You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Lawence <al...@yahoo.com> on 2003/09/26 21:20:07 UTC
Pleas help (Custom Authenticator & Reaml Problem)
Dear all,
I wrote my own authenticator (extends FormAuthenticator) & realm (extends JDBCRealm). What I need is to check one more field in the database besides password for authentication. Only minor modifications are made on the original codes so I think it should be fine. What I also did include changing the org/apache/catalina/startup/Authenticators.properties
file to add the new authenticator; modifying the server.xml and web.xml accordingly. Furthermore, I added the entries for my authenticator and realm in the mbeans-descriptor.xml file.
I expected everything to work perfectly but when I tried to access the secured area, I got the following error:
HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal
---------------------------------
type Status report
message Configuration error: Cannot perform access control without an authenticated principal
description The server encountered an internal error (Configuration error: Cannot perform access control without an authenticated principal) that prevented it from fulfilling this request.
This error was triggered instantly. I mean I even did not have a chance to see the login webpage. Now I have several questions:
What is the flow of the authentication? Was my authenticator got executed at all?
Any suggestions would be greatly appreciated.
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
Re: Pleas help (Custom Authenticator & Reaml Problem)
Posted by Bill Barker <wb...@wilshire.com>.
I agree with Tim that custom Authenticators can be 'icky'. Fortunately, in
Tomcat 5 there is almost no need for one. However, in Tomcat 4, there is
still a valid use case for them.
You can avoid messing with Authenticators.properties by explicitly
configuring your Authenticator like:
<Context path="/myapp" docBase="myapp">
<Valve className="com.myfirm.mypackage.MyAuthenticator" ... />
</Context>
To check that your Authenticator has been called, the easiest is to simply
add some debugging logging statements. It probably is being called from
your description.
Of course, these are all generic comments, since you haven't provided enough
info to attempt to guess what is wrong (other than the Authenticator isn't
setting the Principal :).
"Lawence" <al...@yahoo.com> wrote in message
news:20030926192007.61564.qmail@web41904.mail.yahoo.com...
> Dear all,
>
> I wrote my own authenticator (extends FormAuthenticator) & realm (extends
JDBCRealm). What I need is to check one more field in the database besides
password for authentication. Only minor modifications are made on the
original codes so I think it should be fine. What I also did include
changing the org/apache/catalina/startup/Authenticators.properties
> file to add the new authenticator; modifying the server.xml and web.xml
accordingly. Furthermore, I added the entries for my authenticator and realm
in the mbeans-descriptor.xml file.
>
> I expected everything to work perfectly but when I tried to access the
secured area, I got the following error:
> HTTP Status 500 - Configuration error: Cannot perform access control
without an authenticated principal
> ---------------------------------
>
> type Status report
>
> message Configuration error: Cannot perform access control without an
authenticated principal
>
> description The server encountered an internal error (Configuration error:
Cannot perform access control without an authenticated principal) that
prevented it from fulfilling this request.
>
> This error was triggered instantly. I mean I even did not have a chance to
see the login webpage. Now I have several questions:
>
> What is the flow of the authentication? Was my authenticator got executed
at all?
>
> Any suggestions would be greatly appreciated.
>
>
>
> ---------------------------------
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Pleas help (Custom Authenticator & Reaml Problem)
Posted by Bill Barker <wb...@wilshire.com>.
I agree with Tim that custom Authenticators can be 'icky'. Fortunately, in
Tomcat 5 there is almost no need for one. However, in Tomcat 4, there is
still a valid use case for them.
You can avoid messing with Authenticators.properties by explicitly
configuring your Authenticator like:
<Context path="/myapp" docBase="myapp">
<Valve className="com.myfirm.mypackage.MyAuthenticator" ... />
</Context>
To check that your Authenticator has been called, the easiest is to simply
add some debugging logging statements. It probably is being called from
your description.
Of course, these are all generic comments, since you haven't provided enough
info to attempt to guess what is wrong (other than the Authenticator isn't
setting the Principal :).
"Lawence" <al...@yahoo.com> wrote in message
news:20030926192007.61564.qmail@web41904.mail.yahoo.com...
> Dear all,
>
> I wrote my own authenticator (extends FormAuthenticator) & realm (extends
JDBCRealm). What I need is to check one more field in the database besides
password for authentication. Only minor modifications are made on the
original codes so I think it should be fine. What I also did include
changing the org/apache/catalina/startup/Authenticators.properties
> file to add the new authenticator; modifying the server.xml and web.xml
accordingly. Furthermore, I added the entries for my authenticator and realm
in the mbeans-descriptor.xml file.
>
> I expected everything to work perfectly but when I tried to access the
secured area, I got the following error:
> HTTP Status 500 - Configuration error: Cannot perform access control
without an authenticated principal
> ---------------------------------
>
> type Status report
>
> message Configuration error: Cannot perform access control without an
authenticated principal
>
> description The server encountered an internal error (Configuration error:
Cannot perform access control without an authenticated principal) that
prevented it from fulfilling this request.
>
> This error was triggered instantly. I mean I even did not have a chance to
see the login webpage. Now I have several questions:
>
> What is the flow of the authentication? Was my authenticator got executed
at all?
>
> Any suggestions would be greatly appreciated.
>
>
>
> ---------------------------------
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
Re: Pleas help (Custom Authenticator & Reaml Problem)
Posted by Tim Funk <fu...@joedog.org>.
To save you lots of headaches, can you just use a filter to perform
authorization and let JDBCRealm do the authentication?
(IIRC) The authenticators do authentication and authorization by delegating
some of those tasks to the Realm. But all the bookkeeping needs to be done by
the authenticator valve. A pretty icky topic.
-Tim
Lawence wrote:
> Dear all,
>
> I wrote my own authenticator (extends FormAuthenticator) & realm (extends JDBCRealm). What I need is to check one more field in the database besides password for authentication. Only minor modifications are made on the original codes so I think it should be fine. What I also did include changing the org/apache/catalina/startup/Authenticators.properties
> file to add the new authenticator; modifying the server.xml and web.xml accordingly. Furthermore, I added the entries for my authenticator and realm in the mbeans-descriptor.xml file.
>
> I expected everything to work perfectly but when I tried to access the secured area, I got the following error:
> HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal
> ---------------------------------
>
> type Status report
>
> message Configuration error: Cannot perform access control without an authenticated principal
>
> description The server encountered an internal error (Configuration error: Cannot perform access control without an authenticated principal) that prevented it from fulfilling this request.
>
> This error was triggered instantly. I mean I even did not have a chance to see the login webpage. Now I have several questions:
>
> What is the flow of the authentication? Was my authenticator got executed at all?
>
> Any suggestions would be greatly appreciated.
Re: Pleas help (Custom Authenticator & Reaml Problem)
Posted by Tim Funk <fu...@joedog.org>.
To save you lots of headaches, can you just use a filter to perform
authorization and let JDBCRealm do the authentication?
(IIRC) The authenticators do authentication and authorization by delegating
some of those tasks to the Realm. But all the bookkeeping needs to be done by
the authenticator valve. A pretty icky topic.
-Tim
Lawence wrote:
> Dear all,
>
> I wrote my own authenticator (extends FormAuthenticator) & realm (extends JDBCRealm). What I need is to check one more field in the database besides password for authentication. Only minor modifications are made on the original codes so I think it should be fine. What I also did include changing the org/apache/catalina/startup/Authenticators.properties
> file to add the new authenticator; modifying the server.xml and web.xml accordingly. Furthermore, I added the entries for my authenticator and realm in the mbeans-descriptor.xml file.
>
> I expected everything to work perfectly but when I tried to access the secured area, I got the following error:
> HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal
> ---------------------------------
>
> type Status report
>
> message Configuration error: Cannot perform access control without an authenticated principal
>
> description The server encountered an internal error (Configuration error: Cannot perform access control without an authenticated principal) that prevented it from fulfilling this request.
>
> This error was triggered instantly. I mean I even did not have a chance to see the login webpage. Now I have several questions:
>
> What is the flow of the authentication? Was my authenticator got executed at all?
>
> Any suggestions would be greatly appreciated.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org