You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Thomas Strauß <t....@srs-management.de> on 2012/03/29 18:29:15 UTC
FormAuthentication Valve changes fail with RequestListeners?
Hi,
we have a web application using the FormAuthentication with Tomcat 7.0.11.
The application provides its own realm, that is valid for the whole server
(configured in server.xml). The realm is based on datasource realm.
The application provides request listeners that rely on the
request.getPrincipal() method to obtain the logged on user.
The request listener authenticates a service framework with the principal
from the request.
Tomcat 7.0.11 as stated above works with this design.
In Tomcat 7.0.26 this approach fails, because the requestlistener can no
longer obtain the principal using request.getPrincipal(). The call returns
null. A webpage (jsp) called after the listener as target of the request can
obtain the principal from the request as expected.
No configuration changes have been applied between 7.0.11 and 7.0.26.
Additionally we have experimented with various valve options, but did not
succeed.
We cannot explain this behavior and think it is a bug in Tomcat.
Any help appreciated, as currently we cannot upgrade Tomcat due to this
issue.
Kind regards,
Thomas Strauß
SRS PaperDynamix®
WE MAKE PAPER WORK
SRS-Management GmbH
Berliner Ring 93
64625 Bensheim
T +49 6251 85 424 - 20
F +49 6251 85 424 - 14
M +49 174 2110912
<http://www.srs-management.de> www.srs-management.de
<http://www.srs-paperdynamix.de> www.srs-paperdynamix.de
HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß
AW: AW: FormAuthentication Valve changes fail with RequestListeners?
Posted by Thomas Strauß <t....@srs-management.de>.
> -----Ursprüngliche Nachricht-----
> Von: André Warnier [mailto:aw@ice-sa.com]
> Gesendet: Dienstag, 3. April 2012 14:07
> An: Tomcat Users List
> Betreff: Re: AW: FormAuthentication Valve changes fail with
> RequestListeners?
>
> Thomas Strauß wrote:
> ...
>
> >>>
> >>> We have not succeeded so far. I want to give you some more
> >>> information what happens, the context.xml and the web.xml
> >>>
> >>> What we have changed versus the existing setup, working on 7.0.11
> >>> - We have moved the login.jsp into the protection domain (was
> >>> outside before). This did not remove the issue.
> >>> - We have changed the preemptiveAuthentication setting. This did not
> >>> remove the issue.
> >>>
> >>> This is the flow through the system that we can see:
> >>>
> >>> Client sends request to /portal
> >>>
> >>> /portal is not protected
> >>> /portal/jsp/main.jsp is welcome page and protected (see
> >>> web.xml)
> >>> portal context configures formauthentication on the
> >>> protection domain
> >>> Tomcat redirects/forwards incoming call to /jsp/login.jsp
> >>> (protected
> >>> resource)
> >>>
>
> I have not followed in the details, and maybe I am talking out of turn
> here, but isn't there a "loop" problem if the login.jsp page is itself
> protected ?
> (Like it will trigger the authentication, which will trigger a redirect to
> login.jsp, which will trigger the authentication, which will... etc.)
>
there is no difference if the jsp is in or out of the protection domain. Actually we moved the jsp inside the domain following a hint from the list :-)
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: FormAuthentication Valve changes fail with RequestListeners?
Posted by André Warnier <aw...@ice-sa.com>.
Thomas Strauß wrote:
...
>>>
>>> We have not succeeded so far. I want to give you some more information
>>> what happens, the context.xml and the web.xml
>>>
>>> What we have changed versus the existing setup, working on 7.0.11
>>> - We have moved the login.jsp into the protection domain (was outside
>>> before). This did not remove the issue.
>>> - We have changed the preemptiveAuthentication setting. This did not
>>> remove the issue.
>>>
>>> This is the flow through the system that we can see:
>>>
>>> Client sends request to /portal
>>>
>>> /portal is not protected
>>> /portal/jsp/main.jsp is welcome page and protected (see
>>> web.xml)
>>> portal context configures formauthentication on the protection
>>> domain
>>> Tomcat redirects/forwards incoming call to /jsp/login.jsp
>>> (protected
>>> resource)
>>>
I have not followed in the details, and maybe I am talking out of turn here, but isn't
there a "loop" problem if the login.jsp page is itself protected ?
(Like it will trigger the authentication, which will trigger a redirect to login.jsp,
which will trigger the authentication, which will... etc.)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: FormAuthentication Valve changes fail with RequestListeners?
Posted by Thomas Strauß <t....@srs-management.de>.
Hi,
we still see this issue. Did our test data reveal anything that you found
problematic?
Thank you for the support, and Happy Easter to all who celebrated!
Mit freundlichen Grüßen
Thomas Strauß
SRS PaperDynamix®
WE MAKE PAPER WORK
SRS-Management GmbH
Berliner Ring 93
64625 Bensheim
T +49 6251 85 424 - 20
F +49 6251 85 424 - 14
M +49 174 2110912
www.srs-management.de
www.srs-paperdynamix.de
HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß
> -----Ursprüngliche Nachricht-----
> Von: Thomas Strauß [mailto:t.strauss@srs-management.de]
> Gesendet: Mittwoch, 4. April 2012 16:47
> An: Tomcat Users List
> Betreff: AW: FormAuthentication Valve changes fail with RequestListeners?
>
> Repeating the message because I signed it (again, *sigh*), causing trouble
> - sorry.
>
> Hi,
>
> we have done the tests and got the following results (7.0.11 and 7.0.26).
>
> Thank you for taking the time:
>
> =============================== Tomcat 7.0.11
> ==========================================
> First call to portal:
>
> ["http-bio-8080"-exec-3 | INFO | 30-03 16:47:29:005] >>
> requestInitialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:52)]
> ["http-bio-8080"-exec-3 | INFO | 30-03 16:47:29:005]
> PortalRequest thread: 39 - "http-bio-8080"-exec-3
> [de.srs.pen.portal.utils.server.servlet.PortalRequest.set(PortalRequest.ja
> va
> :45)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:186]
> Request Listener: Request Initialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:60)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
> requested URI:/portal-srs-standard/
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:62)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
> httpSession ID: 2D7D25B19BDC1A64DFFD61BBFD93CE7F
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:63)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
> principal:no principal
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:66)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
> stack
> trace:
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:67)]
> java.lang.Exception
> at
> de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitia
> li
> zed(PortalRequestListener.java:67)
> at
> org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardCont
> ex
> t.java:5903)
> at
> org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(For
> mA
> uthenticator.java:372)
> at
> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthe
> nt
> icator.java:267)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBa
> se
> .java:556)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:1
> 64
> )
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:1
> 00
> )
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.ja
> va
> :118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394
> )
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Ht
> tp
> 11Protocol.java:188)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.jav
> a:
> 302)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.
> ja
> va:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> :9
> 08)
> at java.lang.Thread.run(Thread.java:662)
>
>
> Credentials provided, login done
>
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:47:246]
> Request Listener: Request Initialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:60)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:803]
> requested URI:/portal-srs-standard/
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:62)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:803]
> httpSession ID: 17E5174AC9E99DC97A44B0967E3E0219
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:63)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:804]
> principal:srs/m.strauss
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:66)]
> ["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:804]
> stack
> trace:
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:67)]
> java.lang.Exception
> at
> de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitia
> li
> zed(PortalRequestListener.java:67)
> at
> org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardCont
> ex
> t.java:5903)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
> ja
> va:160)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBa
> se
> .java:591)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:1
> 64
> )
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:1
> 00
> )
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.ja
> va
> :118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394
> )
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Ht
> tp
> 11Protocol.java:188)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.jav
> a:
> 302)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.
> ja
> va:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> :9
> 08)
> at java.lang.Thread.run(Thread.java:662)
>
> =============================== Tomcat 7.0.26
> ========================================
>
> [http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:030]
> Request Listener: Request Initialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:60)]
> [http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:813]
> requested URI:/portal-srs-standard/
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:62)]
> [http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:814]
> httpSession ID: AC7A464173A57BD6CB8602A906EFB0EF
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:63)]
> [http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:814]
> principal:no principal
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:66)]
> [http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:833]
> stack
> trace:
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:67)]
> java.lang.Exception
> at
> de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitia
> li
> zed(PortalRequestListener.java:67)
> at
> org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardCont
> ex
> t.java:5934)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:1
> 64
> )
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:9
> 8)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.ja
> va
> :118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407
> )
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Pro
> ce
> ssor.java:987)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstr
> ac
> tProtocol.java:579)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.jav
> a:
> 307)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.
> ja
> va:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> :9
> 08)
> at java.lang.Thread.run(Thread.java:662)
> [http-bio-8080-exec-3 | INFO | 30-03 17:12:12:745] <<
> requestInitialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:93)]
>
>
>
> [http-bio-8080-exec-7 | INFO | 30-03 17:13:26:084]
> PortalRequest thread: 28 - http-bio-8080-exec-7
> [de.srs.pen.portal.utils.server.servlet.PortalRequest.set(PortalRequest.ja
> va
> :45)]
> [http-bio-8080-exec-7 | TRACE | 30-03 17:13:44:622]
> Request Listener: Request Initialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:60)]
> [http-bio-8080-exec-7 | TRACE | 30-03 17:13:45:263]
> requested URI:/portal-srs-standard/j_security_check
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:62)]
> [http-bio-8080-exec-7 | TRACE | 30-03 17:13:45:486]
> httpSession ID: AC7A464173A57BD6CB8602A906EFB0EF
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:63)]
> [http-bio-8080-exec-7 | TRACE | 30-03 17:13:46:007]
> principal:no principal
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:66)]
> [http-bio-8080-exec-7 | TRACE | 30-03 17:13:46:831]
> stack
> trace:
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:67)]
> java.lang.Exception
> at
> de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitia
> li
> zed(PortalRequestListener.java:67)
> at
> org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardCont
> ex
> t.java:5934)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:1
> 64
> )
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:9
> 8)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.ja
> va
> :118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407
> )
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Pro
> ce
> ssor.java:987)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstr
> ac
> tProtocol.java:579)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.jav
> a:
> 307)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.
> ja
> va:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
> :9
> 08)
> at java.lang.Thread.run(Thread.java:662)
> [http-bio-8080-exec-7 | INFO | 30-03 17:13:49:228] <<
> requestInitialized
> [de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestIniti
> al
> ized(PortalRequestListener.java:93)]
>
>
> Mit freundlichen Grüßen
>
> Thomas Strauß
>
> SRS PaperDynamix®
> WE MAKE PAPER WORK
>
> SRS-Management GmbH
> Berliner Ring 93
> 64625 Bensheim
> T +49 6251 85 424 - 20
> F +49 6251 85 424 - 14
> M +49 174 2110912
>
> www.srs-management.de
> www.srs-paperdynamix.de
>
> HRB 25262 AG Darmstadt
> Geschäftsführer: Detlev Homilius, Thomas Strauß
>
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> > Gesendet: Freitag, 30. März 2012 13:10
> > An: Tomcat Users List
> > Betreff: Re: FormAuthentication Valve changes fail with
> RequestListeners?
> >
> > 2012/3/30 Thomas Strauß <t....@srs-management.de>:
> > > Hi,
> > >
> > > thank you for the information.
> > >
> > > We have not succeeded so far. I want to give you some more
> > > information what happens, the context.xml and the web.xml
> > >
> > > What we have changed versus the existing setup, working on 7.0.11
> > > - We have moved the login.jsp into the protection domain (was
> > > outside before). This did not remove the issue.
> > > - We have changed the preemptiveAuthentication setting. This did not
> > > remove the issue.
> > >
> > > This is the flow through the system that we can see:
> > >
> > > Client sends request to /portal
> > >
> > > /portal is not protected
> > > /portal/jsp/main.jsp is welcome page and protected (see
> > > web.xml)
> > > portal context configures formauthentication on the
> > > protection domain
> > > Tomcat redirects/forwards incoming call to /jsp/login.jsp
> > > (protected
> > > resource)
> > >
> > > FormAuthentication Valve is called
> > > Request Listener is called (expected: principal is null -> OK!)
> >
> > What is stacktrace at this point inside the listener?
> > (e.g. (new Exception()).printStackTrace());
> >
> > Maybe you can compare 7.0.26 and 7.0.11.
> >
> >
> > IIRC there was some refactoring with regards to where the valves are
> > placed and how listeners are called In 7.0.22 changelog:
> >
> > "Error handling and request listeners are now handled in the
> > StandardHostValve to ensure they wrap all Context level activity."
> >
> > Maybe something was missed there.
> >
> > > jsp/login.jsp is displayed, waiting for user User adds information,
> > > press submit Client sends request to j_security_check is initiated
> > > by browser with form data
> > >
> > > (something happens here?)
> > >
> > > Realm is called: Authentication succeeds, realm creates principal
> > > Realm provides its own implementation of Principal Object
> > > Realm uses different table-structure than original DataSource
> > > Realm
> > >
> > > (something happens here?)
> > >
> > > Request Listener is called (expected: principal is not null ->
> > > FAILS!)
> > >
> > > (something happens here?)
> > >
> > > jsp/main.jsp is called, principal in request is not null -> can be
> > > dumped to the JSP view
> > >
> > >
> > > Following here is the used context.xml
> > > (...)
> > >
> >
> > BTW, if you want to run under debugger, the tips are here:
> > https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
> >
> > Best regards,
> > Konstantin Kolinko
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> > --
> > This message has been scanned for viruses and dangerous content by
> > MailScanner, and is believed to be clean.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
AW: FormAuthentication Valve changes fail with RequestListeners?
Posted by Thomas Strauß <t....@srs-management.de>.
Repeating the message because I signed it (again, *sigh*), causing trouble - sorry.
Hi,
we have done the tests and got the following results (7.0.11 and 7.0.26).
Thank you for taking the time:
=============================== Tomcat 7.0.11
==========================================
First call to portal:
["http-bio-8080"-exec-3 | INFO | 30-03 16:47:29:005] >>
requestInitialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:52)]
["http-bio-8080"-exec-3 | INFO | 30-03 16:47:29:005]
PortalRequest thread: 39 - "http-bio-8080"-exec-3
[de.srs.pen.portal.utils.server.servlet.PortalRequest.set(PortalRequest.java
:45)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:186]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
requested URI:/portal-srs-standard/
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
httpSession ID: 2D7D25B19BDC1A64DFFD61BBFD93CE7F
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
principal:no principal
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5903)
at
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormA
uthenticator.java:372)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent
icator.java:267)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:556)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100
)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http
11Protocol.java:188)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
302)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
Credentials provided, login done
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:47:246]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:803]
requested URI:/portal-srs-standard/
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:803]
httpSession ID: 17E5174AC9E99DC97A44B0967E3E0219
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:804]
principal:srs/m.strauss
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:804] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5903)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:160)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:591)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100
)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http
11Protocol.java:188)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
302)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
=============================== Tomcat 7.0.26
========================================
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:030]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:813]
requested URI:/portal-srs-standard/
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:814]
httpSession ID: AC7A464173A57BD6CB8602A906EFB0EF
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:814]
principal:no principal
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:833] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5934)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:987)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:579)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
307)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
[http-bio-8080-exec-3 | INFO | 30-03 17:12:12:745] <<
requestInitialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:93)]
[http-bio-8080-exec-7 | INFO | 30-03 17:13:26:084]
PortalRequest thread: 28 - http-bio-8080-exec-7
[de.srs.pen.portal.utils.server.servlet.PortalRequest.set(PortalRequest.java
:45)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:44:622]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:45:263]
requested URI:/portal-srs-standard/j_security_check
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:45:486]
httpSession ID: AC7A464173A57BD6CB8602A906EFB0EF
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:46:007]
principal:no principal
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:46:831] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5934)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:987)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:579)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
307)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
[http-bio-8080-exec-7 | INFO | 30-03 17:13:49:228] <<
requestInitialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:93)]
Mit freundlichen Grüßen
Thomas Strauß
SRS PaperDynamix®
WE MAKE PAPER WORK
SRS-Management GmbH
Berliner Ring 93
64625 Bensheim
T +49 6251 85 424 - 20
F +49 6251 85 424 - 14
M +49 174 2110912
www.srs-management.de
www.srs-paperdynamix.de
HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß
> -----Ursprüngliche Nachricht-----
> Von: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Gesendet: Freitag, 30. März 2012 13:10
> An: Tomcat Users List
> Betreff: Re: FormAuthentication Valve changes fail with RequestListeners?
>
> 2012/3/30 Thomas Strauß <t....@srs-management.de>:
> > Hi,
> >
> > thank you for the information.
> >
> > We have not succeeded so far. I want to give you some more information
> > what happens, the context.xml and the web.xml
> >
> > What we have changed versus the existing setup, working on 7.0.11
> > - We have moved the login.jsp into the protection domain (was outside
> > before). This did not remove the issue.
> > - We have changed the preemptiveAuthentication setting. This did not
> > remove the issue.
> >
> > This is the flow through the system that we can see:
> >
> > Client sends request to /portal
> >
> > /portal is not protected
> > /portal/jsp/main.jsp is welcome page and protected (see
> > web.xml)
> > portal context configures formauthentication on the protection
> > domain
> > Tomcat redirects/forwards incoming call to /jsp/login.jsp
> > (protected
> > resource)
> >
> > FormAuthentication Valve is called
> > Request Listener is called (expected: principal is null -> OK!)
>
> What is stacktrace at this point inside the listener?
> (e.g. (new Exception()).printStackTrace());
>
> Maybe you can compare 7.0.26 and 7.0.11.
>
>
> IIRC there was some refactoring with regards to where the valves are
> placed and how listeners are called In 7.0.22 changelog:
>
> "Error handling and request listeners are now handled in the
> StandardHostValve to ensure they wrap all Context level activity."
>
> Maybe something was missed there.
>
> > jsp/login.jsp is displayed, waiting for user User adds information,
> > press submit Client sends request to j_security_check is initiated by
> > browser with form data
> >
> > (something happens here?)
> >
> > Realm is called: Authentication succeeds, realm creates principal
> > Realm provides its own implementation of Principal Object
> > Realm uses different table-structure than original DataSource
> > Realm
> >
> > (something happens here?)
> >
> > Request Listener is called (expected: principal is not null -> FAILS!)
> >
> > (something happens here?)
> >
> > jsp/main.jsp is called, principal in request is not null -> can be
> > dumped to the JSP view
> >
> >
> > Following here is the used context.xml
> > (...)
> >
>
> BTW, if you want to run under debugger, the tips are here:
> https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: FormAuthentication Valve changes fail with RequestListeners?
Posted by Thomas Strauß <t....@srs-management.de>.
Hi,
we have done the tests and got the following results (7.0.11 and 7.0.26).
Thank you for taking the time:
=============================== Tomcat 7.0.11
==========================================
First call to portal:
["http-bio-8080"-exec-3 | INFO | 30-03 16:47:29:005] >>
requestInitialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:52)]
["http-bio-8080"-exec-3 | INFO | 30-03 16:47:29:005]
PortalRequest thread: 39 - "http-bio-8080"-exec-3
[de.srs.pen.portal.utils.server.servlet.PortalRequest.set(PortalRequest.java
:45)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:186]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
requested URI:/portal-srs-standard/
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
httpSession ID: 2D7D25B19BDC1A64DFFD61BBFD93CE7F
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187]
principal:no principal
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:30:187] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5903)
at
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormA
uthenticator.java:372)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthent
icator.java:267)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:556)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100
)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http
11Protocol.java:188)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
302)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
Credentials provided, login done
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:47:246]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:803]
requested URI:/portal-srs-standard/
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:803]
httpSession ID: 17E5174AC9E99DC97A44B0967E3E0219
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:804]
principal:srs/m.strauss
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
["http-bio-8080"-exec-3 | TRACE | 30-03 16:47:50:804] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5903)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:160)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:591)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100
)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http
11Protocol.java:188)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
302)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
=============================== Tomcat 7.0.26
========================================
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:030]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:813]
requested URI:/portal-srs-standard/
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:814]
httpSession ID: AC7A464173A57BD6CB8602A906EFB0EF
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:814]
principal:no principal
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
[http-bio-8080-exec-3 | TRACE | 30-03 17:12:11:833] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5934)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:987)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:579)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
307)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
[http-bio-8080-exec-3 | INFO | 30-03 17:12:12:745] <<
requestInitialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:93)]
[http-bio-8080-exec-7 | INFO | 30-03 17:13:26:084]
PortalRequest thread: 28 - http-bio-8080-exec-7
[de.srs.pen.portal.utils.server.servlet.PortalRequest.set(PortalRequest.java
:45)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:44:622]
Request Listener: Request Initialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:60)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:45:263]
requested URI:/portal-srs-standard/j_security_check
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:62)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:45:486]
httpSession ID: AC7A464173A57BD6CB8602A906EFB0EF
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:63)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:46:007]
principal:no principal
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:66)]
[http-bio-8080-exec-7 | TRACE | 30-03 17:13:46:831] stack
trace:
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:67)]
java.lang.Exception
at
de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitiali
zed(PortalRequestListener.java:67)
at
org.apache.catalina.core.StandardContext.fireRequestInitEvent(StandardContex
t.java:5934)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:987)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:579)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:
307)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.ja
va:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:9
08)
at java.lang.Thread.run(Thread.java:662)
[http-bio-8080-exec-7 | INFO | 30-03 17:13:49:228] <<
requestInitialized
[de.srs.pen.portal.utils.server.servlet.PortalRequestListener.requestInitial
ized(PortalRequestListener.java:93)]
Mit freundlichen Grüßen
Thomas Strauß
SRS PaperDynamix®
WE MAKE PAPER WORK
SRS-Management GmbH
Berliner Ring 93
64625 Bensheim
T +49 6251 85 424 - 20
F +49 6251 85 424 - 14
M +49 174 2110912
www.srs-management.de
www.srs-paperdynamix.de
HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß
> -----Ursprüngliche Nachricht-----
> Von: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Gesendet: Freitag, 30. März 2012 13:10
> An: Tomcat Users List
> Betreff: Re: FormAuthentication Valve changes fail with RequestListeners?
>
> 2012/3/30 Thomas Strauß <t....@srs-management.de>:
> > Hi,
> >
> > thank you for the information.
> >
> > We have not succeeded so far. I want to give you some more information
> > what happens, the context.xml and the web.xml
> >
> > What we have changed versus the existing setup, working on 7.0.11
> > - We have moved the login.jsp into the protection domain (was outside
> > before). This did not remove the issue.
> > - We have changed the preemptiveAuthentication setting. This did not
> > remove the issue.
> >
> > This is the flow through the system that we can see:
> >
> > Client sends request to /portal
> >
> > /portal is not protected
> > /portal/jsp/main.jsp is welcome page and protected (see
> > web.xml)
> > portal context configures formauthentication on the protection
> > domain
> > Tomcat redirects/forwards incoming call to /jsp/login.jsp
> > (protected
> > resource)
> >
> > FormAuthentication Valve is called
> > Request Listener is called (expected: principal is null -> OK!)
>
> What is stacktrace at this point inside the listener?
> (e.g. (new Exception()).printStackTrace());
>
> Maybe you can compare 7.0.26 and 7.0.11.
>
>
> IIRC there was some refactoring with regards to where the valves are
> placed and how listeners are called In 7.0.22 changelog:
>
> "Error handling and request listeners are now handled in the
> StandardHostValve to ensure they wrap all Context level activity."
>
> Maybe something was missed there.
>
> > jsp/login.jsp is displayed, waiting for user User adds information,
> > press submit Client sends request to j_security_check is initiated by
> > browser with form data
> >
> > (something happens here?)
> >
> > Realm is called: Authentication succeeds, realm creates principal
> > Realm provides its own implementation of Principal Object
> > Realm uses different table-structure than original DataSource
> > Realm
> >
> > (something happens here?)
> >
> > Request Listener is called (expected: principal is not null -> FAILS!)
> >
> > (something happens here?)
> >
> > jsp/main.jsp is called, principal in request is not null -> can be
> > dumped to the JSP view
> >
> >
> > Following here is the used context.xml
> > (...)
> >
>
> BTW, if you want to run under debugger, the tips are here:
> https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
Re: FormAuthentication Valve changes fail with RequestListeners?
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/3/30 Thomas Strauß <t....@srs-management.de>:
> Hi,
>
> thank you for the information.
>
> We have not succeeded so far. I want to give you some more information what
> happens, the context.xml and the web.xml
>
> What we have changed versus the existing setup, working on 7.0.11
> - We have moved the login.jsp into the protection domain (was outside
> before). This did not remove the issue.
> - We have changed the preemptiveAuthentication setting. This did not remove
> the issue.
>
> This is the flow through the system that we can see:
>
> Client sends request to /portal
>
> /portal is not protected
> /portal/jsp/main.jsp is welcome page and protected (see web.xml)
> portal context configures formauthentication on the protection
> domain
> Tomcat redirects/forwards incoming call to /jsp/login.jsp (protected
> resource)
>
> FormAuthentication Valve is called
> Request Listener is called (expected: principal is null -> OK!)
What is stacktrace at this point inside the listener?
(e.g. (new Exception()).printStackTrace());
Maybe you can compare 7.0.26 and 7.0.11.
IIRC there was some refactoring with regards to where the valves are
placed and how listeners are called In 7.0.22 changelog:
"Error handling and request listeners are now handled in the
StandardHostValve to ensure they wrap all Context level activity."
Maybe something was missed there.
> jsp/login.jsp is displayed, waiting for user
> User adds information, press submit
> Client sends request to j_security_check is initiated by browser with form
> data
>
> (something happens here?)
>
> Realm is called: Authentication succeeds, realm creates principal
> Realm provides its own implementation of Principal Object
> Realm uses different table-structure than original DataSource Realm
>
> (something happens here?)
>
> Request Listener is called (expected: principal is not null -> FAILS!)
>
> (something happens here?)
>
> jsp/main.jsp is called, principal in request is not null -> can be dumped to
> the JSP view
>
>
> Following here is the used context.xml
> (...)
>
BTW, if you want to run under debugger, the tips are here:
https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: FormAuthentication Valve changes fail with RequestListeners?
Posted by Thomas Strauß <t....@srs-management.de>.
Hi,
thank you for the information.
We have not succeeded so far. I want to give you some more information what
happens, the context.xml and the web.xml
What we have changed versus the existing setup, working on 7.0.11
- We have moved the login.jsp into the protection domain (was outside
before). This did not remove the issue.
- We have changed the preemptiveAuthentication setting. This did not remove
the issue.
This is the flow through the system that we can see:
Client sends request to /portal
/portal is not protected
/portal/jsp/main.jsp is welcome page and protected (see web.xml)
portal context configures formauthentication on the protection
domain
Tomcat redirects/forwards incoming call to /jsp/login.jsp (protected
resource)
FormAuthentication Valve is called
Request Listener is called (expected: principal is null -> OK!)
jsp/login.jsp is displayed, waiting for user
User adds information, press submit
Client sends request to j_security_check is initiated by browser with form
data
(something happens here?)
Realm is called: Authentication succeeds, realm creates principal
Realm provides its own implementation of Principal Object
Realm uses different table-structure than original DataSource Realm
(something happens here?)
Request Listener is called (expected: principal is not null -> FAILS!)
(something happens here?)
jsp/main.jsp is called, principal in request is not null -> can be dumped to
the JSP view
Following here is the used context.xml
--- 8< ----------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="false"
antiResourceLocking="false"
fireRequestListenersOnForwards="true"
preemptiveAuthentication="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
fileDateFormat="yyyy-MM-dd"
pattern="%h %l %u %t "%r" %s %b "%{Referer}i"
"%{User-Agent}i""
prefix="portal-srs-standard."
suffix=".log"/>
<Valve className="org.apache.catalina.authenticator.FormAuthenticator"
changeSessionIdOnAuthentication="false"
alwaysUseSession="true"
landingPage="/jsp/main.jsp" />
<ResourceLink global="pendb"
name="jdbc/DataSource"
type="javax.sql.DataSource"/>
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
--- 8< ----------------------------------------------------------
Follwing here is the web.xml
--- 8< ----------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0" metadata-complete="true">
<display-name>SRS Standard Portal - PDX Application</display-name>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>de.srs.pen.portal.utils.server.filter.SetCharacterEncodingFilt
er</filter-class>
<init-param>
<param-name>ignore</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>RequestDumper</filter-name>
<filter-class>
org.apache.catalina.filters.RequestDumperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>RequestDumper</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Listener -->
<listener>
<listener-class>de.srs.pen.portal.utils.server.servlet.PortalSessionManager<
/listener-class>
</listener>
<listener>
<listener-class>de.srs.pen.portal.utils.server.ObjectLockHandler</listener-c
lass>
</listener>
<listener>
<listener-class>de.srs.pen.portal.utils.server.servlet.PortalRequestListener
</listener-class>
</listener>
<listener>
<listener-class>de.srs.pen.portal.app.server.PortalContextListener</listener
-class>
</listener>
<!-- Servlets und GWT Services -->
<servlet>
<description>Single point of entry fuer die Web
Applikation</description>
<display-name>DelegatingPortalServlet</display-name>
<servlet-name>DelegatingPortalServlet</servlet-name>
<servlet-class>de.srs.pen.portal.utils.server.servlet.DelegatingPortalServic
eServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<description>gets PDF for Instance</description>
<display-name>DisplayPDFServlet</display-name>
<servlet-name>DisplayPDFServlet</servlet-name>
<servlet-class>de.srs.pen.portal.utils.server.servlet.DisplayPDFServlet</ser
vlet-class>
<init-param>
<param-name>DPI</param-name>
<param-value>120</param-value>
</init-param>
</servlet>
<servlet>
<display-name>DownloadServlet</display-name>
<servlet-name>DownloadServlet</servlet-name>
<servlet-class>de.srs.pen.portal.utils.server.servlet.DownloadServlet</servl
et-class>
</servlet>
<servlet>
<display-name>DeployFormServlet</display-name>
<servlet-name>DeployFormServlet</servlet-name>
<servlet-class>de.srs.pen.portal.app.server.services.DeployFormServlet</serv
let-class>
</servlet>
<servlet-mapping>
<servlet-name>DelegatingPortalServlet</servlet-name>
<url-pattern>/delegating/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DownloadServlet</servlet-name>
<url-pattern>/servlet/DownloadServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DisplayPDFServlet</servlet-name>
<url-pattern>/servlet/DisplayPDFServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DeployFormServlet</servlet-name>
<url-pattern>/servlet/DeployFormServlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>59</session-timeout>
</session-config>
<!-- Servlets Default page to serve -->
<welcome-file-list>
<welcome-file>jsp/main.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>403</error-code>
<location>/error/403.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error/500.jsp</location>
</error-page>
<error-page>
<error-code>408</error-code>
<location>/error/408.jsp</location>
</error-page>
<security-constraint>
<display-name>PDiX Portal</display-name>
<web-resource-collection>
<web-resource-name>PDX Portal Protected</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>servlets</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>GWT Resourcen</web-resource-name>
<url-pattern>/StandardPortal/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>services</web-resource-name>
<url-pattern>/delegating/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>authenticatedUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PDXRealm</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login.jsp?error=true</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>authenticatedUser</role-name>
</security-role>
</web-app>
--- 8< ----------------------------------------------------------
Mit freundlichen Grüßen
Thomas Strauß
Geschäftsführer Entwicklung
SRS PaperDynamix®
WE MAKE PAPER WORK
SRS-Management GmbH
Berliner Ring 93
64625 Bensheim
T +49 6251 85 424 - 20
F +49 6251 85 424 - 14
M +49 174 2110912
www.srs-management.de
www.srs-paperdynamix.de
HRB 25262 AG Darmstadt
Geschäftsführer: Detlev Homilius, Thomas Strauß
> -----Ursprüngliche Nachricht-----
> Von: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Gesendet: Donnerstag, 29. März 2012 22:56
> An: Tomcat Users List
> Betreff: Re: FormAuthentication Valve changes fail with RequestListeners?
>
> 2012/3/29 Thomas Strauß <t....@srs-management.de>:
> > Hi,
> >
> > we have a web application using the FormAuthentication with Tomcat
> 7.0.11.
> >
> > The application provides its own realm, that is valid for the whole
> > server (configured in server.xml). The realm is based on datasource
> realm.
> >
> > The application provides request listeners that rely on the
> > request.getPrincipal() method to obtain the logged on user.
> >
> > The request listener authenticates a service framework with the
> > principal from the request.
> >
> > Tomcat 7.0.11 as stated above works with this design.
> >
> >
> > In Tomcat 7.0.26 this approach fails, because the requestlistener can
> > no longer obtain the principal using request.getPrincipal(). The call
> > returns null. A webpage (jsp) called after the listener as target of
> > the request can obtain the principal from the request as expected.
> >
> > No configuration changes have been applied between 7.0.11 and 7.0.26.
> >
> > Additionally we have experimented with various valve options, but did
> > not succeed.
> >
> > We cannot explain this behavior and think it is a bug in Tomcat.
> >
> > Any help appreciated, as currently we cannot upgrade Tomcat due to
> > this issue.
> >
>
> > In Tomcat 7.0.26 this approach fails, because the requestlistener can
> > no longer obtain the principal using request.getPrincipal().
>
> Is there a security constraint on the resource that the user is accessing?
> (I.e. is user accessing a protected resource?)
>
> Look at configuration options for <Context>. See
> "preemptiveAuthentication" there.
>
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
Re: FormAuthentication Valve changes fail with RequestListeners?
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/3/29 Thomas Strauß <t....@srs-management.de>:
> Hi,
>
> we have a web application using the FormAuthentication with Tomcat 7.0.11.
>
> The application provides it’s own realm, that is valid for the whole server
> (configured in server.xml). The realm is based on datasource realm.
>
> The application provides request listeners that rely on the
> request.getPrincipal() method to obtain the logged on user.
>
> The request listener authenticates a service framework with the principal
> from the request.
>
> Tomcat 7.0.11 as stated above works with this design.
>
>
> In Tomcat 7.0.26 this approach fails, because the requestlistener can no
> longer obtain the principal using request.getPrincipal(). The call returns
> null. A webpage (jsp) called after the listener as target of the request can
> obtain the principal from the request as expected.
>
> No configuration changes have been applied between 7.0.11 and 7.0.26.
>
> Additionally we have experimented with various valve options, but did not
> succeed.
>
> We cannot explain this behavior and think it is a bug in Tomcat.
>
> Any help appreciated, as currently we cannot upgrade Tomcat due to this
> issue.
>
> In Tomcat 7.0.26 this approach fails, because the requestlistener can no
> longer obtain the principal using request.getPrincipal().
Is there a security constraint on the resource that the user is
accessing? (I.e. is user accessing a protected resource?)
Look at configuration options for <Context>. See
"preemptiveAuthentication" there.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: FormAuthentication Valve changes fail with RequestListeners?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas,
On 3/29/12 12:29 PM, Thomas Strauß wrote:
> The application provides it’s own realm, that is valid for the
> whole server (configured in server.xml). The realm is based on
> datasource realm.
Can you describe the changes in behavior that your own DataSourceRealm
subclass provides?
> The application provides request listeners that rely on the
> request.getPrincipal() method to obtain the logged on user.
That seems reasonable.
> The request listener authenticates a service framework with the
> principal from the request.
Ok.
> In Tomcat 7.0.26 this approach fails, because the requestlistener
> can no longer obtain the principal using request.getPrincipal().
> The call returns null. A webpage (jsp) called after the listener as
> target of the request can obtain the principal from the request as
> expected.
So your listener seems to see null, but a JSP later in the call
sequence *can* see the Principal? Or do you mean later in the flow?
IIRC, something changed with getPrincipal returning null when no
security constraint was in effect, but I can't seem to find it in the
changelog. Have you read the changelog? That's a lot of versions to
skip, and lots of stuff has been fixed/updated.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk90zO0ACgkQ9CaO5/Lv0PBIqwCgkG7AGPFMvoxgvblL2BcgSRI7
O8oAnjY9aCdvEqlSdnk64ESct7eEde5O
=hX94
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org