You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Greg Allen <Gr...@SierraAtlantic.com> on 2009/05/18 04:19:06 UTC
Tomcat, , and context.xml
I am trying to use ApacheDS 1.5 with Tomcat 5.5.17.
I first set up ApacheDS as a standalone appliation and set up the
following
<Realm> in the Tomcat server.xml file:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="uid=admin,ou=system"
connectionPassword="secret"
connectionURL="ldap://localhost:10389"
digest="SHA"
allRolesMode="authOnly"
userPassword="userPassword"
userPattern="uid={0},ou=accounts,dc=test,dc=org"
roleBase="ou=groups,dc=test,dc=org"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
I start ApacheDS, then Tomcat, and things work just fine - my web
application
uses FORMS authentication and it goes through ApacheDS as expected.
I then embedded ApacheDS in my web application by implementing
ServletContextListener
so that it starts on contextInitialized and stops on contextDestroyed -
when
my web application starts and stops..
Now that ApacheDS was embedded, I just started Tomcat directly (without
starting
ApacheDS standalone). Tomcat seemed to hang there as there didn't appear
to be
any ApacheDS running. This makes sense as Tomcat starts running *before*
the
web application does - so this won't work.
Realizing this, it seemed to make sense to put my <Realm> in the
META-INF/context.xml file of my web application. What I have read leads
me
to believe that this is the correct solution. So I moved the <Realm>
from
the server.xml to the context.xml and tried again.
It still doesn't work. From the logging, I can see that ApacheDS is
being
started. But when I try to log in using FORMS authentication from my
login
page, it doesn't appear that the <Realm> from my context.xml is being
used
at all. In fact, I get this exception in the Tomcat log:
[java] May 15, 2009 4:05:12 PM org.apache.catalina.realm.JAASRealm
authenticate
[java] SEVERE: Unexpected error
[java] java.lang.SecurityException: Unable to locate a login
configuration
[java] at
com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(NativeMethod)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA
ccessorImpl.java:39)
[java] at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons
tructorAccessorImpl.java:27)
[java] at
java.lang.reflect.Constructor.newInstance(Constructor.java:513)
[java] at java.lang.Class.newInstance0(Class.java:355)
[java] at java.lang.Class.newInstance(Class.java:308)
[java] at
javax.security.auth.login.Configuration$3.run(Configuration.java:246)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
javax.security.auth.login.Configuration.getConfiguration(Configuration.j
ava:241)
[java] at
javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
[java] at java.security.AccessController.doPrivileged(Native
Method)
[java] at
javax.security.auth.login.LoginContext.init(LoginContext.java:234)
[java] at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
[java] at
org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:347)
[java] at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut
henticator.java:257)
[java] at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:416)
[java] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)
[java] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)
[java] at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541
)
Now this really confuses me. Why is it using JAASRealm? That's not
configured
in either my server.xml or my context.xml file. I would have expected
it to
use the realm (JNDIRealm) that I defined in my context.xml.
I can't see what I am doing wrong here. Can anyone help?
Thanks,
-- Greg
__________________________________________________________________________________________________________________
DISCLAIMER:"The information contained in this message and the attachments (if any) may be privileged and confidential and protected from disclosure. You are hereby notified that any unauthorized use, dissemination, distribution or copying of this communication, review, retransmission, or taking of any action based upon this information, by persons or entities other than the intended recipient, is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message, and have received this communication in error, please notify us immediately by replying to the message and kindly delete the original message, attachments, if any, and all its copies from your computer system. Thank you for your cooperation."
________________________________________________________________________________________________________________
Re: Tomcat, , and context.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greg,
On 5/20/2009 6:50 AM, Greg Allen wrote:
> However, that exposes a timing issue which I'm not sure how to solve.
>
> I embedded ApacheDS in my web application by implementing
> ServletContextListener
> so that it starts on contextInitialized and stops on contextDestroyed -
> when my
> web application starts and stops..
Heh, that's kind of expected. Are you asking a web application to
authenticate to itself? That's an interesting strategy.
> The problem now is that the application doesn't start until after the
> the context.xml is processed by Tomcat. This ends up with me getting
> errors like this, and my application isn't deployed:
>
> [java] 06:15:14,799 WARN [[/test]] Exception performing
> authentication
> [java] javax.naming.CommunicationException: localhost:10389 [Root
> exception is java.net.ConnectException: Connection refused: connect]
You're going to want to connect to a separate service (i.e. one not
hosted in your own webapp). You can still run ApacheDS on Tomcat under a
different webapp. And no, you can't specify which webapp gets loaded
first. :(
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkoVi7oACgkQ9CaO5/Lv0PAfpwCfVldHoyP3do5HE3VH94kRHsUo
uJMAniIqD3NViaXFQYNfsa4dnOACLodz
=sR9+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat, , and context.xml
Posted by Greg Allen <Gr...@SierraAtlantic.com>.
Thanks Chuck!
> Do you happen to have a conf/Catalina/[host]/test.xml file? If so,
it will override the one
> in the webapp's META-INF/context.xml, causing your <Realm> to be
ignored.
This was the problem. I modified that one and it is now using the
JNDIRealm.
However, that exposes a timing issue which I'm not sure how to solve.
I embedded ApacheDS in my web application by implementing
ServletContextListener
so that it starts on contextInitialized and stops on contextDestroyed -
when my
web application starts and stops..
The problem now is that the application doesn't start until after the
the context.xml is processed by Tomcat. This ends up with me getting
errors like this, and my application isn't deployed:
[java] 06:15:14,799 WARN [[/test]] Exception performing
authentication
[java] javax.naming.CommunicationException: localhost:10389 [Root
exception is java.net.ConnectException: Connection refused: connect]
[java] at
com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
[java] at
com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
[java] at
com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
[java] at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2616)
[java] at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
[java] at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
[java] at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
It's trying to connect to the LDAP server, but my application hasn't
started
yet - so the LDAP server isn't running.
Is there some way to fix this so things are started in the right order?
Any suggestions appreciated!
Thanks,
-- Greg
__________________________________________________________________________________________________________________
DISCLAIMER:"The information contained in this message and the attachments (if any) may be privileged and confidential and protected from disclosure. You are hereby notified that any unauthorized use, dissemination, distribution or copying of this communication, review, retransmission, or taking of any action based upon this information, by persons or entities other than the intended recipient, is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message, and have received this communication in error, please notify us immediately by replying to the message and kindly delete the original message, attachments, if any, and all its copies from your computer system. Thank you for your cooperation."
________________________________________________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat, , and context.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Greg Allen [mailto:Gregory.Allen@SierraAtlantic.com]
> Subject: RE: Tomcat, <Realm>, and context.xml
>
> I have set up my realm in my webapp's META-INF directory, like this:
>
> <Context path="/test" reloadable="false">
Take out the path attribute; it's not allowed.
Where is your webapp deployed? (I'll presume at webapps/test, for the following.) Do you happen to have a conf/Catalina/[host]/test.xml file? If so, it will override the one in the webapp's META-INF/context.xml, causing your <Realm> to be ignored.
Are there any errors in the log at Tomcat startup relating to deployment of your webapp? (I presume the error you showed came from an attempt to access the webapp.)
> I have no realms configured in my server.xml for Tomcat.
You must have some <Realm> configured for the manager app to work; it can be in server.xml or you can put the appropriate <Realm> for the manager in conf/Catalina/[host]/manager.xml.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat, , and context.xml
Posted by Greg Allen <Gr...@SierraAtlantic.com>.
I changed to use 5.5.27 (latest 5.5 version), and still have the same
problem.
I have set up my realm in my webapp's META-INF directory, like this:
<Context path="/test" reloadable="false">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="uid=admin,ou=system"
connectionPassword="secret"
connectionURL="ldap://localhost:10389"
digest="SHA"
allRolesMode="authOnly"
userPassword="userPassword"
userPattern="uid={0},ou=accounts,dc=test,dc=org"
roleBase="ou=groups,dc=test,dc=org"
roleName="cn"
roleSearch="(uniqueMember={0})"
useContextClassLoader="true"
/>
</Context>
I have no realms configured in my server.xml for Tomcat. But I still
get this error:
[java] May 19, 2009 10:33:01 PM org.apache.catalina.realm.JAASRealm
authenticate
[java] SEVERE: Unexpected error
[java] java.lang.SecurityException: Unable to locate a login
configuration
[java] at
com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
[java] at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> I would guess your config is wrong.
What configuration piece could I be missing? I've been over the
server.xml and
my context.xml and don't see anything wrong. What should I look for?
Do I need to go to Tomcat 6? I'd rather not, but if I have to....
Thanks,
-- Greg
-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org]
Sent: Monday, May 18, 2009 3:06 PM
To: Tomcat Users List
Subject: Re: Tomcat, <Realm>, and context.xml
Greg Allen wrote:
> I am trying to use ApacheDS 1.5 with Tomcat 5.5.17.
Try a later version. You may be hitting multiple bugs that have since
been fixed.
> Now this really confuses me. Why is it using JAASRealm? That's not
> configured
The JAAS Realm is the default Realm Tomcat falls back to if no other
Realm can be found. I would guess your config is wrong.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
__________________________________________________________________________________________________________________
DISCLAIMER:"The information contained in this message and the attachments (if any) may be privileged and confidential and protected from disclosure. You are hereby notified that any unauthorized use, dissemination, distribution or copying of this communication, review, retransmission, or taking of any action based upon this information, by persons or entities other than the intended recipient, is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message, and have received this communication in error, please notify us immediately by replying to the message and kindly delete the original message, attachments, if any, and all its copies from your computer system. Thank you for your cooperation."
________________________________________________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat, , and context.xml
Posted by Mark Thomas <ma...@apache.org>.
Greg Allen wrote:
> I am trying to use ApacheDS 1.5 with Tomcat 5.5.17.
Try a later version. You may be hitting multiple bugs that have since
been fixed.
> Now this really confuses me. Why is it using JAASRealm? That's not
> configured
The JAAS Realm is the default Realm Tomcat falls back to if no other
Realm can be found. I would guess your config is wrong.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org