You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by oh...@cox.net on 2012/05/17 18:10:57 UTC
How to get debug output from JNDIRealm.java?
Hi,
I'm trying to debug some problems while enabling JNDIRealm in Tomcat 6.0.33.
I've gotten Tomcat itself to output debug logging, but looking at the JNDIRealm.java code, e.g.:
http://www.docjar.com/html/api/org/apache/catalina/realm/JNDIRealm.java.html
It looks like there's a bunch of debug output that the Java code *can* output.
The problem is that I don't know how to enable that debug output/logging?
I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
1044 if (username == null || username.equals("")
1045 || credentials == null || credentials.equals("")) {
1046 if (containerLog.isDebugEnabled())
1047 containerLog.debug("username null or empty: returning null principal.");
1048 return (null);
??
Thanks,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by "Lobb, Janos" <ja...@yale.edu>.
On May 17, 2012, at 12:57 PM, André Warnier wrote:
> ohaya@cox.net wrote:
> ...
>
>> The problem is that I don't know how to enable that debug output/logging?
>> I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
> Give it up. The Tomcat logging implementation and its documentation (with the exception of the AcccesLogValve) are totally impenetrable to mere mortal human beings.
> Unless you have been born from Java programmer parents, are having Java coffee exclusively for breakfast and read Java books by the pool for fun, you don't stand a chance.
> It generally makes for lively debates though..
>
In the island of Java !!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
On 5/17/12 12:57 PM, André Warnier wrote:
> Give it up. The Tomcat logging implementation and its
> documentation (with the exception of the AcccesLogValve) are
> totally impenetrable to mere mortal human beings.
Or those not willing to take the time to read this:
http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_java.util.logging_%28default%29
It takes about 5 minutes is you read slowly.
It tells you:
1. What can be configured
2. Where the configuration files are
3. How to set the logging threshold for a logger (e.g. DEBUG)
4. What an example configuration file looks like
5. Where to get more information about java.util.logging
What the documentation does provide is a reproduction of all of the
documentation available online for java.util.logging. If you want to
know exactly what "loggers" are versus "handlers" and how to configure
everything from scratch, do some Googling.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+1QewACgkQ9CaO5/Lv0PCoHQCfVUSfjC6bsv071j7YvpfNjudw
1+wAnR/LMpL7SyQiVnDmmSgnRB8dsuT5
=P42m
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by David kerber <dc...@verizon.net>.
On 5/17/2012 12:57 PM, André Warnier wrote:
> ohaya@cox.net wrote:
> ...
>
>>
>> The problem is that I don't know how to enable that debug output/logging?
>>
>> I'm assuming that something needs to be added to the Tomcat
>> logging.properties, but can anyone tell me what that should be to get
>> the messages such as would be output by the following code in
>> JNDIRealm.java:
>>
> Give it up. The Tomcat logging implementation and its documentation
> (with the exception of the AcccesLogValve) are totally impenetrable to
> mere mortal human beings.
> Unless you have been born from Java programmer parents, are having Java
> coffee exclusively for breakfast and read Java books by the pool for
> fun, you don't stand a chance.
> It generally makes for lively debates though..
Thanks for the confirmation, Andre! I've thought that way for a long
time...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by André Warnier <aw...@ice-sa.com>.
ohaya@cox.net wrote:
...
>
> The problem is that I don't know how to enable that debug output/logging?
>
> I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
>
Give it up. The Tomcat logging implementation and its documentation (with the exception
of the AcccesLogValve) are totally impenetrable to mere mortal human beings.
Unless you have been born from Java programmer parents, are having Java coffee exclusively
for breakfast and read Java books by the pool for fun, you don't stand a chance.
It generally makes for lively debates though..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim,
On 5/17/12 1:21 PM, ohaya@cox.net wrote:
> Here's a partial stripped down version of my server.xml
Try copy/paste instead of attaching: the list strips many types of
attachments.
> So, how do I enable the output from the JNDIRealm?
You need something like this in your logging.properties:
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/context].level
= DEBUG
You'll need to replace "/context" with the context path of your webapp.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+1NXEACgkQ9CaO5/Lv0PBEiwCeKJEhmA4q+BCGer0FpHxdBRwu
A6AAoMEDa869XC0OippZPPI3mj8k/d1q
=LL3N
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim,
On 5/17/12 4:59 PM, ohaya@cox.net wrote:
> Christopher Schultz <ch...@christopherschultz.net> wrote:
>>
>> Why do you think that a NamingException is being caught?
>
> I didn't say that I didn't think that the exception was not being
> caught, but rather that I'm not seeing any associated output in
> any of the Tomcat logs (or the console out), e.g., I don't see a
> log msg with "Returning null principal".
The code snippet you pasted was the exception handler for when a
NamingException is caught. I would only expect to see those log
messages when such an exception is being handled.
> What else do I need to configure in logging.properties or
> otherwise to get the output logged?
I'm wondering if you are just expecting some log messages that aren't
actually being logged (e.g. wrong code path).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+1bmMACgkQ9CaO5/Lv0PDkDQCfVuqzoec3Z3xa5bPsg7fIO5GG
LyMAnRnEFNX2QbvzXHFj40WsVZUzlC7a
=ktTt
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by oh...@cox.net.
---- Christopher Schultz <ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jim,
>
> On 5/17/12 1:56 PM, ohaya@cox.net wrote:
> > I think that the code snippet I sent earlier was the wrong one, but
> > it seems like I still should have gotten some output logging for
> > the following code from JNDIRealm.java?
> >
> > 1003 } catch (NamingException e) { 1004 1005
> > // Log the problem for posterity 1006
> > containerLog.error(sm.getString("jndiRealm.exception"), e); 1007
> > 1008 // Close the connection so that it gets
> > reopened next time 1009 if (context != null) 1010
> > close(context); 1011 1012 // Return "not
> > authenticated" for this request 1013 if
> > (containerLog.isDebugEnabled()) 1014
> > containerLog.debug("Returning null principal."); 1015
> > return (null);
> >
> > i.e., I should have seen "Returning null principal" in the Tomcat
> > logging?
>
> Why do you think that a NamingException is being caught?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk+1ZGwACgkQ9CaO5/Lv0PCnXACfQ053y47B7MLmIbpznhPufSQK
> Y3MAoJ4TkTP3/HcwlelKvOm/wISz5fbI
> =H5G4
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Hi,
I didn't say that I didn't think that the exception was not being caught, but rather that I'm not seeing any associated output in any of the Tomcat logs (or the console out), e.g., I don't see a log msg with "Returning null principal".
What else do I need to configure in logging.properties or otherwise to get the output logged?
Thanks,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim,
On 5/17/12 1:56 PM, ohaya@cox.net wrote:
> I think that the code snippet I sent earlier was the wrong one, but
> it seems like I still should have gotten some output logging for
> the following code from JNDIRealm.java?
>
> 1003 } catch (NamingException e) { 1004 1005
> // Log the problem for posterity 1006
> containerLog.error(sm.getString("jndiRealm.exception"), e); 1007
> 1008 // Close the connection so that it gets
> reopened next time 1009 if (context != null) 1010
> close(context); 1011 1012 // Return "not
> authenticated" for this request 1013 if
> (containerLog.isDebugEnabled()) 1014
> containerLog.debug("Returning null principal."); 1015
> return (null);
>
> i.e., I should have seen "Returning null principal" in the Tomcat
> logging?
Why do you think that a NamingException is being caught?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+1ZGwACgkQ9CaO5/Lv0PCnXACfQ053y47B7MLmIbpznhPufSQK
Y3MAoJ4TkTP3/HcwlelKvOm/wISz5fbI
=H5G4
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by oh...@cox.net.
---- ohaya@cox.net wrote:
>
> ---- Konstantin Kolinko <kn...@gmail.com> wrote:
> > 2012/5/17 <oh...@cox.net>:
> > >> >
> > >> > See
> > >> > http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
> > >> >
> > >>
> > >> Here's a partial stripped down version of my server.xml, to show the JNDIRealm part in context. I guess that it's in the <Engine>?
> > >>
> > >> So, how do I enable the output from the JNDIRealm?
> > >>
> > >> I checked the link you included, but it reflected what you said, but I'm unclear about exactly what I need to do (e.g., add to logging.properties) to get the debug output?
> > >>
> > >> Thanks,
> > >> Jim
> > >>
> > >> P.S. Per other responses, if you could help explain, it might clarify things for others on the mailing list, who also appear to not know how to do this?
> > \>
> > > P.P.S. In case it helps, here is my current logging.properties:
> > >
> >
> > >
> > > # For example, to log debug messages in ContextConfig and HostConfig
> > > # classes and to log only warnings and errors in other
> > > # org.apache.catalina.** classes, uncomment these lines:
> > > #org.apache.catalina.startup.ContextConfig.level = FINE
> > > #org.apache.catalina.startup.HostConfig.level = FINE
> > > #org.apache.catalina.level = WARNING
> >
> > I have not see your server.xml, but let's suppose that your Realm is
> > in the Engine.
> > The logging category for engine will be
> > "org.apache.catalina.core.ContainerBase.[Catalina]"
> >
> > To enable debug logging for it you have to
> > 1. add the following line to logging.properties file and
> > 2. restart Tomcat:
> >
> > org.apache.catalina.core.ContainerBase.[Catalina].level = FINE
> >
> > Best regards,
> > Konstantin Kolinko
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> Hi,
>
> FYI, I posted a msg with the server.xml snippet, which I had forgotten.
>
> Also, I just tried adding the line you suggested to logging.properties, then bounced Tomcat.
>
> On startup, I do see some new messages:
>
> May 17, 2012 1:40:48 PM org.apache.catalina.realm.RealmBase init
> FINE: Register Realm Catalina:type=Realm,realmPath=/realm0
> May 17, 2012 1:40:48 PM org.apache.catalina.realm.JNDIRealm getDirectoryContextEnvironment
> FINE: Connecting to URL ldap://oidoif:6501
>
> but, just to test if the logging was outputing anything, I access Tomcat /manager, with incorrect username/password, and I don't see anything from JNDIRealm in the logs.
>
> Looking at JNDIRealm.java code, I see this code:
>
> 944 // Authenticate the specified username if possible
> 945 principal = authenticate(context, username, credentials);
> 946
> 947 } catch (NullPointerException e) {
> 948 /* BZ 42449 - Kludge Sun's LDAP provider
> 949 with broken SSL
> 950 */
> 951 // log the exception so we know it's there.
> 952 containerLog.warn(sm.getString("jndiRealm.exception"), e);
>
> Shouldn't the logs show some kind of exception message for the above lines?
>
> Thanks,
> Jim
Hi,
I think that the code snippet I sent earlier was the wrong one, but it seems like I still should have gotten some output logging for the following code from JNDIRealm.java?
1003 } catch (NamingException e) {
1004
1005 // Log the problem for posterity
1006 containerLog.error(sm.getString("jndiRealm.exception"), e);
1007
1008 // Close the connection so that it gets reopened next time
1009 if (context != null)
1010 close(context);
1011
1012 // Return "not authenticated" for this request
1013 if (containerLog.isDebugEnabled())
1014 containerLog.debug("Returning null principal.");
1015 return (null);
i.e., I should have seen "Returning null principal" in the Tomcat logging?
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by oh...@cox.net.
---- Konstantin Kolinko <kn...@gmail.com> wrote:
> 2012/5/17 <oh...@cox.net>:
> >> >
> >> > See
> >> > http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
> >> >
> >>
> >> Here's a partial stripped down version of my server.xml, to show the JNDIRealm part in context. I guess that it's in the <Engine>?
> >>
> >> So, how do I enable the output from the JNDIRealm?
> >>
> >> I checked the link you included, but it reflected what you said, but I'm unclear about exactly what I need to do (e.g., add to logging.properties) to get the debug output?
> >>
> >> Thanks,
> >> Jim
> >>
> >> P.S. Per other responses, if you could help explain, it might clarify things for others on the mailing list, who also appear to not know how to do this?
> \>
> > P.P.S. In case it helps, here is my current logging.properties:
> >
>
> >
> > # For example, to log debug messages in ContextConfig and HostConfig
> > # classes and to log only warnings and errors in other
> > # org.apache.catalina.** classes, uncomment these lines:
> > #org.apache.catalina.startup.ContextConfig.level = FINE
> > #org.apache.catalina.startup.HostConfig.level = FINE
> > #org.apache.catalina.level = WARNING
>
> I have not see your server.xml, but let's suppose that your Realm is
> in the Engine.
> The logging category for engine will be
> "org.apache.catalina.core.ContainerBase.[Catalina]"
>
> To enable debug logging for it you have to
> 1. add the following line to logging.properties file and
> 2. restart Tomcat:
>
> org.apache.catalina.core.ContainerBase.[Catalina].level = FINE
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Hi,
FYI, I posted a msg with the server.xml snippet, which I had forgotten.
Also, I just tried adding the line you suggested to logging.properties, then bounced Tomcat.
On startup, I do see some new messages:
May 17, 2012 1:40:48 PM org.apache.catalina.realm.RealmBase init
FINE: Register Realm Catalina:type=Realm,realmPath=/realm0
May 17, 2012 1:40:48 PM org.apache.catalina.realm.JNDIRealm getDirectoryContextEnvironment
FINE: Connecting to URL ldap://oidoif:6501
but, just to test if the logging was outputing anything, I access Tomcat /manager, with incorrect username/password, and I don't see anything from JNDIRealm in the logs.
Looking at JNDIRealm.java code, I see this code:
944 // Authenticate the specified username if possible
945 principal = authenticate(context, username, credentials);
946
947 } catch (NullPointerException e) {
948 /* BZ 42449 - Kludge Sun's LDAP provider
949 with broken SSL
950 */
951 // log the exception so we know it's there.
952 containerLog.warn(sm.getString("jndiRealm.exception"), e);
Shouldn't the logs show some kind of exception message for the above lines?
Thanks,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/5/17 <oh...@cox.net>:
>> >
>> > See
>> > http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
>> >
>>
>> Here's a partial stripped down version of my server.xml, to show the JNDIRealm part in context. I guess that it's in the <Engine>?
>>
>> So, how do I enable the output from the JNDIRealm?
>>
>> I checked the link you included, but it reflected what you said, but I'm unclear about exactly what I need to do (e.g., add to logging.properties) to get the debug output?
>>
>> Thanks,
>> Jim
>>
>> P.S. Per other responses, if you could help explain, it might clarify things for others on the mailing list, who also appear to not know how to do this?
\>
> P.P.S. In case it helps, here is my current logging.properties:
>
>
> # For example, to log debug messages in ContextConfig and HostConfig
> # classes and to log only warnings and errors in other
> # org.apache.catalina.** classes, uncomment these lines:
> #org.apache.catalina.startup.ContextConfig.level = FINE
> #org.apache.catalina.startup.HostConfig.level = FINE
> #org.apache.catalina.level = WARNING
I have not see your server.xml, but let's suppose that your Realm is
in the Engine.
The logging category for engine will be
"org.apache.catalina.core.ContainerBase.[Catalina]"
To enable debug logging for it you have to
1. add the following line to logging.properties file and
2. restart Tomcat:
org.apache.catalina.core.ContainerBase.[Catalina].level = FINE
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by oh...@cox.net.
---- ohaya@cox.net wrote:
>
> ---- ohaya@cox.net wrote:
> >
> > ---- Konstantin Kolinko <kn...@gmail.com> wrote:
> > > 2012/5/17 <oh...@cox.net>:
> > > > Hi,
> > > >
> > > > I'm trying to debug some problems while enabling JNDIRealm in Tomcat 6.0.33.
> > > >
> > > > I've gotten Tomcat itself to output debug logging, but looking at the JNDIRealm.java code, e.g.:
> > > >
> > > > http://www.docjar.com/html/api/org/apache/catalina/realm/JNDIRealm.java.html
> > > >
> > > > It looks like there's a bunch of debug output that the Java code *can* output.
> > > >
> > > > The problem is that I don't know how to enable that debug output/logging?
> > > >
> > > > I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
> > > >
> > > > 1044 if (username == null || username.equals("")
> > > > 1045 || credentials == null || credentials.equals("")) {
> > > > 1046 if (containerLog.isDebugEnabled())
> > > > 1047 containerLog.debug("username null or empty: returning null principal.");
> > > > 1048 return (null);
> > > >
> > >
> > >
> > > See
> > > http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
> > >
> > > The "containerLog" writes to a category that has name similar to the following:
> > > org.apache.catalina.core.ContainerBase.[${engine}].[${host}].[${context}]
> > >
> > > If your realm in in Context, then you will get the full name.
> > > If it is in Host, you will get [engine][host] only,
> > > and so on.
> > >
> > >
> > > You may also want to run under debugger,
> > > http://wiki.apache.org/tomcat/FAQ/Developing#Debugging
> > >
> > > Best regards,
> > > Konstantin Kolinko
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> >
> > Konstantin,
> >
> > Here's a partial stripped down version of my server.xml, to show the JNDIRealm part in context. I guess that it's in the <Engine>?
> >
> > So, how do I enable the output from the JNDIRealm?
> >
> > I checked the link you included, but it reflected what you said, but I'm unclear about exactly what I need to do (e.g., add to logging.properties) to get the debug output?
> >
> > Thanks,
> > Jim
> >
> > P.S. Per other responses, if you could help explain, it might clarify things for others on the mailing list, who also appear to not know how to do this?
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> P.P.S. In case it helps, here is my current logging.properties:
>
>
> # Licensed to the Apache Software Foundation (ASF) under one or more
> # contributor license agreements. See the NOTICE file distributed with
> # this work for additional information regarding copyright ownership.
> # The ASF licenses this file to You under the Apache License, Version 2.0
> # (the "License"); you may not use this file except in compliance with
> # the License. You may obtain a copy of the License at
> #
> # http://www.apache.org/licenses/LICENSE-2.0
> #
> # Unless required by applicable law or agreed to in writing, software
> # distributed under the License is distributed on an "AS IS" BASIS,
> # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> # See the License for the specific language governing permissions and
> # limitations under the License.
>
> handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
>
> .handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
>
> ############################################################
> # Handler specific properties.
> # Describes specific configuration info for Handlers.
> ############################################################
>
> 1catalina.org.apache.juli.FileHandler.level = FINE
> 1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
> 1catalina.org.apache.juli.FileHandler.prefix = catalina.
>
> # JL - FOLLOWING ADDED FOR DEBUG PER: http://dev-answers.blogspot.com/2010/03/enable-debugtrace-level-logging-for.html
> 1catalina.org.apache.juli.FileHandler.bufferSize = -1
>
> 2localhost.org.apache.juli.FileHandler.level = FINE
> 2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
> 2localhost.org.apache.juli.FileHandler.prefix = localhost.
>
> 3manager.org.apache.juli.FileHandler.level = FINE
> 3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
> 3manager.org.apache.juli.FileHandler.prefix = manager.
>
> 4host-manager.org.apache.juli.FileHandler.level = FINE
> 4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
> 4host-manager.org.apache.juli.FileHandler.prefix = host-manager.
>
> java.util.logging.ConsoleHandler.level = FINE
> java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
>
>
> ############################################################
> # Facility specific properties.
> # Provides extra control for each logger.
> ############################################################
>
>
> # JL - FOLLOWING ADDED FOR DEBUG PER: http://dev-answers.blogspot.com/2010/03/enable-debugtrace-level-logging-for.html
> # This would turn on trace-level for everything
> # the possible levels are: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL
> #org.apache.catalina.level = ALL
> #org.apache.catalina.handlers = 2localhost.org.apache.juli.FileHandler
> org.apache.catalina.realm.level = ALL
> org.apache.catalina.realm.useParentHandlers = true
> org.apache.catalina.authenticator.level = ALL
> org.apache.catalina.authenticator.useParentHandlers = true
>
>
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
>
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler
>
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler
>
> # For example, to log debug messages in ContextConfig and HostConfig
> # classes and to log only warnings and errors in other
> # org.apache.catalina.** classes, uncomment these lines:
> #org.apache.catalina.startup.ContextConfig.level = FINE
> #org.apache.catalina.startup.HostConfig.level = FINE
> #org.apache.catalina.level = WARNING
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Hi,
Oops. In my previous email, I forgot to paste in the server.xml snippet with the realm :(....
<Server port="8005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="cn=XXXX"
connectionPassword="YYYYYYY"
connectionURL="ldap://oidoif:6501"
userPassword="userPassword"
userPattern="cn={0},cn=users,dc=whatever,dc=com"
roleBase="cn=groups,dc=whatever,dc=com"
roleName="cn"
debug="9"
roleSearch="(uniqueMember={0})"
/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
</Server>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by oh...@cox.net.
---- ohaya@cox.net wrote:
>
> ---- Konstantin Kolinko <kn...@gmail.com> wrote:
> > 2012/5/17 <oh...@cox.net>:
> > > Hi,
> > >
> > > I'm trying to debug some problems while enabling JNDIRealm in Tomcat 6.0.33.
> > >
> > > I've gotten Tomcat itself to output debug logging, but looking at the JNDIRealm.java code, e.g.:
> > >
> > > http://www.docjar.com/html/api/org/apache/catalina/realm/JNDIRealm.java.html
> > >
> > > It looks like there's a bunch of debug output that the Java code *can* output.
> > >
> > > The problem is that I don't know how to enable that debug output/logging?
> > >
> > > I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
> > >
> > > 1044 if (username == null || username.equals("")
> > > 1045 || credentials == null || credentials.equals("")) {
> > > 1046 if (containerLog.isDebugEnabled())
> > > 1047 containerLog.debug("username null or empty: returning null principal.");
> > > 1048 return (null);
> > >
> >
> >
> > See
> > http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
> >
> > The "containerLog" writes to a category that has name similar to the following:
> > org.apache.catalina.core.ContainerBase.[${engine}].[${host}].[${context}]
> >
> > If your realm in in Context, then you will get the full name.
> > If it is in Host, you will get [engine][host] only,
> > and so on.
> >
> >
> > You may also want to run under debugger,
> > http://wiki.apache.org/tomcat/FAQ/Developing#Debugging
> >
> > Best regards,
> > Konstantin Kolinko
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
> Konstantin,
>
> Here's a partial stripped down version of my server.xml, to show the JNDIRealm part in context. I guess that it's in the <Engine>?
>
> So, how do I enable the output from the JNDIRealm?
>
> I checked the link you included, but it reflected what you said, but I'm unclear about exactly what I need to do (e.g., add to logging.properties) to get the debug output?
>
> Thanks,
> Jim
>
> P.S. Per other responses, if you could help explain, it might clarify things for others on the mailing list, who also appear to not know how to do this?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
P.P.S. In case it helps, here is my current logging.properties:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
# JL - FOLLOWING ADDED FOR DEBUG PER: http://dev-answers.blogspot.com/2010/03/enable-debugtrace-level-logging-for.html
1catalina.org.apache.juli.FileHandler.bufferSize = -1
2localhost.org.apache.juli.FileHandler.level = FINE
2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.FileHandler.prefix = localhost.
3manager.org.apache.juli.FileHandler.level = FINE
3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.FileHandler.prefix = manager.
4host-manager.org.apache.juli.FileHandler.level = FINE
4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.FileHandler.prefix = host-manager.
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
# JL - FOLLOWING ADDED FOR DEBUG PER: http://dev-answers.blogspot.com/2010/03/enable-debugtrace-level-logging-for.html
# This would turn on trace-level for everything
# the possible levels are: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL
#org.apache.catalina.level = ALL
#org.apache.catalina.handlers = 2localhost.org.apache.juli.FileHandler
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler
# For example, to log debug messages in ContextConfig and HostConfig
# classes and to log only warnings and errors in other
# org.apache.catalina.** classes, uncomment these lines:
#org.apache.catalina.startup.ContextConfig.level = FINE
#org.apache.catalina.startup.HostConfig.level = FINE
#org.apache.catalina.level = WARNING
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by oh...@cox.net.
---- Konstantin Kolinko <kn...@gmail.com> wrote:
> 2012/5/17 <oh...@cox.net>:
> > Hi,
> >
> > I'm trying to debug some problems while enabling JNDIRealm in Tomcat 6.0.33.
> >
> > I've gotten Tomcat itself to output debug logging, but looking at the JNDIRealm.java code, e.g.:
> >
> > http://www.docjar.com/html/api/org/apache/catalina/realm/JNDIRealm.java.html
> >
> > It looks like there's a bunch of debug output that the Java code *can* output.
> >
> > The problem is that I don't know how to enable that debug output/logging?
> >
> > I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
> >
> > 1044 if (username == null || username.equals("")
> > 1045 || credentials == null || credentials.equals("")) {
> > 1046 if (containerLog.isDebugEnabled())
> > 1047 containerLog.debug("username null or empty: returning null principal.");
> > 1048 return (null);
> >
>
>
> See
> http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
>
> The "containerLog" writes to a category that has name similar to the following:
> org.apache.catalina.core.ContainerBase.[${engine}].[${host}].[${context}]
>
> If your realm in in Context, then you will get the full name.
> If it is in Host, you will get [engine][host] only,
> and so on.
>
>
> You may also want to run under debugger,
> http://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Konstantin,
Here's a partial stripped down version of my server.xml, to show the JNDIRealm part in context. I guess that it's in the <Engine>?
So, how do I enable the output from the JNDIRealm?
I checked the link you included, but it reflected what you said, but I'm unclear about exactly what I need to do (e.g., add to logging.properties) to get the debug output?
Thanks,
Jim
P.S. Per other responses, if you could help explain, it might clarify things for others on the mailing list, who also appear to not know how to do this?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to get debug output from JNDIRealm.java?
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/5/17 <oh...@cox.net>:
> Hi,
>
> I'm trying to debug some problems while enabling JNDIRealm in Tomcat 6.0.33.
>
> I've gotten Tomcat itself to output debug logging, but looking at the JNDIRealm.java code, e.g.:
>
> http://www.docjar.com/html/api/org/apache/catalina/realm/JNDIRealm.java.html
>
> It looks like there's a bunch of debug output that the Java code *can* output.
>
> The problem is that I don't know how to enable that debug output/logging?
>
> I'm assuming that something needs to be added to the Tomcat logging.properties, but can anyone tell me what that should be to get the messages such as would be output by the following code in JNDIRealm.java:
>
> 1044 if (username == null || username.equals("")
> 1045 || credentials == null || credentials.equals("")) {
> 1046 if (containerLog.isDebugEnabled())
> 1047 containerLog.debug("username null or empty: returning null principal.");
> 1048 return (null);
>
See
http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Servlets_logging_API
The "containerLog" writes to a category that has name similar to the following:
org.apache.catalina.core.ContainerBase.[${engine}].[${host}].[${context}]
If your realm in in Context, then you will get the full name.
If it is in Host, you will get [engine][host] only,
and so on.
You may also want to run under debugger,
http://wiki.apache.org/tomcat/FAQ/Developing#Debugging
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org