You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Philippe Lonchampt <ph...@free.fr> on 2004/09/06 21:20:42 UTC

basic authentification with IIS (tomcat 5.x)

Hello all,

I don't understand how to use the tomcat 5.x basic authentification with IIS (ajp13) : it works when using tomcat alone, but with IIS the answer is always "401.1 Not authorized". It seems like IIS don't let Tomcat manage the authentification ? I've read somewhere in this list that it has to do with the ajp.jar library, but I don't understand what to do with it, the topic is not clear for me.

I have done all the tomcat conf in the right way (web.xml, server.xml and tomcat-users.xml) since it works with tomcat alone.

Thanks in advance.

Philippe

StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.tomcat.util.net.SSLSupport$CipherData

Posted by David Wall <d....@computer.org>.

What do I have misconfigured to cause this security violation?  I am
using -security to start a security manager and the page is https secure.

Using TC 5.0.27 on Redhat Linux, I received the following error in
catalina.out:

StandardClassLoader: Security Violation, attempt to use Restricted Class:
org.apache.tomcat.util.net.SSLSupport$CipherData

My JSP page redirected to my error page, and this stack trace was shown:

org/apache/tomcat/util/net/SSLSupport$CipherDatajava.lang.NoClassDefFoundErr
or: org/apache/tomcat/util/net/SSLSupport$CipherData
at org.apache.tomcat.util.net.SSLSupport.(SSLSupport.java:55)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize(JSSESupport.java:137)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:973)
at org.apache.coyote.Request.action(Request.java:363)
at
org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:934)
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca
de.java:214)
at org.apache.jsp.login_jsp._jspService(login_jsp.java:201)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3
24)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:15
7)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter
Chain.java:50)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:140)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:136)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext
Valve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:540)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:683)
at java.lang.Thread.run(Thread.java:534)

Thanks,
David


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: basic authentification with IIS (tomcat 5.x) [FOUND]

Posted by Philippe Lonchampt <ph...@free.fr>.

I've found : have to disable windows athentication in security in IIS.

----- Original Message ----- 
From: "Philippe Lonchampt" <ph...@free.fr>
To: <to...@jakarta.apache.org>
Sent: Monday, September 06, 2004 9:20 PM
Subject: basic authentification with IIS (tomcat 5.x)

Hello all,

I don't understand how to use the tomcat 5.x basic authentification with IIS
(ajp13) : it works when using tomcat alone, but with IIS the answer is
always "401.1 Not authorized". It seems like IIS don't let Tomcat manage the
authentification ? I've read somewhere in this list that it has to do with
the ajp.jar library, but I don't understand what to do with it, the topic is
not clear for me.

I have done all the tomcat conf in the right way (web.xml, server.xml and
tomcat-users.xml) since it works with tomcat alone.

Thanks in advance.

Philippe

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org