You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID> on 2019/04/11 21:28:59 UTC
Tomcat(9.0.13) Error in DEV Server
Tomcat Experts:
The Tomcat server works fine in my local computer with application "TOPS" in Eclipse. I deployed the TOPS application to our DEV web server eagnmnmed1f45 under webapps.
After I started the Tomcat server (9.0.13) in DEV server and entered the TOPS home page URL http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the browser, I got the following error:
[cid:image001.png@01D4F07A.31A329C0]
atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail<mailto:atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs%3etail> -f catalina.out
5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find configuration [LegDistanceImpl]; using defaults.
5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not binding factory to JNDI, no JNDI name configured
0 [main] INFO filter.ResponseOverrideFilter - Filter initialized. Response buffering is enabled
1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded for module ''.
1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules file from '/WEB-INF/validator-rules.xml'
1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules file from '/WEB-INF/validation.xml'
1738 [main] INFO tiles.TilesPlugin - Factory already exists for module ''. The factory found is from module ''. No new creation.
05-Apr-2019 11:18:01.913 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-9080"]
05-Apr-2019 11:18:01.928 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-9443"]
05-Apr-2019 11:18:01.932 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor - Tiles definition factory found for request processor ''.
Error connecting to LDAP server.
java.lang.NullPointerException
at com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
at com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
at com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Notice that I entered non secure port 9080 and then was re-direct to secure 9443.
If I only entered "http://eagnmnmed1f45:9080/TOPS-WEB/", the login screen showed up as below:
[cid:image002.png@01D4F07B.1803C190]
But after I entered topsadmin/@88Topstopstops as id/pd and clicked Login button, I got the following error:
[cid:image003.png@01D4F07B.1803C190]
I know the topsadmin/@88Topstopstops is the correct id/pd.
Any idea what happens here? Any input is appreciated. Following is the contents of server.xml and LDAP_realm.xml
atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE server-xml [
<!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
]>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html -->
<Listener className="org.apache.catalina.security.SecurityListener" checkedOsUsers="root" minimumUmask="0007"/>
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -->
<GlobalNamingResources>
<!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -->
<!-- *** Not needed, because we use JNDI Realm *** -->
<!-- <Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="tomcat-users.xml" />
-->
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> -->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
-->
<Connector port="9080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
maxHttpHeaderSize="8192"
allowTrace="false"
xpoweredBy="false"
enableLookups="false" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="9080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
allowTrace="false"
xpoweredBy="false"
server="USPS"
enableLookups="false" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<Connector port="9443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="60000"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
keystorePass="4bidden!"
clientAuth="want"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384"
maxHttpHeaderSize="8192"
allowTrace="false"
xpoweredBy="false"
server="USPS"
enableLookups="false" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3"
connectionTimeout="20000"
protocol="AJP/1.3"
redirectPort="9443"
allowTrace="false"
xpoweredBy="false"
enableLookups="false" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> -->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
-->
&LDAP_realm;
</Realm>
<Host name="localhost"
appBase="webapps"
unpackWARs="true"
deployOnStartup="false"
autoDeploy="false">
<Context path=""
docBase="/opt/TomCat/tomcat/webapps/ROOT"
debug="0"
privileged="true">
</Context>
<Context path="/TOPS-WEB"
docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
debug="0"
privileged="true">
<Resource name="jdbc/TOPSDB"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
inactiveConnectionTimeout="120"
maxPoolSize="20"
minPoolSize="1"
password="g3td0wn"
url="jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=dtops.usps.gov)))"
username="TOPS_ADMIN"
validateConnectionOnBorrow="true"/>
</Context>
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
connectionName="wasdev2@devsub.dev.dce.usps.gov"
connectionPassword="F0rkedup"
authentication="simple"
referrals="ignore"
userSearch="(sAMAccountName={0})"
userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
userSubtree="true"
roleSearch="(member={0})"
roleName="cn"
roleSubtree="true"
roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
adCompat="true"
/>
Thanks
Gary
Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Gary,
Your user, topsadmin is has the role NAT_TOPS_ADMIN, see [1], however the
application is looking for another bunch of roles like
TOPS_INTL_FIELD_USER_MIA, TOPS_MODELING, etc... I suggest you to check your
user membership [2] and try with the roleNested=true in your configuration
[3]
Hope it helps,
Luis
[1] Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
[2] https://stackoverflow.com/questions/6195812/ldap-nested-group-membership
[3] https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm &
https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html
El mar., 16 abr. 2019 a las 9:03, Peter@Kreuser-Online (<lo...@kreuser.name>)
escribió:
> Hi Gary,
>
> see way below inline...
>
> > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor
> <Ga...@usps.gov.invalid>:
> >
> > Luis:
> >
> > Thanks for your input. I put the following into
> conf/logging.properties and add debug="99" in the Realm definition so I
> can see more Realm logging information:
> >
> > org.apache.catalina.realm.level = ALL
> > org.apache.catalina.realm.useParentHandlers = true
> > org.apache.catalina.authenticator.level = ALL
> > org.apache.catalina.authenticator.useParentHandlers = true
> >
> >
> > After the first login attempt in the application TOPS login screen,
> the URL was redirected to
> https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check with invalid UID/PW
> message. Then I entered topsadmin/@88Topstopstops as id/pd and clicked
> the Login button again, I got the following message in the catalina.out:
> >
> >
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request POST /TOPS-WEB/j_security_check
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission User data
> constraint already satisfied
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> authenticate()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authenticating username 'topsadmin'
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Attempting to
> authenticate user [topsadmin] with realm
> [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.JNDIRealm.authenticate Exception performing
> authentication. Retrying...
> > javax.naming.CommunicationException: Connection reset [Root exception is
> java.net.SocketException: Connection reset];
> ^^^^^^^^^^^^
> That may be the reason!?
> It cannot connect and everything following is just bad error handling?
>
> > remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
> > at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
> > at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> > at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> > at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> > at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> > at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> > at
> org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
> > at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
> > at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
> > at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
> > at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
> > at
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
> > at
> org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
> > at
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
> > at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
> > at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> > at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> > at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> > at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> > at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> > at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> > at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> > at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
> > at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> > at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> > at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> > at java.lang.Thread.run(Thread.java:748)
> > Caused by: java.net.SocketException: Connection reset
> > at java.net.SocketInputStream.read(SocketInputStream.java:210)
> > at java.net.SocketInputStream.read(SocketInputStream.java:141)
> > at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> > at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> > at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
> > at
> sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
> > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> > at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> > at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> > at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> > at com.sun.jndi.ldap.Connection.run(Connection.java:877)
> > ... 1 more
> >
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user
> [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authentication of 'topsadmin' was successful
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Redirecting to original '/TOPS-WEB/'
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed
> authenticate() test
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request GET /TOPS-WEB/
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp
> --> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> GET /index.jsp --> false
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp -->
> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission User data
> constraint has no restrictions
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> authenticate()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore
> request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated
> 'topsadmin' with type 'FORM'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Session ID
> changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to
> [811799F279932B4B67D44931980994A7]
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed
> to restored request
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> accessControl()
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles
> GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_INQUIRY
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_ADMIN]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_ADMIN
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_SFO]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_SFO
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_MODELING]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_MODELING
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INQUIRY
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_EDITOR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_EDITOR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JFK]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JFK
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JECEWR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JECEWR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_ORD]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_ORD
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTERNATIONAL]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTERNATIONAL
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_LAX]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_LAX
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_MIA]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_MIA
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed
> accessControl() test
> >
> >
> >
> > The error messages on the screen looks like below:
> >
> > HTTP Status 403 – Forbidden
> >
> > Type Status Report
> >
> > Message Access to the requested resource has been denied
> >
> > Description The server understood the request but refuses to authorize
> it.
> >
> > USPS_restricted
> >
> >
> >
> >
> >
> >
> > Any idea what is that about? Again the Ream definition is:
> >
> > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> > connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> > connectionName="wasdev2@devsub.dev.dce.usps.gov"
> > connectionPassword="F0rkedup"
> > authentication="simple"
> > referrals="ignore"
> > userSearch="(sAMAccountName={0})"
> > userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> > userSubtree="true"
> > roleSearch="(member={0})"
> > roleName="cn"
> > roleSubtree="true"
> > roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> > adCompat="true"
> > />
> >
> >
> >
> > Thanks
> > Gary
> >
> >
>
> Peter
>
> PS: you should redact sensitive data from your mails. At least change
> passwords now... google is NOT your friend in this case...
>
> > -----Original Message-----
> > From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
> > Sent: Monday, April 15, 2019 3:47 AM
> > To: Tomcat Users List <us...@tomcat.apache.org>
> > Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
> >
> > Hello Gary,
> >
> > I would recommend you to add some debug to your JNDIReam [1]. For
> debugging your ldap search filters ldapsearch can be your friend [2] :)
> >
> > Hope it helps,
> >
> > Luis
> >
> > [1]
> >
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> > [2]
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
> >
> >
> >
> >
> >
> >
> >
> > El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO -
> Contractor
> > (<Ga...@usps.gov.invalid>) escribió:
> >
> >> All:
> >>
> >>
> >>
> >> Sorry on my previous email I have some graphic contents that can not
> >> be displayed. Now I change it to texts so you can see them
> >>
> >>
> >>
> >> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> >> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> >> *Sent:* Thursday, April 11, 2019 4:29 PM
> >> *To:* users@tomcat.apache.org
> >> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
> >>
> >>
> >>
> >> Tomcat Experts:
> >>
> >>
> >>
> >> The Tomcat server works fine in my local computer with
> >> application “TOPS“ in Eclipse. I deployed the TOPS application to our
> >> DEV web server eagnmnmed1f45 under webapps.
> >>
> >>
> >>
> >> After I started the Tomcat server (9.0.13) in DEV
> >> server and entered the TOPS home page URL
> >> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> >> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in
> the
> >> browser, it was re-directed to
> >> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
> >>
> >>
> >>
> >>
> >>
> >> *The website cannot display the page*
> >>
> >> HTTP 500
> >>
> >>
> >>
> >> *Most likely causes:*
> >>
> >> - The website is under maintenance.
> >> - The website has a programming error.
> >>
> >>
> >>
> >> *What you can try:*
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Refresh the page.Refresh the page.
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Go back to the previous page.Go back to the previous page.
> >>
> >>
> >>
> >> [image: More information]
> >>
> >> More information
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> >> catalina.out
> >>
> >> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> >> configuration [LegDistanceImpl]; using defaults.
> >>
> >> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> >> binding factory to JNDI, no JNDI name configured
> >>
> >> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
> >> Response buffering is enabled
> >>
> >> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded
> >> for module ''.
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> >> file from '/WEB-INF/validator-rules.xml'
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> >> file from '/WEB-INF/validation.xml'
> >>
> >> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for
> >> module ''. The factory found is from module ''. No new creation.
> >>
> >> 05-Apr-2019 11:18:01.913 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["http-nio-9080"]
> >>
> >> 05-Apr-2019 11:18:01.928 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["https-jsse-nio-9443"]
> >>
> >> 05-Apr-2019 11:18:01.932 INFO [main]
> >> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
> >>
> >> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
> >> Tiles definition factory found for request processor ''.
> >>
> >> Error connecting to LDAP server.
> >>
> >> java.lang.NullPointerException
> >>
> >> at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> >> n.java:120)
> >>
> >> at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> >> n.java:61)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> >> (AbstractDispatchAction.java:136)
> >>
> >> at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> >> ctDispatchAction.java:84)
> >>
> >> at
> >> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> >> (AbstractTOPSDispatchAction.java:258)
> >>
> >> at
> >> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> >> Processor.java:419)
> >>
> >> at
> >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> >> a:224)
> >>
> >> at
> >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> >> )
> >>
> >> at
> >> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
> >>
> >> at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> >>
> >> at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:170)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:225)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> >> Filter.java:125)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> >> )
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> >> lve.java:199)
> >>
> >> at
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> >> lve.java:96)
> >>
> >> at
> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> >> orBase.java:607)
> >>
> >> at
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> >> va:139)
> >>
> >> at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> >> va:92)
> >>
> >> at
> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> >> sLogValve.java:668)
> >>
> >> at
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> >> e.java:74)
> >>
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> >> :343)
> >>
> >> at
> >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> >> 408)
> >>
> >> at
> >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> >> t.java:66)
> >>
> >> at
> >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> >> rotocol.java:791)
> >>
> >> at
> >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> >> nt.java:1417)
> >>
> >> at
> >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> >> .java:49)
> >>
> >> at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> >> ava:1149)
> >>
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> >> java:624)
> >>
> >> at
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> >> ead.java:61)
> >>
> >> at java.lang.Thread.run(Thread.java:748)
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”,
> >> the login screen showed up.
> >>
> >> After I entered topsadmin/@88Topstopstops as id/pd and clicked
> >> Login button on the login screen, I got the following error:
> >>
> >>
> >>
> >>
> >>
> >> *Error*
> >>
> >> Error Message: You've entered an invalid Logon ID or Password. Please
> >> check that your Logon ID and Password are correct and try again.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> I know the topsadmin/@88Topstopstops is the correct id/pd.
> >>
> >>
> >>
> >> Any idea what happens here? Any input is appreciated. Following is
> >> the contents of server.xml and LDAP_realm.xml
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
> >>
> >> <?xml version='1.0' encoding='utf-8'?>
> >>
> >> <!DOCTYPE server-xml [
> >>
> >> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
> >>
> >> ]>
> >>
> >> <!--
> >>
> >> Licensed to the Apache Software Foundation (ASF) under one or more
> >>
> >> contributor license agreements. See the NOTICE file distributed
> >> with
> >>
> >> this work for additional information regarding copyright ownership.
> >>
> >> The ASF licenses this file to You under the Apache License, Version
> >> 2.0
> >>
> >> (the "License"); you may not use this file except in compliance with
> >>
> >> the License. You may obtain a copy of the License at
> >>
> >>
> >>
> >> http://www.apache.org/licenses/LICENSE-2.0
> >>
> >>
> >>
> >> Unless required by applicable law or agreed to in writing, software
> >>
> >> distributed under the License is distributed on an "AS IS" BASIS,
> >>
> >> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>
> >> See the License for the specific language governing permissions and
> >>
> >> limitations under the License.
> >>
> >> -->
> >>
> >> <!-- Note: A "Server" is not itself a "Container", so you may not
> >>
> >> define subcomponents such as "Valves" at this level.
> >>
> >> Documentation at /docs/config/server.html
> >>
> >> -->
> >>
> >> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
> >>
> >> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> >> />
> >>
> >>
> >>
> >> <!-- Security listener. Documentation at /docs/config/listeners.html
> >> -->
> >>
> >> <Listener className="org.apache.catalina.security.SecurityListener"
> >> checkedOsUsers="root" minimumUmask="0007"/>
> >>
> >>
> >>
> >> <!--APR library loader. Documentation at /docs/apr.html -->
> >>
> >> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> >> SSLEngine="on" />
> >>
> >> <!-- Prevent memory leaks due to use of particular java/javax
> >> APIs-->
> >>
> >> <Listener
> >> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> >> />
> >>
> >> <Listener
> >> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> >> " />
> >>
> >> <Listener
> >> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> >> />
> >>
> >>
> >>
> >> <!-- Global JNDI resources Documentation at
> >> /docs/jndi-resources-howto.html -->
> >>
> >> <GlobalNamingResources>
> >>
> >> <!-- Editable user database that can also be used by
> >> UserDatabaseRealm to authenticate users -->
> >>
> >> <!-- *** Not needed, because we use JNDI Realm *** -->
> >>
> >> <!-- <Resource name="UserDatabase" auth="Container"
> >>
> >> type="org.apache.catalina.UserDatabase"
> >>
> >> description="User database that can be updated and saved"
> >>
> >>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >>
> >> pathname="tomcat-users.xml" />
> >>
> >> -->
> >>
> >> </GlobalNamingResources>
> >>
> >>
> >>
> >> <!-- A "Service" is a collection of one or more "Connectors" that
> >> share
> >>
> >> a single "Container" Note: A "Service" is not itself a
> >> "Container",
> >>
> >> so you may not define subcomponents such as "Valves" at this
> level.
> >>
> >> Documentation at /docs/config/service.html
> >>
> >> -->
> >>
> >> <Service name="Catalina">
> >>
> >>
> >>
> >> <!--The connectors can use a shared executor, you can define one
> >> or more named thread pools-->
> >>
> >> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> >> maxThreads="150" minSpareThreads="4"/> -->
> >>
> >>
> >>
> >> <!-- A "Connector" represents an endpoint by which requests are
> >> received
> >>
> >> and responses are returned. Documentation at :
> >>
> >> Java HTTP Connector: /docs/config/http.html (blocking &
> >> non-blocking)
> >>
> >> Java AJP Connector: /docs/config/ajp.html
> >>
> >> APR (HTTP/AJP) Connector: /docs/apr.html
> >>
> >> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
> >>
> >> -->
> >>
> >> <Connector port="9080"
> >>
> >> protocol="HTTP/1.1"
> >>
> >> connectionTimeout="20000"
> >>
> >> redirectPort="9443"
> >>
> >> maxHttpHeaderSize="8192"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> enableLookups="false" />
> >>
> >> <!-- A "Connector" using the shared thread pool-->
> >>
> >> <!--
> >>
> >> <Connector executor="tomcatThreadPool"
> >>
> >> port="9080" protocol="HTTP/1.1"
> >>
> >> connectionTimeout="20000"
> >>
> >> redirectPort="9443"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> server="USPS"
> >>
> >> enableLookups="false" />
> >>
> >> -->
> >>
> >> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
> >>
> >> This connector uses the NIO implementation that requires the
> >> JSSE
> >>
> >> style configuration. When using the APR/native
> >> implementation, the
> >>
> >> OpenSSL style configuration is required as described in the
> >> APR/native
> >>
> >> documentation -->
> >>
> >> <Connector port="9443"
> >>
> >> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>
> >> connectionTimeout="60000"
> >>
> >> maxThreads="150"
> >>
> >> SSLEnabled="true"
> >>
> >> scheme="https"
> >>
> >> secure="true"
> >>
> >> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
> >>
> >>
> keystorePass="4bidden!"
> >>
> >> clientAuth="want"
> >>
> >> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> >>
> >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> >>
> >> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_RSA_WITH_AES_256_CBC_SHA256,
> >>
> >> TLS_RSA_WITH_AES_256_GCM_SHA384"
> >>
> >> maxHttpHeaderSize="8192"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> server="USPS"
> >>
> >> enableLookups="false" />
> >>
> >>
> >>
> >> <!-- Define an AJP 1.3 Connector on port 8009 -->
> >>
> >> <!--
> >>
> >> <Connector port="8009" protocol="AJP/1.3"
> >>
> >> connectionTimeout="20000"
> >>
> >> protocol="AJP/1.3"
> >>
> >> redirectPort="9443"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> enableLookups="false" />
> >>
> >> -->
> >>
> >>
> >>
> >> <!-- An Engine represents the entry point (within Catalina) that
> >> processes
> >>
> >> every request. The Engine implementation for Tomcat stand
> >> alone
> >>
> >> analyzes the HTTP headers included with the request, and
> >> passes them
> >>
> >> on to the appropriate Host (virtual host).
> >>
> >> Documentation at /docs/config/engine.html -->
> >>
> >>
> >>
> >> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> >>
> >> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> >>
> >> -->
> >>
> >> <Engine name="Catalina" defaultHost="localhost">
> >>
> >>
> >>
> >> <!--For clustering, please take a look at documentation at:
> >>
> >> /docs/cluster-howto.html (simple how to)
> >>
> >> /docs/config/cluster.html (reference documentation) -->
> >>
> >> <!--
> >>
> >> <Cluster
> >> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> >> -->
> >>
> >>
> >>
> >> <!-- Use the LockOutRealm to prevent attempts to guess user
> >> passwords
> >>
> >> via a brute-force attack -->
> >>
> >> <Realm className="org.apache.catalina.realm.LockOutRealm">
> >>
> >>
> >>
> >> <!-- This Realm uses the UserDatabase configured in the global
> >> JNDI
> >>
> >> resources under the key "UserDatabase". Any edits
> >>
> >> that are performed against this UserDatabase are
> >> immediately
> >>
> >> available for use by the Realm. -->
> >>
> >> <!--
> >>
> >> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >>
> >> resourceName="UserDatabase"/>
> >>
> >> -->
> >>
> >> &LDAP_realm;
> >>
> >> </Realm>
> >>
> >>
> >>
> >> <Host name="localhost"
> >>
> >> appBase="webapps"
> >>
> >> unpackWARs="true"
> >>
> >> deployOnStartup="false"
> >>
> >> autoDeploy="false">
> >>
> >>
> >>
> >> <Context path=""
> >>
> >> docBase="/opt/TomCat/tomcat/webapps/ROOT"
> >>
> >> debug="0"
> >>
> >> privileged="true">
> >>
> >> </Context>
> >>
> >>
> >>
> >> <Context path="/TOPS-WEB"
> >>
> >> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
> >>
> >> debug="0"
> >>
> >> privileged="true">
> >>
> >> <Resource name="jdbc/TOPSDB"
> >>
> >> auth="Container"
> >>
> >> type="javax.sql.DataSource"
> >>
> >> driverClassName="oracle.jdbc.OracleDriver"
> >>
> >> inactiveConnectionTimeout="120"
> >>
> >> maxPoolSize="20"
> >>
> >> minPoolSize="1"
> >>
> >> password="g3td0wn"
> >>
> >> url="jdbc:oracle:thin:@
> >> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> >> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
> >>
> >>
> >> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> >> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> >> dtops.usps.gov)))"
> >>
> >> username="TOPS_ADMIN"
> >>
> >> validateConnectionOnBorrow="true"/>
> >>
> >> </Context>
> >>
> >>
> >>
> >> <!-- SingleSignOn valve, share authentication between web applications
> >>
> >> Documentation at: /docs/config/valve.html -->
> >>
> >> <!--
> >>
> >> <Valve
> className="org.apache.catalina.authenticator.SingleSignOn"
> >> />
> >>
> >> -->
> >>
> >>
> >>
> >> <!-- Access log processes all example.
> >>
> >> Documentation at: /docs/config/valve.html
> >>
> >> Note: The pattern used is equivalent to using
> >> pattern="common" -->
> >>
> >> <Valve className="org.apache.catalina.valves.AccessLogValve"
> >> directory="logs"
> >>
> >> prefix="localhost_access_log" suffix=".txt"
> >>
> >> pattern="%h %l %u %t "%r" %s %b" />
> >>
> >>
> >>
> >> </Host>
> >>
> >> </Engine>
> >>
> >> </Service>
> >>
> >> </Server>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
> >>
> >> <Realm className="org.apache.catalina.realm.JNDIRealm"
> >>
> >> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >>
> >> connectionName="wasdev2@devsub.dev.dce.usps.gov"
> >>
> >> connectionPassword="F0rkedup"
> >>
> >> authentication="simple"
> >>
> >> referrals="ignore"
> >>
> >> userSearch="(sAMAccountName={0})"
> >>
> >> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >> userSubtree="true"
> >>
> >> roleSearch="(member={0})"
> >>
> >> roleName="cn"
> >>
> >> roleSubtree="true"
> >>
> >> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >> adCompat="true"
> >>
> >> />
> >>
> >>
> >>
> >>
> >>
> >> Thanks
> >>
> >> Gary
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Posted by "Peter@Kreuser-Online" <lo...@kreuser.name>.
Hi Gary,
see way below inline...
> Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor <Ga...@usps.gov.invalid>:
>
> Luis:
>
> Thanks for your input. I put the following into conf/logging.properties and add debug="99" in the Realm definition so I can see more Realm logging information:
>
> org.apache.catalina.realm.level = ALL
> org.apache.catalina.realm.useParentHandlers = true
> org.apache.catalina.authenticator.level = ALL
> org.apache.catalina.authenticator.useParentHandlers = true
>
>
> After the first login attempt in the application TOPS login screen, the URL was redirected to https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check with invalid UID/PW message. Then I entered topsadmin/@88Topstopstops as id/pd and clicked the Login button again, I got the following message in the catalina.out:
>
>
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /TOPS-WEB/j_security_check
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint already satisfied
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'topsadmin'
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
> javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset];
^^^^^^^^^^^^
That may be the reason!?
It cannot connect and everything following is just bad error handling?
> remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
> at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
> at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
> at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
> at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
> at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
> at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
> at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.net.SocketException: Connection reset
> at java.net.SocketInputStream.read(SocketInputStream.java:210)
> at java.net.SocketInputStream.read(SocketInputStream.java:141)
> at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> at com.sun.jndi.ldap.Connection.run(Connection.java:877)
> ... 1 more
>
> 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'topsadmin' was successful
> 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Redirecting to original '/TOPS-WEB/'
> 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed authenticate() test
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /TOPS-WEB/
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp --> true
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET /index.jsp --> false
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> true
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated 'topsadmin' with type 'FORM'
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to restored request
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling accessControl()
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_INQUIRY
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_ADMIN]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_ADMIN
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_SFO
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_MODELING]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_MODELING
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INQUIRY]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INQUIRY
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_EDITOR]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_EDITOR
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JFK
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JECEWR
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_ORD
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTERNATIONAL
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_LAX
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_MIA
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed accessControl() test
>
>
>
> The error messages on the screen looks like below:
>
> HTTP Status 403 – Forbidden
>
> Type Status Report
>
> Message Access to the requested resource has been denied
>
> Description The server understood the request but refuses to authorize it.
>
> USPS_restricted
>
>
>
>
>
>
> Any idea what is that about? Again the Ream definition is:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> connectionName="wasdev2@devsub.dev.dce.usps.gov"
> connectionPassword="F0rkedup"
> authentication="simple"
> referrals="ignore"
> userSearch="(sAMAccountName={0})"
> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> userSubtree="true"
> roleSearch="(member={0})"
> roleName="cn"
> roleSubtree="true"
> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> adCompat="true"
> />
>
>
>
> Thanks
> Gary
>
>
Peter
PS: you should redact sensitive data from your mails. At least change passwords now... google is NOT your friend in this case...
> -----Original Message-----
> From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
> Sent: Monday, April 15, 2019 3:47 AM
> To: Tomcat Users List <us...@tomcat.apache.org>
> Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
>
> Hello Gary,
>
> I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search filters ldapsearch can be your friend [2] :)
>
> Hope it helps,
>
> Luis
>
> [1]
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> [2]
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
>
>
>
>
>
>
>
> El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
> (<Ga...@usps.gov.invalid>) escribió:
>
>> All:
>>
>>
>>
>> Sorry on my previous email I have some graphic contents that can not
>> be displayed. Now I change it to texts so you can see them
>>
>>
>>
>> *From:* Hua, Gary - Saint Louis, MO - Contractor [
>> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
>> *Sent:* Thursday, April 11, 2019 4:29 PM
>> *To:* users@tomcat.apache.org
>> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>>
>>
>>
>> Tomcat Experts:
>>
>>
>>
>> The Tomcat server works fine in my local computer with
>> application “TOPS“ in Eclipse. I deployed the TOPS application to our
>> DEV web server eagnmnmed1f45 under webapps.
>>
>>
>>
>> After I started the Tomcat server (9.0.13) in DEV
>> server and entered the TOPS home page URL
>> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
>> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the
>> browser, it was re-directed to
>> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
>>
>>
>>
>>
>>
>> *The website cannot display the page*
>>
>> HTTP 500
>>
>>
>>
>> *Most likely causes:*
>>
>> - The website is under maintenance.
>> - The website has a programming error.
>>
>>
>>
>> *What you can try:*
>>
>>
>>
>> [image: res://\\ieframe.dll/bullet.png]
>>
>> Refresh the page.Refresh the page.
>>
>>
>>
>> [image: res://\\ieframe.dll/bullet.png]
>>
>> Go back to the previous page.Go back to the previous page.
>>
>>
>>
>> [image: More information]
>>
>> More information
>>
>>
>>
>>
>>
>> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
>> catalina.out
>>
>> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
>> configuration [LegDistanceImpl]; using defaults.
>>
>> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
>> binding factory to JNDI, no JNDI name configured
>>
>> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
>> Response buffering is enabled
>>
>> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded
>> for module ''.
>>
>> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
>> file from '/WEB-INF/validator-rules.xml'
>>
>> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
>> file from '/WEB-INF/validation.xml'
>>
>> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for
>> module ''. The factory found is from module ''. No new creation.
>>
>> 05-Apr-2019 11:18:01.913 INFO [main]
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
>> ["http-nio-9080"]
>>
>> 05-Apr-2019 11:18:01.928 INFO [main]
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
>> ["https-jsse-nio-9443"]
>>
>> 05-Apr-2019 11:18:01.932 INFO [main]
>> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>>
>> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
>> Tiles definition factory found for request processor ''.
>>
>> Error connecting to LDAP server.
>>
>> java.lang.NullPointerException
>>
>> at
>> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
>> n.java:120)
>>
>> at
>> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
>> n.java:61)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
>> (AbstractDispatchAction.java:136)
>>
>> at
>> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
>> ctDispatchAction.java:84)
>>
>> at
>> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
>> (AbstractTOPSDispatchAction.java:258)
>>
>> at
>> org.apache.struts.action.RequestProcessor.processActionPerform(Request
>> Processor.java:419)
>>
>> at
>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
>> a:224)
>>
>> at
>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
>> )
>>
>> at
>> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>>
>> at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>>
>> at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:170)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:225)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
>> Filter.java:125)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
>> )
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
>> lve.java:199)
>>
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
>> lve.java:96)
>>
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
>> orBase.java:607)
>>
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
>> va:139)
>>
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
>> va:92)
>>
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
>> sLogValve.java:668)
>>
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
>> e.java:74)
>>
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
>> :343)
>>
>> at
>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
>> 408)
>>
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
>> t.java:66)
>>
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
>> rotocol.java:791)
>>
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
>> nt.java:1417)
>>
>> at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
>> .java:49)
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
>> ava:1149)
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
>> java:624)
>>
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
>> ead.java:61)
>>
>> at java.lang.Thread.run(Thread.java:748)
>>
>>
>>
>>
>>
>>
>>
>> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”,
>> the login screen showed up.
>>
>> After I entered topsadmin/@88Topstopstops as id/pd and clicked
>> Login button on the login screen, I got the following error:
>>
>>
>>
>>
>>
>> *Error*
>>
>> Error Message: You've entered an invalid Logon ID or Password. Please
>> check that your Logon ID and Password are correct and try again.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> I know the topsadmin/@88Topstopstops is the correct id/pd.
>>
>>
>>
>> Any idea what happens here? Any input is appreciated. Following is
>> the contents of server.xml and LDAP_realm.xml
>>
>>
>>
>>
>>
>> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>>
>> <?xml version='1.0' encoding='utf-8'?>
>>
>> <!DOCTYPE server-xml [
>>
>> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>>
>> ]>
>>
>> <!--
>>
>> Licensed to the Apache Software Foundation (ASF) under one or more
>>
>> contributor license agreements. See the NOTICE file distributed
>> with
>>
>> this work for additional information regarding copyright ownership.
>>
>> The ASF licenses this file to You under the Apache License, Version
>> 2.0
>>
>> (the "License"); you may not use this file except in compliance with
>>
>> the License. You may obtain a copy of the License at
>>
>>
>>
>> http://www.apache.org/licenses/LICENSE-2.0
>>
>>
>>
>> Unless required by applicable law or agreed to in writing, software
>>
>> distributed under the License is distributed on an "AS IS" BASIS,
>>
>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>
>> See the License for the specific language governing permissions and
>>
>> limitations under the License.
>>
>> -->
>>
>> <!-- Note: A "Server" is not itself a "Container", so you may not
>>
>> define subcomponents such as "Valves" at this level.
>>
>> Documentation at /docs/config/server.html
>>
>> -->
>>
>> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>>
>> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
>> />
>>
>>
>>
>> <!-- Security listener. Documentation at /docs/config/listeners.html
>> -->
>>
>> <Listener className="org.apache.catalina.security.SecurityListener"
>> checkedOsUsers="root" minimumUmask="0007"/>
>>
>>
>>
>> <!--APR library loader. Documentation at /docs/apr.html -->
>>
>> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> SSLEngine="on" />
>>
>> <!-- Prevent memory leaks due to use of particular java/javax
>> APIs-->
>>
>> <Listener
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
>> />
>>
>> <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
>> " />
>>
>> <Listener
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
>> />
>>
>>
>>
>> <!-- Global JNDI resources Documentation at
>> /docs/jndi-resources-howto.html -->
>>
>> <GlobalNamingResources>
>>
>> <!-- Editable user database that can also be used by
>> UserDatabaseRealm to authenticate users -->
>>
>> <!-- *** Not needed, because we use JNDI Realm *** -->
>>
>> <!-- <Resource name="UserDatabase" auth="Container"
>>
>> type="org.apache.catalina.UserDatabase"
>>
>> description="User database that can be updated and saved"
>>
>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>>
>> pathname="tomcat-users.xml" />
>>
>> -->
>>
>> </GlobalNamingResources>
>>
>>
>>
>> <!-- A "Service" is a collection of one or more "Connectors" that
>> share
>>
>> a single "Container" Note: A "Service" is not itself a
>> "Container",
>>
>> so you may not define subcomponents such as "Valves" at this level.
>>
>> Documentation at /docs/config/service.html
>>
>> -->
>>
>> <Service name="Catalina">
>>
>>
>>
>> <!--The connectors can use a shared executor, you can define one
>> or more named thread pools-->
>>
>> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>> maxThreads="150" minSpareThreads="4"/> -->
>>
>>
>>
>> <!-- A "Connector" represents an endpoint by which requests are
>> received
>>
>> and responses are returned. Documentation at :
>>
>> Java HTTP Connector: /docs/config/http.html (blocking &
>> non-blocking)
>>
>> Java AJP Connector: /docs/config/ajp.html
>>
>> APR (HTTP/AJP) Connector: /docs/apr.html
>>
>> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>>
>> -->
>>
>> <Connector port="9080"
>>
>> protocol="HTTP/1.1"
>>
>> connectionTimeout="20000"
>>
>> redirectPort="9443"
>>
>> maxHttpHeaderSize="8192"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> enableLookups="false" />
>>
>> <!-- A "Connector" using the shared thread pool-->
>>
>> <!--
>>
>> <Connector executor="tomcatThreadPool"
>>
>> port="9080" protocol="HTTP/1.1"
>>
>> connectionTimeout="20000"
>>
>> redirectPort="9443"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> server="USPS"
>>
>> enableLookups="false" />
>>
>> -->
>>
>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>>
>> This connector uses the NIO implementation that requires the
>> JSSE
>>
>> style configuration. When using the APR/native
>> implementation, the
>>
>> OpenSSL style configuration is required as described in the
>> APR/native
>>
>> documentation -->
>>
>> <Connector port="9443"
>>
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>
>> connectionTimeout="60000"
>>
>> maxThreads="150"
>>
>> SSLEnabled="true"
>>
>> scheme="https"
>>
>> secure="true"
>>
>> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>>
>> keystorePass="4bidden!"
>>
>> clientAuth="want"
>>
>> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>>
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>>
>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_RSA_WITH_AES_256_CBC_SHA256,
>>
>> TLS_RSA_WITH_AES_256_GCM_SHA384"
>>
>> maxHttpHeaderSize="8192"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> server="USPS"
>>
>> enableLookups="false" />
>>
>>
>>
>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>>
>> <!--
>>
>> <Connector port="8009" protocol="AJP/1.3"
>>
>> connectionTimeout="20000"
>>
>> protocol="AJP/1.3"
>>
>> redirectPort="9443"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> enableLookups="false" />
>>
>> -->
>>
>>
>>
>> <!-- An Engine represents the entry point (within Catalina) that
>> processes
>>
>> every request. The Engine implementation for Tomcat stand
>> alone
>>
>> analyzes the HTTP headers included with the request, and
>> passes them
>>
>> on to the appropriate Host (virtual host).
>>
>> Documentation at /docs/config/engine.html -->
>>
>>
>>
>> <!-- You should set jvmRoute to support load-balancing via AJP ie :
>>
>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>>
>> -->
>>
>> <Engine name="Catalina" defaultHost="localhost">
>>
>>
>>
>> <!--For clustering, please take a look at documentation at:
>>
>> /docs/cluster-howto.html (simple how to)
>>
>> /docs/config/cluster.html (reference documentation) -->
>>
>> <!--
>>
>> <Cluster
>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>> -->
>>
>>
>>
>> <!-- Use the LockOutRealm to prevent attempts to guess user
>> passwords
>>
>> via a brute-force attack -->
>>
>> <Realm className="org.apache.catalina.realm.LockOutRealm">
>>
>>
>>
>> <!-- This Realm uses the UserDatabase configured in the global
>> JNDI
>>
>> resources under the key "UserDatabase". Any edits
>>
>> that are performed against this UserDatabase are
>> immediately
>>
>> available for use by the Realm. -->
>>
>> <!--
>>
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>>
>> resourceName="UserDatabase"/>
>>
>> -->
>>
>> &LDAP_realm;
>>
>> </Realm>
>>
>>
>>
>> <Host name="localhost"
>>
>> appBase="webapps"
>>
>> unpackWARs="true"
>>
>> deployOnStartup="false"
>>
>> autoDeploy="false">
>>
>>
>>
>> <Context path=""
>>
>> docBase="/opt/TomCat/tomcat/webapps/ROOT"
>>
>> debug="0"
>>
>> privileged="true">
>>
>> </Context>
>>
>>
>>
>> <Context path="/TOPS-WEB"
>>
>> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>>
>> debug="0"
>>
>> privileged="true">
>>
>> <Resource name="jdbc/TOPSDB"
>>
>> auth="Container"
>>
>> type="javax.sql.DataSource"
>>
>> driverClassName="oracle.jdbc.OracleDriver"
>>
>> inactiveConnectionTimeout="120"
>>
>> maxPoolSize="20"
>>
>> minPoolSize="1"
>>
>> password="g3td0wn"
>>
>> url="jdbc:oracle:thin:@
>> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
>> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>>
>>
>> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
>> 1521)))(CONNECT_DATA=(SERVICE_NAME=
>> dtops.usps.gov)))"
>>
>> username="TOPS_ADMIN"
>>
>> validateConnectionOnBorrow="true"/>
>>
>> </Context>
>>
>>
>>
>> <!-- SingleSignOn valve, share authentication between web applications
>>
>> Documentation at: /docs/config/valve.html -->
>>
>> <!--
>>
>> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
>> />
>>
>> -->
>>
>>
>>
>> <!-- Access log processes all example.
>>
>> Documentation at: /docs/config/valve.html
>>
>> Note: The pattern used is equivalent to using
>> pattern="common" -->
>>
>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs"
>>
>> prefix="localhost_access_log" suffix=".txt"
>>
>> pattern="%h %l %u %t "%r" %s %b" />
>>
>>
>>
>> </Host>
>>
>> </Engine>
>>
>> </Service>
>>
>> </Server>
>>
>>
>>
>>
>>
>>
>>
>> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>>
>> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>>
>> connectionName="wasdev2@devsub.dev.dce.usps.gov"
>>
>> connectionPassword="F0rkedup"
>>
>> authentication="simple"
>>
>> referrals="ignore"
>>
>> userSearch="(sAMAccountName={0})"
>>
>> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>>
>> userSubtree="true"
>>
>> roleSearch="(member={0})"
>>
>> roleName="cn"
>>
>> roleSubtree="true"
>>
>> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>>
>> adCompat="true"
>>
>> />
>>
>>
>>
>>
>>
>> Thanks
>>
>> Gary
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Posted by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID>.
Luis:
Thanks for your input. I put the following into conf/logging.properties and add debug="99" in the Realm definition so I can see more Realm logging information:
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
After the first login attempt in the application TOPS login screen, the URL was redirected to https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check with invalid UID/PW message. Then I entered topsadmin/@88Topstopstops as id/pd and clicked the Login button again, I got the following message in the catalina.out:
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /TOPS-WEB/j_security_check
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint already satisfied
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'topsadmin'
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at com.sun.jndi.ldap.Connection.run(Connection.java:877)
... 1 more
15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'topsadmin' was successful
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Redirecting to original '/TOPS-WEB/'
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed authenticate() test
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /TOPS-WEB/
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp --> true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET /index.jsp --> false
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated 'topsadmin' with type 'FORM'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to restored request
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling accessControl()
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_INQUIRY
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_ADMIN]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_ADMIN
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_SFO
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_MODELING]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_MODELING
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INQUIRY
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_EDITOR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_EDITOR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JFK
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JECEWR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_ORD
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTERNATIONAL
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_LAX
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_MIA
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed accessControl() test
The error messages on the screen looks like below:
HTTP Status 403 – Forbidden
Type Status Report
Message Access to the requested resource has been denied
Description The server understood the request but refuses to authorize it.
USPS_restricted
Any idea what is that about? Again the Ream definition is:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
connectionName="wasdev2@devsub.dev.dce.usps.gov"
connectionPassword="F0rkedup"
authentication="simple"
referrals="ignore"
userSearch="(sAMAccountName={0})"
userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
userSubtree="true"
roleSearch="(member={0})"
roleName="cn"
roleSubtree="true"
roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
adCompat="true"
/>
Thanks
Gary
-----Original Message-----
From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
Sent: Monday, April 15, 2019 3:47 AM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Hello Gary,
I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search filters ldapsearch can be your friend [2] :)
Hope it helps,
Luis
[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
(<Ga...@usps.gov.invalid>) escribió:
> All:
>
>
>
> Sorry on my previous email I have some graphic contents that can not
> be displayed. Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
> The Tomcat server works fine in my local computer with
> application “TOPS“ in Eclipse. I deployed the TOPS application to our
> DEV web server eagnmnmed1f45 under webapps.
>
>
>
> After I started the Tomcat server (9.0.13) in DEV
> server and entered the TOPS home page URL
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the
> browser, it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
>
>
>
>
>
> *The website cannot display the page*
>
> HTTP 500
>
>
>
> *Most likely causes:*
>
> - The website is under maintenance.
> - The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded
> for module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for
> module ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> n.java:120)
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> n.java:61)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> (AbstractDispatchAction.java:136)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> ctDispatchAction.java:84)
>
> at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> (AbstractTOPSDispatchAction.java:258)
>
> at
> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> Processor.java:419)
>
> at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> a:224)
>
> at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> )
>
> at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:170)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:225)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> Filter.java:125)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> )
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> lve.java:199)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> lve.java:96)
>
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> orBase.java:607)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> va:139)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> va:92)
>
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> sLogValve.java:668)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> e.java:74)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> :343)
>
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> 408)
>
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> t.java:66)
>
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> rotocol.java:791)
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> nt.java:1417)
>
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> .java:49)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> ava:1149)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> java:624)
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> ead.java:61)
>
> at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
>
>
> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”,
> the login screen showed up.
>
> After I entered topsadmin/@88Topstopstops as id/pd and clicked
> Login button on the login screen, I got the following error:
>
>
>
>
>
> *Error*
>
> Error Message: You've entered an invalid Logon ID or Password. Please
> check that your Logon ID and Password are correct and try again.
>
>
>
>
>
>
>
>
>
> I know the topsadmin/@88Topstopstops is the correct id/pd.
>
>
>
> Any idea what happens here? Any input is appreciated. Following is
> the contents of server.xml and LDAP_realm.xml
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <!DOCTYPE server-xml [
>
> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>
> ]>
>
> <!--
>
> Licensed to the Apache Software Foundation (ASF) under one or more
>
> contributor license agreements. See the NOTICE file distributed
> with
>
> this work for additional information regarding copyright ownership.
>
> The ASF licenses this file to You under the Apache License, Version
> 2.0
>
> (the "License"); you may not use this file except in compliance with
>
> the License. You may obtain a copy of the License at
>
>
>
> http://www.apache.org/licenses/LICENSE-2.0
>
>
>
> Unless required by applicable law or agreed to in writing, software
>
> distributed under the License is distributed on an "AS IS" BASIS,
>
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>
> See the License for the specific language governing permissions and
>
> limitations under the License.
>
> -->
>
> <!-- Note: A "Server" is not itself a "Container", so you may not
>
> define subcomponents such as "Valves" at this level.
>
> Documentation at /docs/config/server.html
>
> -->
>
> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>
> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
>
>
>
> <!-- Security listener. Documentation at /docs/config/listeners.html
> -->
>
> <Listener className="org.apache.catalina.security.SecurityListener"
> checkedOsUsers="root" minimumUmask="0007"/>
>
>
>
> <!--APR library loader. Documentation at /docs/apr.html -->
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
> <!-- Prevent memory leaks due to use of particular java/javax
> APIs-->
>
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> />
>
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> " />
>
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
>
>
>
> <!-- Global JNDI resources Documentation at
> /docs/jndi-resources-howto.html -->
>
> <GlobalNamingResources>
>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users -->
>
> <!-- *** Not needed, because we use JNDI Realm *** -->
>
> <!-- <Resource name="UserDatabase" auth="Container"
>
> type="org.apache.catalina.UserDatabase"
>
> description="User database that can be updated and saved"
>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>
> pathname="tomcat-users.xml" />
>
> -->
>
> </GlobalNamingResources>
>
>
>
> <!-- A "Service" is a collection of one or more "Connectors" that
> share
>
> a single "Container" Note: A "Service" is not itself a
> "Container",
>
> so you may not define subcomponents such as "Valves" at this level.
>
> Documentation at /docs/config/service.html
>
> -->
>
> <Service name="Catalina">
>
>
>
> <!--The connectors can use a shared executor, you can define one
> or more named thread pools-->
>
> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/> -->
>
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
>
> and responses are returned. Documentation at :
>
> Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>
> Java AJP Connector: /docs/config/ajp.html
>
> APR (HTTP/AJP) Connector: /docs/apr.html
>
> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>
> -->
>
> <Connector port="9080"
>
> protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="9443"
>
> maxHttpHeaderSize="8192"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> enableLookups="false" />
>
> <!-- A "Connector" using the shared thread pool-->
>
> <!--
>
> <Connector executor="tomcatThreadPool"
>
> port="9080" protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="9443"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> server="USPS"
>
> enableLookups="false" />
>
> -->
>
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>
> This connector uses the NIO implementation that requires the
> JSSE
>
> style configuration. When using the APR/native
> implementation, the
>
> OpenSSL style configuration is required as described in the
> APR/native
>
> documentation -->
>
> <Connector port="9443"
>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>
> connectionTimeout="60000"
>
> maxThreads="150"
>
> SSLEnabled="true"
>
> scheme="https"
>
> secure="true"
>
> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>
> keystorePass="4bidden!"
>
> clientAuth="want"
>
> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>
> TLS_RSA_WITH_AES_256_CBC_SHA256,
>
> TLS_RSA_WITH_AES_256_GCM_SHA384"
>
> maxHttpHeaderSize="8192"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> server="USPS"
>
> enableLookups="false" />
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <!--
>
> <Connector port="8009" protocol="AJP/1.3"
>
> connectionTimeout="20000"
>
> protocol="AJP/1.3"
>
> redirectPort="9443"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> enableLookups="false" />
>
> -->
>
>
>
> <!-- An Engine represents the entry point (within Catalina) that
> processes
>
> every request. The Engine implementation for Tomcat stand
> alone
>
> analyzes the HTTP headers included with the request, and
> passes them
>
> on to the appropriate Host (virtual host).
>
> Documentation at /docs/config/engine.html -->
>
>
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
>
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>
> -->
>
> <Engine name="Catalina" defaultHost="localhost">
>
>
>
> <!--For clustering, please take a look at documentation at:
>
> /docs/cluster-howto.html (simple how to)
>
> /docs/config/cluster.html (reference documentation) -->
>
> <!--
>
> <Cluster
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
>
>
> <!-- Use the LockOutRealm to prevent attempts to guess user
> passwords
>
> via a brute-force attack -->
>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
>
>
>
> <!-- This Realm uses the UserDatabase configured in the global
> JNDI
>
> resources under the key "UserDatabase". Any edits
>
> that are performed against this UserDatabase are
> immediately
>
> available for use by the Realm. -->
>
> <!--
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
> resourceName="UserDatabase"/>
>
> -->
>
> &LDAP_realm;
>
> </Realm>
>
>
>
> <Host name="localhost"
>
> appBase="webapps"
>
> unpackWARs="true"
>
> deployOnStartup="false"
>
> autoDeploy="false">
>
>
>
> <Context path=""
>
> docBase="/opt/TomCat/tomcat/webapps/ROOT"
>
> debug="0"
>
> privileged="true">
>
> </Context>
>
>
>
> <Context path="/TOPS-WEB"
>
> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>
> debug="0"
>
> privileged="true">
>
> <Resource name="jdbc/TOPSDB"
>
> auth="Container"
>
> type="javax.sql.DataSource"
>
> driverClassName="oracle.jdbc.OracleDriver"
>
> inactiveConnectionTimeout="120"
>
> maxPoolSize="20"
>
> minPoolSize="1"
>
> password="g3td0wn"
>
> url="jdbc:oracle:thin:@
> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>
>
> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> dtops.usps.gov)))"
>
> username="TOPS_ADMIN"
>
> validateConnectionOnBorrow="true"/>
>
> </Context>
>
>
>
> <!-- SingleSignOn valve, share authentication between web applications
>
> Documentation at: /docs/config/valve.html -->
>
> <!--
>
> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
> -->
>
>
>
> <!-- Access log processes all example.
>
> Documentation at: /docs/config/valve.html
>
> Note: The pattern used is equivalent to using
> pattern="common" -->
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>
> prefix="localhost_access_log" suffix=".txt"
>
> pattern="%h %l %u %t "%r" %s %b" />
>
>
>
> </Host>
>
> </Engine>
>
> </Service>
>
> </Server>
>
>
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>
> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>
> connectionName="wasdev2@devsub.dev.dce.usps.gov"
>
> connectionPassword="F0rkedup"
>
> authentication="simple"
>
> referrals="ignore"
>
> userSearch="(sAMAccountName={0})"
>
> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
> userSubtree="true"
>
> roleSearch="(member={0})"
>
> roleName="cn"
>
> roleSubtree="true"
>
> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
> adCompat="true"
>
> />
>
>
>
>
>
> Thanks
>
> Gary
>
>
>
>
>
>
>
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat(9.0.13) Error in DEV Server
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Gary,
I would recommend you to add some debug to your JNDIReam [1]. For debugging
your ldap search filters ldapsearch can be your friend [2] :)
Hope it helps,
Luis
[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
(<Ga...@usps.gov.invalid>) escribió:
> All:
>
>
>
> Sorry on my previous email I have some graphic contents that can not
> be displayed. Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
> The Tomcat server works fine in my local computer with
> application “TOPS“ in Eclipse. I deployed the TOPS application to our DEV
> web server eagnmnmed1f45 under webapps.
>
>
>
> After I started the Tomcat server (9.0.13) in DEV server
> and entered the TOPS home page URL
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the
> browser, it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
>
>
>
>
>
> *The website cannot display the page*
>
> HTTP 500
>
>
>
> *Most likely causes:*
>
> - The website is under maintenance.
> - The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded for
> module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for module
> ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
>
> at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
>
> at
> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
>
> at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
>
> at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
>
> at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
> at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
> at
> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
>
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
>
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
>
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>
> at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
>
>
> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”, the
> login screen showed up.
>
> After I entered topsadmin/@88Topstopstops as id/pd and clicked
> Login button on the login screen, I got the following error:
>
>
>
>
>
> *Error*
>
> Error Message: You've entered an invalid Logon ID or Password. Please
> check that your Logon ID and Password are correct and try again.
>
>
>
>
>
>
>
>
>
> I know the topsadmin/@88Topstopstops is the correct id/pd.
>
>
>
> Any idea what happens here? Any input is appreciated. Following is
> the contents of server.xml and LDAP_realm.xml
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <!DOCTYPE server-xml [
>
> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>
> ]>
>
> <!--
>
> Licensed to the Apache Software Foundation (ASF) under one or more
>
> contributor license agreements. See the NOTICE file distributed with
>
> this work for additional information regarding copyright ownership.
>
> The ASF licenses this file to You under the Apache License, Version 2.0
>
> (the "License"); you may not use this file except in compliance with
>
> the License. You may obtain a copy of the License at
>
>
>
> http://www.apache.org/licenses/LICENSE-2.0
>
>
>
> Unless required by applicable law or agreed to in writing, software
>
> distributed under the License is distributed on an "AS IS" BASIS,
>
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>
> See the License for the specific language governing permissions and
>
> limitations under the License.
>
> -->
>
> <!-- Note: A "Server" is not itself a "Container", so you may not
>
> define subcomponents such as "Valves" at this level.
>
> Documentation at /docs/config/server.html
>
> -->
>
> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>
> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
>
>
>
> <!-- Security listener. Documentation at /docs/config/listeners.html -->
>
> <Listener className="org.apache.catalina.security.SecurityListener"
> checkedOsUsers="root" minimumUmask="0007"/>
>
>
>
> <!--APR library loader. Documentation at /docs/apr.html -->
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
>
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
>
>
> <!-- Global JNDI resources Documentation at
> /docs/jndi-resources-howto.html -->
>
> <GlobalNamingResources>
>
> <!-- Editable user database that can also be used by UserDatabaseRealm
> to authenticate users -->
>
> <!-- *** Not needed, because we use JNDI Realm *** -->
>
> <!-- <Resource name="UserDatabase" auth="Container"
>
> type="org.apache.catalina.UserDatabase"
>
> description="User database that can be updated and saved"
>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>
> pathname="tomcat-users.xml" />
>
> -->
>
> </GlobalNamingResources>
>
>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
>
> a single "Container" Note: A "Service" is not itself a "Container",
>
> so you may not define subcomponents such as "Valves" at this level.
>
> Documentation at /docs/config/service.html
>
> -->
>
> <Service name="Catalina">
>
>
>
> <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
>
> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/> -->
>
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
>
> and responses are returned. Documentation at :
>
> Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>
> Java AJP Connector: /docs/config/ajp.html
>
> APR (HTTP/AJP) Connector: /docs/apr.html
>
> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>
> -->
>
> <Connector port="9080"
>
> protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="9443"
>
> maxHttpHeaderSize="8192"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> enableLookups="false" />
>
> <!-- A "Connector" using the shared thread pool-->
>
> <!--
>
> <Connector executor="tomcatThreadPool"
>
> port="9080" protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="9443"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> server="USPS"
>
> enableLookups="false" />
>
> -->
>
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>
> This connector uses the NIO implementation that requires the JSSE
>
> style configuration. When using the APR/native implementation, the
>
> OpenSSL style configuration is required as described in the
> APR/native
>
> documentation -->
>
> <Connector port="9443"
>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>
> connectionTimeout="60000"
>
> maxThreads="150"
>
> SSLEnabled="true"
>
> scheme="https"
>
> secure="true"
>
> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>
> keystorePass="4bidden!"
>
> clientAuth="want"
>
> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>
> TLS_RSA_WITH_AES_256_CBC_SHA256,
>
> TLS_RSA_WITH_AES_256_GCM_SHA384"
>
> maxHttpHeaderSize="8192"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> server="USPS"
>
> enableLookups="false" />
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <!--
>
> <Connector port="8009" protocol="AJP/1.3"
>
> connectionTimeout="20000"
>
> protocol="AJP/1.3"
>
> redirectPort="9443"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> enableLookups="false" />
>
> -->
>
>
>
> <!-- An Engine represents the entry point (within Catalina) that
> processes
>
> every request. The Engine implementation for Tomcat stand alone
>
> analyzes the HTTP headers included with the request, and passes
> them
>
> on to the appropriate Host (virtual host).
>
> Documentation at /docs/config/engine.html -->
>
>
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
>
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>
> -->
>
> <Engine name="Catalina" defaultHost="localhost">
>
>
>
> <!--For clustering, please take a look at documentation at:
>
> /docs/cluster-howto.html (simple how to)
>
> /docs/config/cluster.html (reference documentation) -->
>
> <!--
>
> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
>
>
> <!-- Use the LockOutRealm to prevent attempts to guess user passwords
>
> via a brute-force attack -->
>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
>
>
>
> <!-- This Realm uses the UserDatabase configured in the global JNDI
>
> resources under the key "UserDatabase". Any edits
>
> that are performed against this UserDatabase are immediately
>
> available for use by the Realm. -->
>
> <!--
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
> resourceName="UserDatabase"/>
>
> -->
>
> &LDAP_realm;
>
> </Realm>
>
>
>
> <Host name="localhost"
>
> appBase="webapps"
>
> unpackWARs="true"
>
> deployOnStartup="false"
>
> autoDeploy="false">
>
>
>
> <Context path=""
>
> docBase="/opt/TomCat/tomcat/webapps/ROOT"
>
> debug="0"
>
> privileged="true">
>
> </Context>
>
>
>
> <Context path="/TOPS-WEB"
>
> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>
> debug="0"
>
> privileged="true">
>
> <Resource name="jdbc/TOPSDB"
>
> auth="Container"
>
> type="javax.sql.DataSource"
>
> driverClassName="oracle.jdbc.OracleDriver"
>
> inactiveConnectionTimeout="120"
>
> maxPoolSize="20"
>
> minPoolSize="1"
>
> password="g3td0wn"
>
> url="jdbc:oracle:thin:@
> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>
>
> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=
> dtops.usps.gov)))"
>
> username="TOPS_ADMIN"
>
> validateConnectionOnBorrow="true"/>
>
> </Context>
>
>
>
> <!-- SingleSignOn valve, share authentication between web applications
>
> Documentation at: /docs/config/valve.html -->
>
> <!--
>
> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
> -->
>
>
>
> <!-- Access log processes all example.
>
> Documentation at: /docs/config/valve.html
>
> Note: The pattern used is equivalent to using
> pattern="common" -->
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>
> prefix="localhost_access_log" suffix=".txt"
>
> pattern="%h %l %u %t "%r" %s %b" />
>
>
>
> </Host>
>
> </Engine>
>
> </Service>
>
> </Server>
>
>
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>
> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>
> connectionName="wasdev2@devsub.dev.dce.usps.gov"
>
> connectionPassword="F0rkedup"
>
> authentication="simple"
>
> referrals="ignore"
>
> userSearch="(sAMAccountName={0})"
>
> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
> userSubtree="true"
>
> roleSearch="(member={0})"
>
> roleName="cn"
>
> roleSubtree="true"
>
> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
> adCompat="true"
>
> />
>
>
>
>
>
> Thanks
>
> Gary
>
>
>
>
>
>
>
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Tomcat(9.0.13) Error in DEV Server
Posted by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID>.
All:
Sorry on my previous email I have some graphic contents that can not be displayed. Now I change it to texts so you can see them
From: Hua, Gary - Saint Louis, MO - Contractor [mailto:Gang.Hua@usps.gov.INVALID]
Sent: Thursday, April 11, 2019 4:29 PM
To: users@tomcat.apache.org<ma...@tomcat.apache.org>
Subject: [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
Tomcat Experts:
The Tomcat server works fine in my local computer with application "TOPS" in Eclipse. I deployed the TOPS application to our DEV web server eagnmnmed1f45 under webapps.
After I started the Tomcat server (9.0.13) in DEV server and entered the TOPS home page URL http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the browser, it was re-directed to https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
The website cannot display the page
HTTP 500
Most likely causes:
* The website is under maintenance.
* The website has a programming error.
What you can try:
[res://\\ieframe.dll/bullet.png]
Refresh the page.<javascript:clickRefresh()>Refresh the page.
[res://\\ieframe.dll/bullet.png]
Go back to the previous page.<javascript:history.back();>Go back to the previous page.
[More information]<res://\\ieframe.dll/http_500.htm>
More information<javascript:expandCollapse('infoBlockID',%20true);>
atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail<mailto:atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs%3etail> -f catalina.out
5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find configuration [LegDistanceImpl]; using defaults.
5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not binding factory to JNDI, no JNDI name configured
0 [main] INFO filter.ResponseOverrideFilter - Filter initialized. Response buffering is enabled
1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded for module ''.
1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules file from '/WEB-INF/validator-rules.xml'
1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules file from '/WEB-INF/validation.xml'
1738 [main] INFO tiles.TilesPlugin - Factory already exists for module ''. The factory found is from module ''. No new creation.
05-Apr-2019 11:18:01.913 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-9080"]
05-Apr-2019 11:18:01.928 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-9443"]
05-Apr-2019 11:18:01.932 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor - Tiles definition factory found for request processor ''.
Error connecting to LDAP server.
java.lang.NullPointerException
at com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
at com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
at com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
If I only entered "http://eagnmnmed1f45:9080/TOPS-WEB/", the login screen showed up.
After I entered topsadmin/@88Topstopstops as id/pd and clicked Login button on the login screen, I got the following error:
Error
Error Message: You've entered an invalid Logon ID or Password. Please check that your Logon ID and Password are correct and try again.
I know the topsadmin/@88Topstopstops is the correct id/pd.
Any idea what happens here? Any input is appreciated. Following is the contents of server.xml and LDAP_realm.xml
atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE server-xml [
<!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
]>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html -->
<Listener className="org.apache.catalina.security.SecurityListener" checkedOsUsers="root" minimumUmask="0007"/>
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -->
<GlobalNamingResources>
<!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -->
<!-- *** Not needed, because we use JNDI Realm *** -->
<!-- <Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="tomcat-users.xml" />
-->
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> -->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
-->
<Connector port="9080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
maxHttpHeaderSize="8192"
allowTrace="false"
xpoweredBy="false"
enableLookups="false" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="9080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9443"
allowTrace="false"
xpoweredBy="false"
server="USPS"
enableLookups="false" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<Connector port="9443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="60000"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
keystorePass="4bidden!"
clientAuth="want"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384"
maxHttpHeaderSize="8192"
allowTrace="false"
xpoweredBy="false"
server="USPS"
enableLookups="false" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3"
connectionTimeout="20000"
protocol="AJP/1.3"
redirectPort="9443"
allowTrace="false"
xpoweredBy="false"
enableLookups="false" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> -->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!--
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
-->
&LDAP_realm;
</Realm>
<Host name="localhost"
appBase="webapps"
unpackWARs="true"
deployOnStartup="false"
autoDeploy="false">
<Context path=""
docBase="/opt/TomCat/tomcat/webapps/ROOT"
debug="0"
privileged="true">
</Context>
<Context path="/TOPS-WEB"
docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
debug="0"
privileged="true">
<Resource name="jdbc/TOPSDB"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
inactiveConnectionTimeout="120"
maxPoolSize="20"
minPoolSize="1"
password="g3td0wn"
url="jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=dtops.usps.gov)))"
username="TOPS_ADMIN"
validateConnectionOnBorrow="true"/>
</Context>
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
connectionName="wasdev2@devsub.dev.dce.usps.gov<ma...@devsub.dev.dce.usps.gov>"
connectionPassword="F0rkedup"
authentication="simple"
referrals="ignore"
userSearch="(sAMAccountName={0})"
userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
userSubtree="true"
roleSearch="(member={0})"
roleName="cn"
roleSubtree="true"
roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
adCompat="true"
/>
Thanks
Gary