> Thanks in advance
>
>
>
> -----Original Message-----
>
> From: Mark Thomas [mailto:markt@apache.org]
>
> Sent: Wednesday, May 18, 2016 5:18 PM
>
> To: Tomcat Users List
>
> Subject: Re: BASIC authentication problem in tomcat8.0.33
>
>
>
> On 18/05/2016 12:47, Mark Thomas wrote:
>
>> On 18/05/2016 11:07, Venkata Reddy P wrote:
>
>>> Hi,
>
>>>
>
>>> I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken.
>
>>
>
>> BASIC auth works for me with a clean 8.0.33 install. Therefore this
>
>> looks like a problem with your custom code.
>
>
>
> And the space after the role name in web.xml might not help either.
>
>
>
> Mark
>
>
>
>
>
>>
>
>> Mark
>
>>
>
>>> Could you please help on this what is going wrong?
>
>>>
>
>>> Step1)-------Realm customization--------
>
>>> The customized classes are:-
>
>>> a) CustomizedPrincipal implements Principal
>
>>> b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
>
>>> HTTP Status 403 - Access to the requested resource has been denied
>
>>> type Status report
>
>>> message Access to the requested resource has been denied
>
>>> description Access to the specified resource has been forbidden.
>
>>> Step2) I have removed the files 'tomcat-users.txt' and
>
>>> 'tomcat-users.xsd' from <catalina_home>\config Spte3)-----Web.xml basic authentication configuration--------
>
>>> <security-constraint>
>
>>> <display-name>Security Constraint</display-name>
>
>>> <web-resource-collection>
>
>>> <web-resource-name>Restricted Area</web-resource-name>
>
>>> <url-pattern>/*</url-pattern>
>
>>> </web-resource-collection>
>
>>> <auth-constraint>
>
>>> <role-name>bauth </role-name>
>
>>> </auth-constraint>
>
>>> </security-constraint>
>
>>>
>
>>> <login-config>
>
>>> <auth-method>BASIC</auth-method>
>
>>> <realm-name>Basic authentication</realm-name>
>
>>> </login-config>
>
>>>
>
>>> Thanks in advance.
>
>>>
>
>>
>
>>
>
>> ---------------------------------------------------------------------
>
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
>
>> For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
>>
>
>
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
>
> For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
>
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
>
> For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: BASIC authentication problem in tomcat8.0.33
Posted by Venkata Reddy P <Ve...@trianz.com>.
Hi,
It looks like below comparison(principal instanceof GenericPrincipal) is failing as I am returning the CustomizedPrincipal which implements the java.security.Principal.
Is it something introduced in tomcat7.x/tomcat8.x?
RealBase.hasRole()
{
// Should be overridden in JAASRealm - to avoid pretty inefficient conversions
if ((principal == null) || (role == null) ||
!(principal instanceof GenericPrincipal))
return (false);
}
Thanks in advance
-----Original Message-----
From: Venkata Reddy P [mailto:Venkata.Reddy@trianz.com]
Sent: Wednesday, May 18, 2016 5:23 PM
To: Tomcat Users List
Subject: RE: BASIC authentication problem in tomcat8.0.33
This was typo in while writing mail. When I debug my customized code until it is returning the principal everything seems to be good from customization point of view.
Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config, will it make any difference?
Thanks in advance
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Wednesday, May 18, 2016 5:18 PM
To: Tomcat Users List
Subject: Re: BASIC authentication problem in tomcat8.0.33
On 18/05/2016 12:47, Mark Thomas wrote:
> On 18/05/2016 11:07, Venkata Reddy P wrote:
>> Hi,
>>
>> I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken.
>
> BASIC auth works for me with a clean 8.0.33 install. Therefore this
> looks like a problem with your custom code.
And the space after the role name in web.xml might not help either.
Mark
>
> Mark
>
>> Could you please help on this what is going wrong?
>>
>> Step1)-------Realm customization--------
>> The customized classes are:-
>> a) CustomizedPrincipal implements Principal
>> b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
>> HTTP Status 403 - Access to the requested resource has been denied
>> type Status report
>> message Access to the requested resource has been denied
>> description Access to the specified resource has been forbidden.
>> Step2) I have removed the files 'tomcat-users.txt' and
>> 'tomcat-users.xsd' from <catalina_home>\config Spte3)-----Web.xml basic authentication configuration--------
>> <security-constraint>
>> <display-name>Security Constraint</display-name>
>> <web-resource-collection>
>> <web-resource-name>Restricted Area</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>bauth </role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>Basic authentication</realm-name>
>> </login-config>
>>
>> Thanks in advance.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org<ma...@tomcat.apache.org>
For additional commands, e-mail: users-help@tomcat.apache.org<ma...@tomcat.apache.org>
RE: BASIC authentication problem in tomcat8.0.33
Posted by Venkata Reddy P <Ve...@trianz.com>.
This was typo in while writing mail. When I debug my customized code until it is returning the principal everything seems to be good from customization point of view.
Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config, will it make any difference?
Thanks in advance
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Wednesday, May 18, 2016 5:18 PM
To: Tomcat Users List
Subject: Re: BASIC authentication problem in tomcat8.0.33
On 18/05/2016 12:47, Mark Thomas wrote:
> On 18/05/2016 11:07, Venkata Reddy P wrote:
>> Hi,
>>
>> I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken.
>
> BASIC auth works for me with a clean 8.0.33 install. Therefore this
> looks like a problem with your custom code.
And the space after the role name in web.xml might not help either.
Mark
>
> Mark
>
>> Could you please help on this what is going wrong?
>>
>> Step1)-------Realm customization--------
>> The customized classes are:-
>> a) CustomizedPrincipal implements Principal
>> b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
>> HTTP Status 403 - Access to the requested resource has been denied
>> type Status report
>> message Access to the requested resource has been denied
>> description Access to the specified resource has been forbidden.
>> Step2) I have removed the files 'tomcat-users.txt' and
>> 'tomcat-users.xsd' from <catalina_home>\config Spte3)-----Web.xml basic authentication configuration--------
>> <security-constraint>
>> <display-name>Security Constraint</display-name>
>> <web-resource-collection>
>> <web-resource-name>Restricted Area</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>bauth </role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>Basic authentication</realm-name>
>> </login-config>
>>
>> Thanks in advance.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: BASIC authentication problem in tomcat8.0.33
Posted by Mark Thomas <ma...@apache.org>.
On 18/05/2016 12:47, Mark Thomas wrote:
> On 18/05/2016 11:07, Venkata Reddy P wrote:
>> Hi,
>>
>> I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken.
>
> BASIC auth works for me with a clean 8.0.33 install. Therefore this
> looks like a problem with your custom code.
And the space after the role name in web.xml might not help either.
Mark
>
> Mark
>
>> Could you please help on this what is going wrong?
>>
>> Step1)-------Realm customization--------
>> The customized classes are:-
>> a) CustomizedPrincipal implements Principal
>> b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
>> HTTP Status 403 - Access to the requested resource has been denied
>> type Status report
>> message Access to the requested resource has been denied
>> description Access to the specified resource has been forbidden.
>> Step2) I have removed the files 'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config
>> Spte3)-----Web.xml basic authentication configuration--------
>> <security-constraint>
>> <display-name>Security Constraint</display-name>
>> <web-resource-collection>
>> <web-resource-name>Restricted Area</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>bauth </role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>BASIC</auth-method>
>> <realm-name>Basic authentication</realm-name>
>> </login-config>
>>
>> Thanks in advance.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: BASIC authentication problem in tomcat8.0.33
Posted by Mark Thomas <ma...@apache.org>.
On 18/05/2016 11:07, Venkata Reddy P wrote:
> Hi,
>
> I have been using the "BASIC authentication" from the tomcat3.x onwards, unfortunately after migrating to tomcat8.0.33 it is broken.
BASIC auth works for me with a clean 8.0.33 install. Therefore this
looks like a problem with your custom code.
Mark
> Could you please help on this what is going wrong?
>
> Step1)-------Realm customization--------
> The customized classes are:-
> a) CustomizedPrincipal implements Principal
> b) CustomizedRealmBase extends RealmBase :- this is returning successful customizedPrincipal to base class and then it is failing with following error.
> HTTP Status 403 - Access to the requested resource has been denied
> type Status report
> message Access to the requested resource has been denied
> description Access to the specified resource has been forbidden.
> Step2) I have removed the files 'tomcat-users.txt' and 'tomcat-users.xsd' from <catalina_home>\config
> Spte3)-----Web.xml basic authentication configuration--------
> <security-constraint>
> <display-name>Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Restricted Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>bauth </role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Basic authentication</realm-name>
> </login-config>
>
> Thanks in advance.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org