You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID> on 2019/04/11 21:28:59 UTC

Tomcat(9.0.13) Error in DEV Server

Tomcat Experts:

                The Tomcat server works fine in my local computer with  application "TOPS" in Eclipse.  I deployed the TOPS application to our DEV web server eagnmnmed1f45 under webapps.

                After I started the Tomcat  server (9.0.13) in DEV server and entered the TOPS home page URL  http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the browser,   I got the following error:

[cid:image001.png@01D4F07A.31A329C0]


atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail<mailto:atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs%3etail> -f catalina.out
5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find configuration [LegDistanceImpl]; using defaults.
5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not binding factory to JNDI, no JNDI name configured
0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized. Response buffering is enabled
1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded for module ''.
1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules file from '/WEB-INF/validator-rules.xml'
1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules file from '/WEB-INF/validation.xml'
1738 [main] INFO tiles.TilesPlugin  - Factory already exists for module ''. The factory found is from module ''. No new creation.
05-Apr-2019 11:18:01.913 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-9080"]
05-Apr-2019 11:18:01.928 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-9443"]
05-Apr-2019 11:18:01.932 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  - Tiles definition factory found for request processor ''.
Error connecting to LDAP server.
java.lang.NullPointerException
        at com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
        at com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
        at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
        at com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
        at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)



          Notice that I entered non secure port 9080 and then was re-direct to secure 9443.

         If I only entered  "http://eagnmnmed1f45:9080/TOPS-WEB/",  the login screen showed up as below:

[cid:image002.png@01D4F07B.1803C190]


But after I entered   topsadmin/@88Topstopstops as id/pd and clicked Login button,    I got the following error:

[cid:image003.png@01D4F07B.1803C190]

I know the  topsadmin/@88Topstopstops is the correct id/pd.

Any idea what happens here?     Any input is appreciated.   Following is the contents of server.xml and LDAP_realm.xml


atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE server-xml [
  <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
]>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
-->
<Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />

  <!-- Security listener. Documentation at /docs/config/listeners.html -->
  <Listener className="org.apache.catalina.security.SecurityListener"   checkedOsUsers="root" minimumUmask="0007"/>

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -->
    <!--  *** Not needed, because we use JNDI Realm ***     -->
<!--    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="tomcat-users.xml" />
-->
  </GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"  maxThreads="150" minSpareThreads="4"/>   -->

    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
        Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
    -->
    <Connector port="9080"
               protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="9443"
               maxHttpHeaderSize="8192"
               allowTrace="false"
               xpoweredBy="false"
               enableLookups="false" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="9080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="9443"
               allowTrace="false"
               xpoweredBy="false"
               server="USPS"
               enableLookups="false" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
<Connector port="9443"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               connectionTimeout="60000"
               maxThreads="150"
               SSLEnabled="true"
               scheme="https"
               secure="true"
               keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
               keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
               clientAuth="want"
               ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_GCM_SHA384"
               maxHttpHeaderSize="8192"
               allowTrace="false"
               xpoweredBy="false"
               server="USPS"
               enableLookups="false" />

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector port="8009" protocol="AJP/1.3"
               connectionTimeout="20000"
               protocol="AJP/1.3"
               redirectPort="9443"
               allowTrace="false"
               xpoweredBy="false"
               enableLookups="false" />
    -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>  -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">

        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <!--
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
        -->
        &LDAP_realm;
      </Realm>

      <Host name="localhost"
            appBase="webapps"
            unpackWARs="true"
            deployOnStartup="false"
            autoDeploy="false">

         <Context path=""
            docBase="/opt/TomCat/tomcat/webapps/ROOT"
            debug="0"
            privileged="true">
         </Context>

         <Context path="/TOPS-WEB"
                  docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
                  debug="0"
                  privileged="true">
                  <Resource name="jdbc/TOPSDB"
                            auth="Container"
                            type="javax.sql.DataSource"
                            driverClassName="oracle.jdbc.OracleDriver"
                            inactiveConnectionTimeout="120"
                            maxPoolSize="20"
                            minPoolSize="1"
                            password="g3td0wn"
                            url="jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=dtops.usps.gov)))"
                            username="TOPS_ADMIN"
                            validateConnectionOnBorrow="true"/>
         </Context>

<!-- SingleSignOn valve, share authentication between web applications
              Documentation at: /docs/config/valve.html -->
         <!--
         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
         -->

         <!-- Access log processes all example.
              Documentation at: /docs/config/valve.html
              Note: The pattern used is equivalent to using pattern="common" -->
         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                prefix="localhost_access_log" suffix=".txt"
                pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>



atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
   connectionName="wasdev2@devsub.dev.dce.usps.gov"
   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
   authentication="simple"
   referrals="ignore"
   userSearch="(sAMAccountName={0})"
   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   userSubtree="true"
   roleSearch="(member={0})"
   roleName="cn"
   roleSubtree="true"
   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   adCompat="true"
/>


Thanks
Gary




Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Gary,

Your user, topsadmin is has the role NAT_TOPS_ADMIN, see [1], however the
application is looking for another bunch of roles like
TOPS_INTL_FIELD_USER_MIA, TOPS_MODELING, etc... I suggest you to check your
user membership [2] and try with the roleNested=true in your configuration
[3]

Hope it helps,

Luis

[1] Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
[2] https://stackoverflow.com/questions/6195812/ldap-nested-group-membership
[3] https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm &
https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html






El mar., 16 abr. 2019 a las 9:03, Peter@Kreuser-Online (<lo...@kreuser.name>)
escribió:

> Hi Gary,
>
> see way below inline...
>
> > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor
> <Ga...@usps.gov.invalid>:
> >
> > Luis:
> >
> >         Thanks for your input.   I put the following into
> conf/logging.properties and add  debug="99"  in the Realm definition  so I
> can see more Realm logging information:
> >
> > org.apache.catalina.realm.level = ALL
> > org.apache.catalina.realm.useParentHandlers = true
> > org.apache.catalina.authenticator.level = ALL
> > org.apache.catalina.authenticator.useParentHandlers = true
> >
> >
> >    After the first login attempt in the application TOPS login screen,
>  the URL was redirected to
> https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check  with invalid UID/PW
> message.    Then I entered  topsadmin/@88Topstopstops as id/pd and clicked
> the Login button again,  I got the following message in the catalina.out:
> >
> >
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request POST /TOPS-WEB/j_security_check
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data
> constraint already satisfied
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> authenticate()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authenticating username 'topsadmin'
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Attempting to
> authenticate user [topsadmin] with realm
> [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.JNDIRealm.authenticate Exception performing
> authentication. Retrying...
> > javax.naming.CommunicationException: Connection reset [Root exception is
> java.net.SocketException: Connection reset];
> ^^^^^^^^^^^^
> That may be the reason!?
> It cannot connect and everything following is just bad error handling?
>
> > remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
> >        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
> >        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> >        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> >        at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> >        at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> >        at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> >        at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> >        at
> org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
> >        at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
> >        at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
> >        at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
> >        at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
> >        at
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
> >        at
> org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
> >        at
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
> >        at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
> >        at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> >        at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> >        at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> >        at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> >        at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> >        at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> >        at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> >        at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
> >        at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> >        at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> >        at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> >        at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> >        at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> >        at java.lang.Thread.run(Thread.java:748)
> > Caused by: java.net.SocketException: Connection reset
> >        at java.net.SocketInputStream.read(SocketInputStream.java:210)
> >        at java.net.SocketInputStream.read(SocketInputStream.java:141)
> >        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> >        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> >        at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
> >        at
> sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
> >        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> >        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> >        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> >        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> >        at com.sun.jndi.ldap.Connection.run(Connection.java:877)
> >        ... 1 more
> >
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user
> [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authentication of 'topsadmin' was successful
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Redirecting to original '/TOPS-WEB/'
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed
> authenticate() test
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request GET /TOPS-WEB/
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp
> --> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> GET /index.jsp --> false
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking
> constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp -->
> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data
> constraint has no restrictions
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> authenticate()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore
> request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated
> 'topsadmin' with type 'FORM'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Session ID
> changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to
> [811799F279932B4B67D44931980994A7]
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed
> to restored request
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling
> accessControl()
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission   Checking roles
> GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_INQUIRY
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_ADMIN]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_ADMIN
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_SFO]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_SFO
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_MODELING]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_MODELING
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INQUIRY
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_EDITOR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_EDITOR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JFK]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JFK
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JECEWR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JECEWR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_ORD]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_ORD
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTERNATIONAL]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTERNATIONAL
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_LAX]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_LAX
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_MIA]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_MIA
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed
> accessControl() test
> >
> >
> >
> > The error messages on the screen looks like below:
> >
> > HTTP Status 403 – Forbidden
> >
> > Type Status Report
> >
> > Message Access to the requested resource has been denied
> >
> > Description The server understood the request but refuses to authorize
> it.
> >
> > USPS_restricted
> >
> >
> >
> >
> >
> >
> > Any idea what is that about?   Again the Ream definition is:
> >
> > <Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
> >   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >   connectionName="wasdev2@devsub.dev.dce.usps.gov"
> >   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
> >   authentication="simple"
> >   referrals="ignore"
> >   userSearch="(sAMAccountName={0})"
> >   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >   userSubtree="true"
> >   roleSearch="(member={0})"
> >   roleName="cn"
> >   roleSubtree="true"
> >   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >   adCompat="true"
> > />
> >
> >
> >
> > Thanks
> > Gary
> >
> >
>
> Peter
>
> PS: you should redact sensitive data from your mails. At least change
> passwords now... google is NOT your friend in this case...
>
> > -----Original Message-----
> > From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
> > Sent: Monday, April 15, 2019 3:47 AM
> > To: Tomcat Users List <us...@tomcat.apache.org>
> > Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
> >
> > Hello Gary,
> >
> > I would recommend you to add some debug to your JNDIReam [1]. For
> debugging your ldap search filters ldapsearch can be your friend [2] :)
> >
> > Hope it helps,
> >
> > Luis
> >
> > [1]
> >
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> > [2]
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
> >
> >
> >
> >
> >
> >
> >
> > El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO -
> Contractor
> > (<Ga...@usps.gov.invalid>) escribió:
> >
> >> All:
> >>
> >>
> >>
> >>     Sorry on my previous email I have some graphic contents that can not
> >> be displayed.   Now I change it to texts so you can see them
> >>
> >>
> >>
> >> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> >> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> >> *Sent:* Thursday, April 11, 2019 4:29 PM
> >> *To:* users@tomcat.apache.org
> >> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
> >>
> >>
> >>
> >> Tomcat Experts:
> >>
> >>
> >>
> >>                The Tomcat server works fine in my local computer with
> >> application “TOPS“ in Eclipse.  I deployed the TOPS application to our
> >> DEV web server eagnmnmed1f45 under webapps.
> >>
> >>
> >>
> >>                After I started the Tomcat  server (9.0.13) in DEV
> >> server and entered the TOPS home page URL
> >> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> >> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in
> the
> >> browser,       it was re-directed to
> >> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:
> >>
> >>
> >>
> >>
> >>
> >> *The website cannot display the page*
> >>
> >>  HTTP 500
> >>
> >>
> >>
> >> *Most likely causes:*
> >>
> >>   - The website is under maintenance.
> >>   - The website has a programming error.
> >>
> >>
> >>
> >> *What you can try:*
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Refresh the page.Refresh the page.
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Go back to the previous page.Go back to the previous page.
> >>
> >>
> >>
> >> [image: More information]
> >>
> >> More information
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> >> catalina.out
> >>
> >> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> >> configuration [LegDistanceImpl]; using defaults.
> >>
> >> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> >> binding factory to JNDI, no JNDI name configured
> >>
> >> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
> >> Response buffering is enabled
> >>
> >> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded
> >> for module ''.
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> >> file from '/WEB-INF/validator-rules.xml'
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> >> file from '/WEB-INF/validation.xml'
> >>
> >> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for
> >> module ''. The factory found is from module ''. No new creation.
> >>
> >> 05-Apr-2019 11:18:01.913 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["http-nio-9080"]
> >>
> >> 05-Apr-2019 11:18:01.928 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["https-jsse-nio-9443"]
> >>
> >> 05-Apr-2019 11:18:01.932 INFO [main]
> >> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
> >>
> >> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  -
> >> Tiles definition factory found for request processor ''.
> >>
> >> Error connecting to LDAP server.
> >>
> >> java.lang.NullPointerException
> >>
> >>        at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> >> n.java:120)
> >>
> >>        at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> >> n.java:61)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> >> (AbstractDispatchAction.java:136)
> >>
> >>        at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> >> ctDispatchAction.java:84)
> >>
> >>        at
> >> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> >> (AbstractTOPSDispatchAction.java:258)
> >>
> >>        at
> >> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> >> Processor.java:419)
> >>
> >>        at
> >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> >> a:224)
> >>
> >>        at
> >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> >> )
> >>
> >>        at
> >> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
> >>
> >>        at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> >>
> >>        at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:170)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:225)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> >> Filter.java:125)
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> >> )
> >>
> >>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >>        at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >>        at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >>        at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >>        at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >>        at java.security.AccessController.doPrivileged(Native Method)
> >>
> >>        at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >>        at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> >> lve.java:199)
> >>
> >>        at
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> >> lve.java:96)
> >>
> >>        at
> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> >> orBase.java:607)
> >>
> >>        at
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> >> va:139)
> >>
> >>        at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> >> va:92)
> >>
> >>        at
> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> >> sLogValve.java:668)
> >>
> >>        at
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> >> e.java:74)
> >>
> >>        at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> >> :343)
> >>
> >>        at
> >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> >> 408)
> >>
> >>        at
> >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> >> t.java:66)
> >>
> >>        at
> >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> >> rotocol.java:791)
> >>
> >>        at
> >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> >> nt.java:1417)
> >>
> >>        at
> >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> >> .java:49)
> >>
> >>        at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> >> ava:1149)
> >>
> >>        at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> >> java:624)
> >>
> >>        at
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> >> ead.java:61)
> >>
> >>        at java.lang.Thread.run(Thread.java:748)
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>         If I only entered  “http://eagnmnmed1f45:9080/TOPS-WEB/”,
> >> the login screen showed up.
> >>
> >>        After I entered   topsadmin/@88Topstopstops as id/pd and clicked
> >> Login button on the login screen,    I got the following error:
> >>
> >>
> >>
> >>
> >>
> >> *Error*
> >>
> >> Error Message: You've entered an invalid Logon ID or Password. Please
> >> check that your Logon ID and Password are correct and try again.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> I know the  topsadmin/@88Topstopstops is the correct id/pd.
> >>
> >>
> >>
> >> Any idea what happens here?     Any input is appreciated.   Following is
> >> the contents of server.xml and LDAP_realm.xml
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
> >>
> >> <?xml version='1.0' encoding='utf-8'?>
> >>
> >> <!DOCTYPE server-xml [
> >>
> >>  <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
> >>
> >> ]>
> >>
> >> <!--
> >>
> >>  Licensed to the Apache Software Foundation (ASF) under one or more
> >>
> >>  contributor license agreements.  See the NOTICE file distributed
> >> with
> >>
> >>  this work for additional information regarding copyright ownership.
> >>
> >>  The ASF licenses this file to You under the Apache License, Version
> >> 2.0
> >>
> >>  (the "License"); you may not use this file except in compliance with
> >>
> >>  the License.  You may obtain a copy of the License at
> >>
> >>
> >>
> >>      http://www.apache.org/licenses/LICENSE-2.0
> >>
> >>
> >>
> >>  Unless required by applicable law or agreed to in writing, software
> >>
> >>  distributed under the License is distributed on an "AS IS" BASIS,
> >>
> >>  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>
> >>  See the License for the specific language governing permissions and
> >>
> >>  limitations under the License.
> >>
> >> -->
> >>
> >> <!-- Note:  A "Server" is not itself a "Container", so you may not
> >>
> >>     define subcomponents such as "Valves" at this level.
> >>
> >>     Documentation at /docs/config/server.html
> >>
> >> -->
> >>
> >> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
> >>
> >>  <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> >> />
> >>
> >>
> >>
> >>  <!-- Security listener. Documentation at /docs/config/listeners.html
> >> -->
> >>
> >>  <Listener className="org.apache.catalina.security.SecurityListener"
> >> checkedOsUsers="root" minimumUmask="0007"/>
> >>
> >>
> >>
> >>  <!--APR library loader. Documentation at /docs/apr.html -->
> >>
> >>  <Listener className="org.apache.catalina.core.AprLifecycleListener"
> >> SSLEngine="on" />
> >>
> >>  <!-- Prevent memory leaks due to use of particular java/javax
> >> APIs-->
> >>
> >>  <Listener
> >> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> >> />
> >>
> >>  <Listener
> >> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> >> " />
> >>
> >>  <Listener
> >> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> >> />
> >>
> >>
> >>
> >>  <!-- Global JNDI resources Documentation at
> >> /docs/jndi-resources-howto.html -->
> >>
> >>  <GlobalNamingResources>
> >>
> >>    <!-- Editable user database that can also be used by
> >> UserDatabaseRealm to authenticate users -->
> >>
> >>    <!--  *** Not needed, because we use JNDI Realm ***     -->
> >>
> >> <!--    <Resource name="UserDatabase" auth="Container"
> >>
> >>              type="org.apache.catalina.UserDatabase"
> >>
> >>              description="User database that can be updated and saved"
> >>
> >>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >>
> >>              pathname="tomcat-users.xml" />
> >>
> >> -->
> >>
> >>  </GlobalNamingResources>
> >>
> >>
> >>
> >> <!-- A "Service" is a collection of one or more "Connectors" that
> >> share
> >>
> >>       a single "Container" Note:  A "Service" is not itself a
> >> "Container",
> >>
> >>       so you may not define subcomponents such as "Valves" at this
> level.
> >>
> >>       Documentation at /docs/config/service.html
> >>
> >>   -->
> >>
> >>  <Service name="Catalina">
> >>
> >>
> >>
> >>    <!--The connectors can use a shared executor, you can define one
> >> or more named thread pools-->
> >>
> >>    <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> >> maxThreads="150" minSpareThreads="4"/>   -->
> >>
> >>
> >>
> >>    <!-- A "Connector" represents an endpoint by which requests are
> >> received
> >>
> >>         and responses are returned. Documentation at :
> >>
> >>        Java HTTP Connector: /docs/config/http.html (blocking &
> >> non-blocking)
> >>
> >>         Java AJP  Connector: /docs/config/ajp.html
> >>
> >>         APR (HTTP/AJP) Connector: /docs/apr.html
> >>
> >>         Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
> >>
> >>    -->
> >>
> >>    <Connector port="9080"
> >>
> >>               protocol="HTTP/1.1"
> >>
> >>               connectionTimeout="20000"
> >>
> >>               redirectPort="9443"
> >>
> >>               maxHttpHeaderSize="8192"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               enableLookups="false" />
> >>
> >>    <!-- A "Connector" using the shared thread pool-->
> >>
> >>    <!--
> >>
> >>    <Connector executor="tomcatThreadPool"
> >>
> >>               port="9080" protocol="HTTP/1.1"
> >>
> >>               connectionTimeout="20000"
> >>
> >>               redirectPort="9443"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               server="USPS"
> >>
> >>               enableLookups="false" />
> >>
> >>    -->
> >>
> >>    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
> >>
> >>         This connector uses the NIO implementation that requires the
> >> JSSE
> >>
> >>         style configuration. When using the APR/native
> >> implementation, the
> >>
> >>         OpenSSL style configuration is required as described in the
> >> APR/native
> >>
> >>         documentation -->
> >>
> >> <Connector port="9443"
> >>
> >>               protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>
> >>               connectionTimeout="60000"
> >>
> >>               maxThreads="150"
> >>
> >>               SSLEnabled="true"
> >>
> >>               scheme="https"
> >>
> >>               secure="true"
> >>
> >>               keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
> >>
> >>
>  keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
> >>
> >>               clientAuth="want"
> >>
> >>               ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> >>
> >>                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> >>
> >>                        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >>                        TLS_RSA_WITH_AES_256_CBC_SHA256,
> >>
> >>                        TLS_RSA_WITH_AES_256_GCM_SHA384"
> >>
> >>               maxHttpHeaderSize="8192"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               server="USPS"
> >>
> >>               enableLookups="false" />
> >>
> >>
> >>
> >>    <!-- Define an AJP 1.3 Connector on port 8009 -->
> >>
> >>    <!--
> >>
> >>    <Connector port="8009" protocol="AJP/1.3"
> >>
> >>               connectionTimeout="20000"
> >>
> >>               protocol="AJP/1.3"
> >>
> >>               redirectPort="9443"
> >>
> >>               allowTrace="false"
> >>
> >>               xpoweredBy="false"
> >>
> >>               enableLookups="false" />
> >>
> >>    -->
> >>
> >>
> >>
> >>    <!-- An Engine represents the entry point (within Catalina) that
> >> processes
> >>
> >>         every request.  The Engine implementation for Tomcat stand
> >> alone
> >>
> >>         analyzes the HTTP headers included with the request, and
> >> passes them
> >>
> >>         on to the appropriate Host (virtual host).
> >>
> >>         Documentation at /docs/config/engine.html -->
> >>
> >>
> >>
> >>    <!-- You should set jvmRoute to support load-balancing via AJP ie :
> >>
> >>    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> >>
> >>    -->
> >>
> >>    <Engine name="Catalina" defaultHost="localhost">
> >>
> >>
> >>
> >>      <!--For clustering, please take a look at documentation at:
> >>
> >>          /docs/cluster-howto.html  (simple how to)
> >>
> >>          /docs/config/cluster.html (reference documentation) -->
> >>
> >>      <!--
> >>
> >>      <Cluster
> >> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> >> -->
> >>
> >>
> >>
> >>      <!-- Use the LockOutRealm to prevent attempts to guess user
> >> passwords
> >>
> >>           via a brute-force attack -->
> >>
> >> <Realm className="org.apache.catalina.realm.LockOutRealm">
> >>
> >>
> >>
> >>        <!-- This Realm uses the UserDatabase configured in the global
> >> JNDI
> >>
> >>             resources under the key "UserDatabase".  Any edits
> >>
> >>             that are performed against this UserDatabase are
> >> immediately
> >>
> >>             available for use by the Realm.  -->
> >>
> >>        <!--
> >>
> >>        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >>
> >>               resourceName="UserDatabase"/>
> >>
> >>        -->
> >>
> >>        &LDAP_realm;
> >>
> >>      </Realm>
> >>
> >>
> >>
> >>      <Host name="localhost"
> >>
> >>            appBase="webapps"
> >>
> >>            unpackWARs="true"
> >>
> >>            deployOnStartup="false"
> >>
> >>            autoDeploy="false">
> >>
> >>
> >>
> >>         <Context path=""
> >>
> >>            docBase="/opt/TomCat/tomcat/webapps/ROOT"
> >>
> >>            debug="0"
> >>
> >>            privileged="true">
> >>
> >>         </Context>
> >>
> >>
> >>
> >>         <Context path="/TOPS-WEB"
> >>
> >>                  docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
> >>
> >>                  debug="0"
> >>
> >>                  privileged="true">
> >>
> >>                  <Resource name="jdbc/TOPSDB"
> >>
> >>                            auth="Container"
> >>
> >>                            type="javax.sql.DataSource"
> >>
> >>                            driverClassName="oracle.jdbc.OracleDriver"
> >>
> >>                            inactiveConnectionTimeout="120"
> >>
> >>                            maxPoolSize="20"
> >>
> >>                            minPoolSize="1"
> >>
> >>                            password="g3td0wn"
> >>
> >>                            url="jdbc:oracle:thin:@
> >> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> >> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
> >>
> >>
> >> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> >> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> >> dtops.usps.gov)))"
> >>
> >>                            username="TOPS_ADMIN"
> >>
> >>                            validateConnectionOnBorrow="true"/>
> >>
> >>         </Context>
> >>
> >>
> >>
> >> <!-- SingleSignOn valve, share authentication between web applications
> >>
> >>              Documentation at: /docs/config/valve.html -->
> >>
> >>         <!--
> >>
> >>         <Valve
> className="org.apache.catalina.authenticator.SingleSignOn"
> >> />
> >>
> >>         -->
> >>
> >>
> >>
> >>         <!-- Access log processes all example.
> >>
> >>              Documentation at: /docs/config/valve.html
> >>
> >>              Note: The pattern used is equivalent to using
> >> pattern="common" -->
> >>
> >>         <Valve className="org.apache.catalina.valves.AccessLogValve"
> >> directory="logs"
> >>
> >>                prefix="localhost_access_log" suffix=".txt"
> >>
> >>                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
> >>
> >>
> >>
> >>      </Host>
> >>
> >>    </Engine>
> >>
> >>  </Service>
> >>
> >> </Server>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
> >>
> >> <Realm className="org.apache.catalina.realm.JNDIRealm"
> >>
> >>   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >>
> >>   connectionName="wasdev2@devsub.dev.dce.usps.gov"
> >>
> >>   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
> >>
> >>   authentication="simple"
> >>
> >>   referrals="ignore"
> >>
> >>   userSearch="(sAMAccountName={0})"
> >>
> >>   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >>   userSubtree="true"
> >>
> >>   roleSearch="(member={0})"
> >>
> >>   roleName="cn"
> >>
> >>   roleSubtree="true"
> >>
> >>   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >>   adCompat="true"
> >>
> >> />
> >>
> >>
> >>
> >>
> >>
> >> Thanks
> >>
> >> Gary
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Posted by "Peter@Kreuser-Online" <lo...@kreuser.name>.
Hi Gary,

see way below inline...

> Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor <Ga...@usps.gov.invalid>:
> 
> Luis:
> 
>         Thanks for your input.   I put the following into conf/logging.properties and add  debug="99"  in the Realm definition  so I can see more Realm logging information:
> 
> org.apache.catalina.realm.level = ALL
> org.apache.catalina.realm.useParentHandlers = true
> org.apache.catalina.authenticator.level = ALL
> org.apache.catalina.authenticator.useParentHandlers = true
> 
> 
>    After the first login attempt in the application TOPS login screen,   the URL was redirected to  https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check  with invalid UID/PW message.    Then I entered  topsadmin/@88Topstopstops as id/pd and clicked  the Login button again,  I got the following message in the catalina.out:
> 
> 
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /TOPS-WEB/j_security_check
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling hasUserDataPermission()
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data constraint already satisfied
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling authenticate()
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'topsadmin'
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
> javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset];
^^^^^^^^^^^^
That may be the reason!?
It cannot connect and everything following is just bad error handling?

> remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
>        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
>        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
>        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
>        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
>        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
>        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
>        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
>        at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
>        at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
>        at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
>        at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
>        at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
>        at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
>        at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
>        at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
>        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
>        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
>        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
>        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
>        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
>        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
>        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
>        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>        at java.lang.Thread.run(Thread.java:748)
> Caused by: java.net.SocketException: Connection reset
>        at java.net.SocketInputStream.read(SocketInputStream.java:210)
>        at java.net.SocketInputStream.read(SocketInputStream.java:141)
>        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
>        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
>        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
>        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
>        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
>        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
>        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
>        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
>        at com.sun.jndi.ldap.Connection.run(Connection.java:877)
>        ... 1 more
> 
> 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'topsadmin' was successful
> 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Redirecting to original '/TOPS-WEB/'
> 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed authenticate() test
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /TOPS-WEB/
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp --> true
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET /index.jsp --> false
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> true
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling hasUserDataPermission()
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data constraint has no restrictions
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling authenticate()
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated 'topsadmin' with type 'FORM'
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to restored request
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling accessControl()
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission   Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_INQUIRY
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_ADMIN]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_ADMIN
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_SFO
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_MODELING]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_MODELING
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INQUIRY]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INQUIRY
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_EDITOR]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_EDITOR
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_JFK
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_JECEWR
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_ORD
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTERNATIONAL
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_LAX
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_MIA
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed accessControl() test
> 
> 
> 
> The error messages on the screen looks like below:
> 
> HTTP Status 403 – Forbidden
> 
> Type Status Report
> 
> Message Access to the requested resource has been denied
> 
> Description The server understood the request but refuses to authorize it.
> 
> USPS_restricted
> 
> 
> 
> 
> 
> 
> Any idea what is that about?   Again the Ream definition is:
> 
> <Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
>   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>   connectionName="wasdev2@devsub.dev.dce.usps.gov"
>   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
>   authentication="simple"
>   referrals="ignore"
>   userSearch="(sAMAccountName={0})"
>   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>   userSubtree="true"
>   roleSearch="(member={0})"
>   roleName="cn"
>   roleSubtree="true"
>   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>   adCompat="true"
> />
> 
> 
> 
> Thanks
> Gary
> 
> 

Peter

PS: you should redact sensitive data from your mails. At least change passwords now... google is NOT your friend in this case...

> -----Original Message-----
> From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com] 
> Sent: Monday, April 15, 2019 3:47 AM
> To: Tomcat Users List <us...@tomcat.apache.org>
> Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
> 
> Hello Gary,
> 
> I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search filters ldapsearch can be your friend [2] :)
> 
> Hope it helps,
> 
> Luis
> 
> [1]
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> [2]
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
> 
> 
> 
> 
> 
> 
> 
> El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
> (<Ga...@usps.gov.invalid>) escribió:
> 
>> All:
>> 
>> 
>> 
>>     Sorry on my previous email I have some graphic contents that can not
>> be displayed.   Now I change it to texts so you can see them
>> 
>> 
>> 
>> *From:* Hua, Gary - Saint Louis, MO - Contractor [ 
>> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
>> *Sent:* Thursday, April 11, 2019 4:29 PM
>> *To:* users@tomcat.apache.org
>> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>> 
>> 
>> 
>> Tomcat Experts:
>> 
>> 
>> 
>>                The Tomcat server works fine in my local computer with  
>> application “TOPS“ in Eclipse.  I deployed the TOPS application to our 
>> DEV web server eagnmnmed1f45 under webapps.
>> 
>> 
>> 
>>                After I started the Tomcat  server (9.0.13) in DEV 
>> server and entered the TOPS home page URL 
>> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
>> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the
>> browser,       it was re-directed to
>> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:
>> 
>> 
>> 
>> 
>> 
>> *The website cannot display the page*
>> 
>>  HTTP 500
>> 
>> 
>> 
>> *Most likely causes:*
>> 
>>   - The website is under maintenance.
>>   - The website has a programming error.
>> 
>> 
>> 
>> *What you can try:*
>> 
>> 
>> 
>> [image: res://\\ieframe.dll/bullet.png]
>> 
>> Refresh the page.Refresh the page.
>> 
>> 
>> 
>> [image: res://\\ieframe.dll/bullet.png]
>> 
>> Go back to the previous page.Go back to the previous page.
>> 
>> 
>> 
>> [image: More information]
>> 
>> More information
>> 
>> 
>> 
>> 
>> 
>> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f 
>> catalina.out
>> 
>> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find 
>> configuration [LegDistanceImpl]; using defaults.
>> 
>> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not 
>> binding factory to JNDI, no JNDI name configured
>> 
>> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
>> Response buffering is enabled
>> 
>> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded 
>> for module ''.
>> 
>> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules 
>> file from '/WEB-INF/validator-rules.xml'
>> 
>> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules 
>> file from '/WEB-INF/validation.xml'
>> 
>> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for 
>> module ''. The factory found is from module ''. No new creation.
>> 
>> 05-Apr-2019 11:18:01.913 INFO [main]
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["http-nio-9080"]
>> 
>> 05-Apr-2019 11:18:01.928 INFO [main]
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
>> ["https-jsse-nio-9443"]
>> 
>> 05-Apr-2019 11:18:01.932 INFO [main]
>> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>> 
>> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  - 
>> Tiles definition factory found for request processor ''.
>> 
>> Error connecting to LDAP server.
>> 
>> java.lang.NullPointerException
>> 
>>        at
>> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
>> n.java:120)
>> 
>>        at
>> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
>> n.java:61)
>> 
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 
>>        at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>> 
>>        at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>> 
>>        at java.lang.reflect.Method.invoke(Method.java:498)
>> 
>>        at
>> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
>> (AbstractDispatchAction.java:136)
>> 
>>        at
>> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
>> ctDispatchAction.java:84)
>> 
>>        at
>> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
>> (AbstractTOPSDispatchAction.java:258)
>> 
>>        at
>> org.apache.struts.action.RequestProcessor.processActionPerform(Request
>> Processor.java:419)
>> 
>>        at
>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
>> a:224)
>> 
>>        at
>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
>> )
>> 
>>        at
>> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>> 
>>        at 
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>> 
>>        at 
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>> 
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 
>>        at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>> 
>>        at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>> 
>>        at java.lang.reflect.Method.invoke(Method.java:498)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at 
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:170)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:225)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>> 
>>        at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>> 
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 
>>        at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>> 
>>        at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>> 
>>        at java.lang.reflect.Method.invoke(Method.java:498)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at 
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>> 
>>        at
>> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
>> Filter.java:125)
>> 
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 
>>        at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>> 
>>        at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>> 
>>        at java.lang.reflect.Method.invoke(Method.java:498)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at 
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>> 
>>        at
>> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
>> )
>> 
>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 
>>        at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>> 
>>        at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>> 
>>        at java.lang.reflect.Method.invoke(Method.java:498)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at 
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>> 
>>        at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>> 
>>        at java.security.AccessController.doPrivileged(Native Method)
>> 
>>        at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>> 
>>        at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
>> lve.java:199)
>> 
>>        at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
>> lve.java:96)
>> 
>>        at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
>> orBase.java:607)
>> 
>>        at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
>> va:139)
>> 
>>        at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
>> va:92)
>> 
>>        at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
>> sLogValve.java:668)
>> 
>>        at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
>> e.java:74)
>> 
>>        at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
>> :343)
>> 
>>        at
>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
>> 408)
>> 
>>        at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
>> t.java:66)
>> 
>>        at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
>> rotocol.java:791)
>> 
>>        at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
>> nt.java:1417)
>> 
>>        at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
>> .java:49)
>> 
>>        at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
>> ava:1149)
>> 
>>        at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
>> java:624)
>> 
>>        at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
>> ead.java:61)
>> 
>>        at java.lang.Thread.run(Thread.java:748)
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>         If I only entered  “http://eagnmnmed1f45:9080/TOPS-WEB/”,  
>> the login screen showed up.
>> 
>>        After I entered   topsadmin/@88Topstopstops as id/pd and clicked
>> Login button on the login screen,    I got the following error:
>> 
>> 
>> 
>> 
>> 
>> *Error*
>> 
>> Error Message: You've entered an invalid Logon ID or Password. Please 
>> check that your Logon ID and Password are correct and try again.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> I know the  topsadmin/@88Topstopstops is the correct id/pd.
>> 
>> 
>> 
>> Any idea what happens here?     Any input is appreciated.   Following is
>> the contents of server.xml and LDAP_realm.xml
>> 
>> 
>> 
>> 
>> 
>> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>> 
>> <?xml version='1.0' encoding='utf-8'?>
>> 
>> <!DOCTYPE server-xml [
>> 
>>  <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>> 
>> ]>
>> 
>> <!--
>> 
>>  Licensed to the Apache Software Foundation (ASF) under one or more
>> 
>>  contributor license agreements.  See the NOTICE file distributed 
>> with
>> 
>>  this work for additional information regarding copyright ownership.
>> 
>>  The ASF licenses this file to You under the Apache License, Version 
>> 2.0
>> 
>>  (the "License"); you may not use this file except in compliance with
>> 
>>  the License.  You may obtain a copy of the License at
>> 
>> 
>> 
>>      http://www.apache.org/licenses/LICENSE-2.0
>> 
>> 
>> 
>>  Unless required by applicable law or agreed to in writing, software
>> 
>>  distributed under the License is distributed on an "AS IS" BASIS,
>> 
>>  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> 
>>  See the License for the specific language governing permissions and
>> 
>>  limitations under the License.
>> 
>> -->
>> 
>> <!-- Note:  A "Server" is not itself a "Container", so you may not
>> 
>>     define subcomponents such as "Valves" at this level.
>> 
>>     Documentation at /docs/config/server.html
>> 
>> -->
>> 
>> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>> 
>>  <Listener className="org.apache.catalina.startup.VersionLoggerListener"
>> />
>> 
>> 
>> 
>>  <!-- Security listener. Documentation at /docs/config/listeners.html 
>> -->
>> 
>>  <Listener className="org.apache.catalina.security.SecurityListener"
>> checkedOsUsers="root" minimumUmask="0007"/>
>> 
>> 
>> 
>>  <!--APR library loader. Documentation at /docs/apr.html -->
>> 
>>  <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> SSLEngine="on" />
>> 
>>  <!-- Prevent memory leaks due to use of particular java/javax 
>> APIs-->
>> 
>>  <Listener
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" 
>> />
>> 
>>  <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
>> " />
>> 
>>  <Listener
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" 
>> />
>> 
>> 
>> 
>>  <!-- Global JNDI resources Documentation at 
>> /docs/jndi-resources-howto.html -->
>> 
>>  <GlobalNamingResources>
>> 
>>    <!-- Editable user database that can also be used by 
>> UserDatabaseRealm to authenticate users -->
>> 
>>    <!--  *** Not needed, because we use JNDI Realm ***     -->
>> 
>> <!--    <Resource name="UserDatabase" auth="Container"
>> 
>>              type="org.apache.catalina.UserDatabase"
>> 
>>              description="User database that can be updated and saved"
>> 
>>              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>> 
>>              pathname="tomcat-users.xml" />
>> 
>> -->
>> 
>>  </GlobalNamingResources>
>> 
>> 
>> 
>> <!-- A "Service" is a collection of one or more "Connectors" that 
>> share
>> 
>>       a single "Container" Note:  A "Service" is not itself a 
>> "Container",
>> 
>>       so you may not define subcomponents such as "Valves" at this level.
>> 
>>       Documentation at /docs/config/service.html
>> 
>>   -->
>> 
>>  <Service name="Catalina">
>> 
>> 
>> 
>>    <!--The connectors can use a shared executor, you can define one 
>> or more named thread pools-->
>> 
>>    <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>> maxThreads="150" minSpareThreads="4"/>   -->
>> 
>> 
>> 
>>    <!-- A "Connector" represents an endpoint by which requests are 
>> received
>> 
>>         and responses are returned. Documentation at :
>> 
>>        Java HTTP Connector: /docs/config/http.html (blocking &
>> non-blocking)
>> 
>>         Java AJP  Connector: /docs/config/ajp.html
>> 
>>         APR (HTTP/AJP) Connector: /docs/apr.html
>> 
>>         Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>> 
>>    -->
>> 
>>    <Connector port="9080"
>> 
>>               protocol="HTTP/1.1"
>> 
>>               connectionTimeout="20000"
>> 
>>               redirectPort="9443"
>> 
>>               maxHttpHeaderSize="8192"
>> 
>>               allowTrace="false"
>> 
>>               xpoweredBy="false"
>> 
>>               enableLookups="false" />
>> 
>>    <!-- A "Connector" using the shared thread pool-->
>> 
>>    <!--
>> 
>>    <Connector executor="tomcatThreadPool"
>> 
>>               port="9080" protocol="HTTP/1.1"
>> 
>>               connectionTimeout="20000"
>> 
>>               redirectPort="9443"
>> 
>>               allowTrace="false"
>> 
>>               xpoweredBy="false"
>> 
>>               server="USPS"
>> 
>>               enableLookups="false" />
>> 
>>    -->
>> 
>>    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>> 
>>         This connector uses the NIO implementation that requires the 
>> JSSE
>> 
>>         style configuration. When using the APR/native 
>> implementation, the
>> 
>>         OpenSSL style configuration is required as described in the 
>> APR/native
>> 
>>         documentation -->
>> 
>> <Connector port="9443"
>> 
>>               protocol="org.apache.coyote.http11.Http11NioProtocol"
>> 
>>               connectionTimeout="60000"
>> 
>>               maxThreads="150"
>> 
>>               SSLEnabled="true"
>> 
>>               scheme="https"
>> 
>>               secure="true"
>> 
>>               keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>> 
>>               keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
>> 
>>               clientAuth="want"
>> 
>>               ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> 
>>                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> 
>>                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>> 
>>                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>> 
>>                        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> 
>>                        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> 
>>                        TLS_RSA_WITH_AES_256_CBC_SHA256,
>> 
>>                        TLS_RSA_WITH_AES_256_GCM_SHA384"
>> 
>>               maxHttpHeaderSize="8192"
>> 
>>               allowTrace="false"
>> 
>>               xpoweredBy="false"
>> 
>>               server="USPS"
>> 
>>               enableLookups="false" />
>> 
>> 
>> 
>>    <!-- Define an AJP 1.3 Connector on port 8009 -->
>> 
>>    <!--
>> 
>>    <Connector port="8009" protocol="AJP/1.3"
>> 
>>               connectionTimeout="20000"
>> 
>>               protocol="AJP/1.3"
>> 
>>               redirectPort="9443"
>> 
>>               allowTrace="false"
>> 
>>               xpoweredBy="false"
>> 
>>               enableLookups="false" />
>> 
>>    -->
>> 
>> 
>> 
>>    <!-- An Engine represents the entry point (within Catalina) that 
>> processes
>> 
>>         every request.  The Engine implementation for Tomcat stand 
>> alone
>> 
>>         analyzes the HTTP headers included with the request, and 
>> passes them
>> 
>>         on to the appropriate Host (virtual host).
>> 
>>         Documentation at /docs/config/engine.html -->
>> 
>> 
>> 
>>    <!-- You should set jvmRoute to support load-balancing via AJP ie :
>> 
>>    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>> 
>>    -->
>> 
>>    <Engine name="Catalina" defaultHost="localhost">
>> 
>> 
>> 
>>      <!--For clustering, please take a look at documentation at:
>> 
>>          /docs/cluster-howto.html  (simple how to)
>> 
>>          /docs/config/cluster.html (reference documentation) -->
>> 
>>      <!--
>> 
>>      <Cluster 
>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>> -->
>> 
>> 
>> 
>>      <!-- Use the LockOutRealm to prevent attempts to guess user 
>> passwords
>> 
>>           via a brute-force attack -->
>> 
>> <Realm className="org.apache.catalina.realm.LockOutRealm">
>> 
>> 
>> 
>>        <!-- This Realm uses the UserDatabase configured in the global 
>> JNDI
>> 
>>             resources under the key "UserDatabase".  Any edits
>> 
>>             that are performed against this UserDatabase are 
>> immediately
>> 
>>             available for use by the Realm.  -->
>> 
>>        <!--
>> 
>>        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> 
>>               resourceName="UserDatabase"/>
>> 
>>        -->
>> 
>>        &LDAP_realm;
>> 
>>      </Realm>
>> 
>> 
>> 
>>      <Host name="localhost"
>> 
>>            appBase="webapps"
>> 
>>            unpackWARs="true"
>> 
>>            deployOnStartup="false"
>> 
>>            autoDeploy="false">
>> 
>> 
>> 
>>         <Context path=""
>> 
>>            docBase="/opt/TomCat/tomcat/webapps/ROOT"
>> 
>>            debug="0"
>> 
>>            privileged="true">
>> 
>>         </Context>
>> 
>> 
>> 
>>         <Context path="/TOPS-WEB"
>> 
>>                  docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>> 
>>                  debug="0"
>> 
>>                  privileged="true">
>> 
>>                  <Resource name="jdbc/TOPSDB"
>> 
>>                            auth="Container"
>> 
>>                            type="javax.sql.DataSource"
>> 
>>                            driverClassName="oracle.jdbc.OracleDriver"
>> 
>>                            inactiveConnectionTimeout="120"
>> 
>>                            maxPoolSize="20"
>> 
>>                            minPoolSize="1"
>> 
>>                            password="g3td0wn"
>> 
>>                            url="jdbc:oracle:thin:@ 
>> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
>> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>> 
>> 
>> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
>> 1521)))(CONNECT_DATA=(SERVICE_NAME=
>> dtops.usps.gov)))"
>> 
>>                            username="TOPS_ADMIN"
>> 
>>                            validateConnectionOnBorrow="true"/>
>> 
>>         </Context>
>> 
>> 
>> 
>> <!-- SingleSignOn valve, share authentication between web applications
>> 
>>              Documentation at: /docs/config/valve.html -->
>> 
>>         <!--
>> 
>>         <Valve className="org.apache.catalina.authenticator.SingleSignOn"
>> />
>> 
>>         -->
>> 
>> 
>> 
>>         <!-- Access log processes all example.
>> 
>>              Documentation at: /docs/config/valve.html
>> 
>>              Note: The pattern used is equivalent to using 
>> pattern="common" -->
>> 
>>         <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs"
>> 
>>                prefix="localhost_access_log" suffix=".txt"
>> 
>>                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>> 
>> 
>> 
>>      </Host>
>> 
>>    </Engine>
>> 
>>  </Service>
>> 
>> </Server>
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>> 
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> 
>>   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>> 
>>   connectionName="wasdev2@devsub.dev.dce.usps.gov"
>> 
>>   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
>> 
>>   authentication="simple"
>> 
>>   referrals="ignore"
>> 
>>   userSearch="(sAMAccountName={0})"
>> 
>>   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>> 
>>   userSubtree="true"
>> 
>>   roleSearch="(member={0})"
>> 
>>   roleName="cn"
>> 
>>   roleSubtree="true"
>> 
>>   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>> 
>>   adCompat="true"
>> 
>> />
>> 
>> 
>> 
>> 
>> 
>> Thanks
>> 
>> Gary
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
> 
> 
> -- 
> 
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> 
> - Samuel Beckett
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


RE: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Posted by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID>.
Luis:

     	Thanks for your input.   I put the following into conf/logging.properties and add  debug="99"  in the Realm definition  so I can see more Realm logging information:

org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true


	After the first login attempt in the application TOPS login screen,   the URL was redirected to  https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check  with invalid UID/PW message.    Then I entered  topsadmin/@88Topstopstops as id/pd and clicked  the Login button again,  I got the following message in the catalina.out:


15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /TOPS-WEB/j_security_check
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling hasUserDataPermission()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data constraint already satisfied
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling authenticate()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'topsadmin'
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
 javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
        at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
        at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
        at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
        at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
        at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
        at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
        at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
        at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:210)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
        at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
        at com.sun.jndi.ldap.Connection.run(Connection.java:877)
        ... 1 more

15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'topsadmin' was successful
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Redirecting to original '/TOPS-WEB/'
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed authenticate() test
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /TOPS-WEB/
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp --> true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET /index.jsp --> false
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints   Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling hasUserDataPermission()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission   User data constraint has no restrictions
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling authenticate()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated 'topsadmin' with type 'FORM'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to restored request
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Calling accessControl()
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission   Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_INQUIRY
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_ADMIN]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_ADMIN
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_SFO
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_MODELING]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_MODELING
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INQUIRY
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_EDITOR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_EDITOR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_JFK
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_JECEWR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_ORD
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTERNATIONAL
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_LAX
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:  TOPS_INTL_FIELD_USER_MIA
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed accessControl() test



The error messages on the screen looks like below:

HTTP Status 403 – Forbidden

Type Status Report

Message Access to the requested resource has been denied

Description The server understood the request but refuses to authorize it.

USPS_restricted






Any idea what is that about?   Again the Ream definition is:

<Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
   connectionName="wasdev2@devsub.dev.dce.usps.gov"
   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
   authentication="simple"
   referrals="ignore"
   userSearch="(sAMAccountName={0})"
   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   userSubtree="true"
   roleSearch="(member={0})"
   roleName="cn"
   roleSubtree="true"
   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   adCompat="true"
/>



Thanks
Gary


-----Original Message-----
From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com] 
Sent: Monday, April 15, 2019 3:47 AM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Hello Gary,

I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search filters ldapsearch can be your friend [2] :)

Hope it helps,

Luis

[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html







El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
(<Ga...@usps.gov.invalid>) escribió:

> All:
>
>
>
>      Sorry on my previous email I have some graphic contents that can not
> be displayed.   Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [ 
> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
>                 The Tomcat server works fine in my local computer with  
> application “TOPS“ in Eclipse.  I deployed the TOPS application to our 
> DEV web server eagnmnmed1f45 under webapps.
>
>
>
>                 After I started the Tomcat  server (9.0.13) in DEV 
> server and entered the TOPS home page URL 
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the
> browser,       it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:
>
>
>
>
>
> *The website cannot display the page*
>
>   HTTP 500
>
>
>
> *Most likely causes:*
>
>    - The website is under maintenance.
>    - The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f 
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find 
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not 
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded 
> for module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules 
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules 
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for 
> module ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler 
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  - 
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
>         at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> n.java:120)
>
>         at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> n.java:61)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> (AbstractDispatchAction.java:136)
>
>         at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> ctDispatchAction.java:84)
>
>         at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> (AbstractTOPSDispatchAction.java:258)
>
>         at
> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> Processor.java:419)
>
>         at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> a:224)
>
>         at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> )
>
>         at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
>         at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
>         at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:170)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:225)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> Filter.java:125)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> )
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at 
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
>         at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> lve.java:199)
>
>         at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> lve.java:96)
>
>         at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> orBase.java:607)
>
>         at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> va:139)
>
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> va:92)
>
>         at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> sLogValve.java:668)
>
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> e.java:74)
>
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> :343)
>
>         at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> 408)
>
>         at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> t.java:66)
>
>         at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> rotocol.java:791)
>
>         at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> nt.java:1417)
>
>         at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> .java:49)
>
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> ava:1149)
>
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> java:624)
>
>         at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> ead.java:61)
>
>         at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
>
>
>          If I only entered  “http://eagnmnmed1f45:9080/TOPS-WEB/”,  
> the login screen showed up.
>
>         After I entered   topsadmin/@88Topstopstops as id/pd and clicked
> Login button on the login screen,    I got the following error:
>
>
>
>
>
> *Error*
>
> Error Message: You've entered an invalid Logon ID or Password. Please 
> check that your Logon ID and Password are correct and try again.
>
>
>
>
>
>
>
>
>
> I know the  topsadmin/@88Topstopstops is the correct id/pd.
>
>
>
> Any idea what happens here?     Any input is appreciated.   Following is
> the contents of server.xml and LDAP_realm.xml
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <!DOCTYPE server-xml [
>
>   <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>
> ]>
>
> <!--
>
>   Licensed to the Apache Software Foundation (ASF) under one or more
>
>   contributor license agreements.  See the NOTICE file distributed 
> with
>
>   this work for additional information regarding copyright ownership.
>
>   The ASF licenses this file to You under the Apache License, Version 
> 2.0
>
>   (the "License"); you may not use this file except in compliance with
>
>   the License.  You may obtain a copy of the License at
>
>
>
>       http://www.apache.org/licenses/LICENSE-2.0
>
>
>
>   Unless required by applicable law or agreed to in writing, software
>
>   distributed under the License is distributed on an "AS IS" BASIS,
>
>   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>
>   See the License for the specific language governing permissions and
>
>   limitations under the License.
>
> -->
>
> <!-- Note:  A "Server" is not itself a "Container", so you may not
>
>      define subcomponents such as "Valves" at this level.
>
>      Documentation at /docs/config/server.html
>
> -->
>
> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>
>   <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
>
>
>
>   <!-- Security listener. Documentation at /docs/config/listeners.html 
> -->
>
>   <Listener className="org.apache.catalina.security.SecurityListener"
> checkedOsUsers="root" minimumUmask="0007"/>
>
>
>
>   <!--APR library loader. Documentation at /docs/apr.html -->
>
>   <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
>   <!-- Prevent memory leaks due to use of particular java/javax 
> APIs-->
>
>   <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" 
> />
>
>   <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> " />
>
>   <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" 
> />
>
>
>
>   <!-- Global JNDI resources Documentation at 
> /docs/jndi-resources-howto.html -->
>
>   <GlobalNamingResources>
>
>     <!-- Editable user database that can also be used by 
> UserDatabaseRealm to authenticate users -->
>
>     <!--  *** Not needed, because we use JNDI Realm ***     -->
>
> <!--    <Resource name="UserDatabase" auth="Container"
>
>               type="org.apache.catalina.UserDatabase"
>
>               description="User database that can be updated and saved"
>
>               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>
>               pathname="tomcat-users.xml" />
>
> -->
>
>   </GlobalNamingResources>
>
>
>
> <!-- A "Service" is a collection of one or more "Connectors" that 
> share
>
>        a single "Container" Note:  A "Service" is not itself a 
> "Container",
>
>        so you may not define subcomponents such as "Valves" at this level.
>
>        Documentation at /docs/config/service.html
>
>    -->
>
>   <Service name="Catalina">
>
>
>
>     <!--The connectors can use a shared executor, you can define one 
> or more named thread pools-->
>
>     <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>   -->
>
>
>
>     <!-- A "Connector" represents an endpoint by which requests are 
> received
>
>          and responses are returned. Documentation at :
>
>         Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>
>          Java AJP  Connector: /docs/config/ajp.html
>
>          APR (HTTP/AJP) Connector: /docs/apr.html
>
>          Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>
>     -->
>
>     <Connector port="9080"
>
>                protocol="HTTP/1.1"
>
>                connectionTimeout="20000"
>
>                redirectPort="9443"
>
>                maxHttpHeaderSize="8192"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                enableLookups="false" />
>
>     <!-- A "Connector" using the shared thread pool-->
>
>     <!--
>
>     <Connector executor="tomcatThreadPool"
>
>                port="9080" protocol="HTTP/1.1"
>
>                connectionTimeout="20000"
>
>                redirectPort="9443"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                server="USPS"
>
>                enableLookups="false" />
>
>     -->
>
>     <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>
>          This connector uses the NIO implementation that requires the 
> JSSE
>
>          style configuration. When using the APR/native 
> implementation, the
>
>          OpenSSL style configuration is required as described in the 
> APR/native
>
>          documentation -->
>
> <Connector port="9443"
>
>                protocol="org.apache.coyote.http11.Http11NioProtocol"
>
>                connectionTimeout="60000"
>
>                maxThreads="150"
>
>                SSLEnabled="true"
>
>                scheme="https"
>
>                secure="true"
>
>                keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>
>                keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
>
>                clientAuth="want"
>
>                ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>
>                         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>
>                         TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_RSA_WITH_AES_256_CBC_SHA256,
>
>                         TLS_RSA_WITH_AES_256_GCM_SHA384"
>
>                maxHttpHeaderSize="8192"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                server="USPS"
>
>                enableLookups="false" />
>
>
>
>     <!-- Define an AJP 1.3 Connector on port 8009 -->
>
>     <!--
>
>     <Connector port="8009" protocol="AJP/1.3"
>
>                connectionTimeout="20000"
>
>                protocol="AJP/1.3"
>
>                redirectPort="9443"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                enableLookups="false" />
>
>     -->
>
>
>
>     <!-- An Engine represents the entry point (within Catalina) that 
> processes
>
>          every request.  The Engine implementation for Tomcat stand 
> alone
>
>          analyzes the HTTP headers included with the request, and 
> passes them
>
>          on to the appropriate Host (virtual host).
>
>          Documentation at /docs/config/engine.html -->
>
>
>
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>
>     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>
>     -->
>
>     <Engine name="Catalina" defaultHost="localhost">
>
>
>
>       <!--For clustering, please take a look at documentation at:
>
>           /docs/cluster-howto.html  (simple how to)
>
>           /docs/config/cluster.html (reference documentation) -->
>
>       <!--
>
>       <Cluster 
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
>
>
>       <!-- Use the LockOutRealm to prevent attempts to guess user 
> passwords
>
>            via a brute-force attack -->
>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
>
>
>
>         <!-- This Realm uses the UserDatabase configured in the global 
> JNDI
>
>              resources under the key "UserDatabase".  Any edits
>
>              that are performed against this UserDatabase are 
> immediately
>
>              available for use by the Realm.  -->
>
>         <!--
>
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
>                resourceName="UserDatabase"/>
>
>         -->
>
>         &LDAP_realm;
>
>       </Realm>
>
>
>
>       <Host name="localhost"
>
>             appBase="webapps"
>
>             unpackWARs="true"
>
>             deployOnStartup="false"
>
>             autoDeploy="false">
>
>
>
>          <Context path=""
>
>             docBase="/opt/TomCat/tomcat/webapps/ROOT"
>
>             debug="0"
>
>             privileged="true">
>
>          </Context>
>
>
>
>          <Context path="/TOPS-WEB"
>
>                   docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>
>                   debug="0"
>
>                   privileged="true">
>
>                   <Resource name="jdbc/TOPSDB"
>
>                             auth="Container"
>
>                             type="javax.sql.DataSource"
>
>                             driverClassName="oracle.jdbc.OracleDriver"
>
>                             inactiveConnectionTimeout="120"
>
>                             maxPoolSize="20"
>
>                             minPoolSize="1"
>
>                             password="g3td0wn"
>
>                             url="jdbc:oracle:thin:@ 
> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>
>
> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> dtops.usps.gov)))"
>
>                             username="TOPS_ADMIN"
>
>                             validateConnectionOnBorrow="true"/>
>
>          </Context>
>
>
>
> <!-- SingleSignOn valve, share authentication between web applications
>
>               Documentation at: /docs/config/valve.html -->
>
>          <!--
>
>          <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
>          -->
>
>
>
>          <!-- Access log processes all example.
>
>               Documentation at: /docs/config/valve.html
>
>               Note: The pattern used is equivalent to using 
> pattern="common" -->
>
>          <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>
>                 prefix="localhost_access_log" suffix=".txt"
>
>                 pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>
>
>
>       </Host>
>
>     </Engine>
>
>   </Service>
>
> </Server>
>
>
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>
>    connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>
>    connectionName="wasdev2@devsub.dev.dce.usps.gov"
>
>    connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
>
>    authentication="simple"
>
>    referrals="ignore"
>
>    userSearch="(sAMAccountName={0})"
>
>    userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
>    userSubtree="true"
>
>    roleSearch="(member={0})"
>
>    roleName="cn"
>
>    roleSubtree="true"
>
>    roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
>    adCompat="true"
>
> />
>
>
>
>
>
> Thanks
>
> Gary
>
>
>
>
>
>
>
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Re: Tomcat(9.0.13) Error in DEV Server

Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Gary,

I would recommend you to add some debug to your JNDIReam [1]. For debugging
your ldap search filters ldapsearch can be your friend [2] :)

Hope it helps,

Luis

[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html







El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
(<Ga...@usps.gov.invalid>) escribió:

> All:
>
>
>
>      Sorry on my previous email I have some graphic contents that can not
> be displayed.   Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
>                 The Tomcat server works fine in my local computer with
>  application “TOPS“ in Eclipse.  I deployed the TOPS application to our DEV
> web server eagnmnmed1f45 under webapps.
>
>
>
>                 After I started the Tomcat  server (9.0.13) in DEV server
> and entered the TOPS home page URL
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the
> browser,       it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:
>
>
>
>
>
> *The website cannot display the page*
>
>   HTTP 500
>
>
>
> *Most likely causes:*
>
>    - The website is under maintenance.
>    - The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded for
> module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for module
> ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  -
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
>         at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
>
>         at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
>
>         at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
>
>         at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
>
>         at
> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
>
>         at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
>
>         at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
>
>         at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
>         at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
>         at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
>         at
> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:498)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
>
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
>
>         at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
>
>         at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>
>         at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
>
>         at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
>
>         at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>
>         at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
>
>         at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>
>         at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
>
>         at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
>
>         at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>
>         at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
>
>         at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
>
>         at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>
>         at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>
>         at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
>
>
>          If I only entered  “http://eagnmnmed1f45:9080/TOPS-WEB/”,  the
> login screen showed up.
>
>         After I entered   topsadmin/@88Topstopstops as id/pd and clicked
> Login button on the login screen,    I got the following error:
>
>
>
>
>
> *Error*
>
> Error Message: You've entered an invalid Logon ID or Password. Please
> check that your Logon ID and Password are correct and try again.
>
>
>
>
>
>
>
>
>
> I know the  topsadmin/@88Topstopstops is the correct id/pd.
>
>
>
> Any idea what happens here?     Any input is appreciated.   Following is
> the contents of server.xml and LDAP_realm.xml
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <!DOCTYPE server-xml [
>
>   <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>
> ]>
>
> <!--
>
>   Licensed to the Apache Software Foundation (ASF) under one or more
>
>   contributor license agreements.  See the NOTICE file distributed with
>
>   this work for additional information regarding copyright ownership.
>
>   The ASF licenses this file to You under the Apache License, Version 2.0
>
>   (the "License"); you may not use this file except in compliance with
>
>   the License.  You may obtain a copy of the License at
>
>
>
>       http://www.apache.org/licenses/LICENSE-2.0
>
>
>
>   Unless required by applicable law or agreed to in writing, software
>
>   distributed under the License is distributed on an "AS IS" BASIS,
>
>   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>
>   See the License for the specific language governing permissions and
>
>   limitations under the License.
>
> -->
>
> <!-- Note:  A "Server" is not itself a "Container", so you may not
>
>      define subcomponents such as "Valves" at this level.
>
>      Documentation at /docs/config/server.html
>
> -->
>
> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>
>   <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
>
>
>
>   <!-- Security listener. Documentation at /docs/config/listeners.html -->
>
>   <Listener className="org.apache.catalina.security.SecurityListener"
> checkedOsUsers="root" minimumUmask="0007"/>
>
>
>
>   <!--APR library loader. Documentation at /docs/apr.html -->
>
>   <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
>   <!-- Prevent memory leaks due to use of particular java/javax APIs-->
>
>   <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>
>   <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>
>   <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
>
>
>   <!-- Global JNDI resources Documentation at
> /docs/jndi-resources-howto.html -->
>
>   <GlobalNamingResources>
>
>     <!-- Editable user database that can also be used by UserDatabaseRealm
> to authenticate users -->
>
>     <!--  *** Not needed, because we use JNDI Realm ***     -->
>
> <!--    <Resource name="UserDatabase" auth="Container"
>
>               type="org.apache.catalina.UserDatabase"
>
>               description="User database that can be updated and saved"
>
>               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>
>               pathname="tomcat-users.xml" />
>
> -->
>
>   </GlobalNamingResources>
>
>
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
>
>        a single "Container" Note:  A "Service" is not itself a "Container",
>
>        so you may not define subcomponents such as "Valves" at this level.
>
>        Documentation at /docs/config/service.html
>
>    -->
>
>   <Service name="Catalina">
>
>
>
>     <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
>
>     <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>   -->
>
>
>
>     <!-- A "Connector" represents an endpoint by which requests are
> received
>
>          and responses are returned. Documentation at :
>
>         Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>
>          Java AJP  Connector: /docs/config/ajp.html
>
>          APR (HTTP/AJP) Connector: /docs/apr.html
>
>          Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>
>     -->
>
>     <Connector port="9080"
>
>                protocol="HTTP/1.1"
>
>                connectionTimeout="20000"
>
>                redirectPort="9443"
>
>                maxHttpHeaderSize="8192"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                enableLookups="false" />
>
>     <!-- A "Connector" using the shared thread pool-->
>
>     <!--
>
>     <Connector executor="tomcatThreadPool"
>
>                port="9080" protocol="HTTP/1.1"
>
>                connectionTimeout="20000"
>
>                redirectPort="9443"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                server="USPS"
>
>                enableLookups="false" />
>
>     -->
>
>     <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>
>          This connector uses the NIO implementation that requires the JSSE
>
>          style configuration. When using the APR/native implementation, the
>
>          OpenSSL style configuration is required as described in the
> APR/native
>
>          documentation -->
>
> <Connector port="9443"
>
>                protocol="org.apache.coyote.http11.Http11NioProtocol"
>
>                connectionTimeout="60000"
>
>                maxThreads="150"
>
>                SSLEnabled="true"
>
>                scheme="https"
>
>                secure="true"
>
>                keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>
>                keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
>
>                clientAuth="want"
>
>                ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>
>                         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>
>                         TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>
>                         TLS_RSA_WITH_AES_256_CBC_SHA256,
>
>                         TLS_RSA_WITH_AES_256_GCM_SHA384"
>
>                maxHttpHeaderSize="8192"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                server="USPS"
>
>                enableLookups="false" />
>
>
>
>     <!-- Define an AJP 1.3 Connector on port 8009 -->
>
>     <!--
>
>     <Connector port="8009" protocol="AJP/1.3"
>
>                connectionTimeout="20000"
>
>                protocol="AJP/1.3"
>
>                redirectPort="9443"
>
>                allowTrace="false"
>
>                xpoweredBy="false"
>
>                enableLookups="false" />
>
>     -->
>
>
>
>     <!-- An Engine represents the entry point (within Catalina) that
> processes
>
>          every request.  The Engine implementation for Tomcat stand alone
>
>          analyzes the HTTP headers included with the request, and passes
> them
>
>          on to the appropriate Host (virtual host).
>
>          Documentation at /docs/config/engine.html -->
>
>
>
>     <!-- You should set jvmRoute to support load-balancing via AJP ie :
>
>     <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>
>     -->
>
>     <Engine name="Catalina" defaultHost="localhost">
>
>
>
>       <!--For clustering, please take a look at documentation at:
>
>           /docs/cluster-howto.html  (simple how to)
>
>           /docs/config/cluster.html (reference documentation) -->
>
>       <!--
>
>       <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
>
>
>       <!-- Use the LockOutRealm to prevent attempts to guess user passwords
>
>            via a brute-force attack -->
>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
>
>
>
>         <!-- This Realm uses the UserDatabase configured in the global JNDI
>
>              resources under the key "UserDatabase".  Any edits
>
>              that are performed against this UserDatabase are immediately
>
>              available for use by the Realm.  -->
>
>         <!--
>
>         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
>                resourceName="UserDatabase"/>
>
>         -->
>
>         &LDAP_realm;
>
>       </Realm>
>
>
>
>       <Host name="localhost"
>
>             appBase="webapps"
>
>             unpackWARs="true"
>
>             deployOnStartup="false"
>
>             autoDeploy="false">
>
>
>
>          <Context path=""
>
>             docBase="/opt/TomCat/tomcat/webapps/ROOT"
>
>             debug="0"
>
>             privileged="true">
>
>          </Context>
>
>
>
>          <Context path="/TOPS-WEB"
>
>                   docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>
>                   debug="0"
>
>                   privileged="true">
>
>                   <Resource name="jdbc/TOPSDB"
>
>                             auth="Container"
>
>                             type="javax.sql.DataSource"
>
>                             driverClassName="oracle.jdbc.OracleDriver"
>
>                             inactiveConnectionTimeout="120"
>
>                             maxPoolSize="20"
>
>                             minPoolSize="1"
>
>                             password="g3td0wn"
>
>                             url="jdbc:oracle:thin:@
> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>
>
> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=
> dtops.usps.gov)))"
>
>                             username="TOPS_ADMIN"
>
>                             validateConnectionOnBorrow="true"/>
>
>          </Context>
>
>
>
> <!-- SingleSignOn valve, share authentication between web applications
>
>               Documentation at: /docs/config/valve.html -->
>
>          <!--
>
>          <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
>          -->
>
>
>
>          <!-- Access log processes all example.
>
>               Documentation at: /docs/config/valve.html
>
>               Note: The pattern used is equivalent to using
> pattern="common" -->
>
>          <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>
>                 prefix="localhost_access_log" suffix=".txt"
>
>                 pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>
>
>
>       </Host>
>
>     </Engine>
>
>   </Service>
>
> </Server>
>
>
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>
>    connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>
>    connectionName="wasdev2@devsub.dev.dce.usps.gov"
>
>    connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
>
>    authentication="simple"
>
>    referrals="ignore"
>
>    userSearch="(sAMAccountName={0})"
>
>    userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
>    userSubtree="true"
>
>    roleSearch="(member={0})"
>
>    roleName="cn"
>
>    roleSubtree="true"
>
>    roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
>    adCompat="true"
>
> />
>
>
>
>
>
> Thanks
>
> Gary
>
>
>
>
>
>
>
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Tomcat(9.0.13) Error in DEV Server

Posted by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID>.
All:

     Sorry on my previous email I have some graphic contents that can not be displayed.   Now I change it to texts so you can see them

From: Hua, Gary - Saint Louis, MO - Contractor [mailto:Gang.Hua@usps.gov.INVALID]
Sent: Thursday, April 11, 2019 4:29 PM
To: users@tomcat.apache.org<ma...@tomcat.apache.org>
Subject: [EXTERNAL] Tomcat(9.0.13) Error in DEV Server

Tomcat Experts:

                The Tomcat server works fine in my local computer with  application "TOPS" in Eclipse.  I deployed the TOPS application to our DEV web server eagnmnmed1f45 under webapps.

                After I started the Tomcat  server (9.0.13) in DEV server and entered the TOPS home page URL  http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the browser,       it was re-directed to   https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.    and following error:


The website cannot display the page

  HTTP 500



Most likely causes:

  *   The website is under maintenance.
  *   The website has a programming error.



What you can try:



[res://\\ieframe.dll/bullet.png]

Refresh the page.<javascript:clickRefresh()>Refresh the page.




[res://\\ieframe.dll/bullet.png]

Go back to the previous page.<javascript:history.back();>Go back to the previous page.




[More information]<res://\\ieframe.dll/http_500.htm>

More information<javascript:expandCollapse('infoBlockID',%20true);>




atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail<mailto:atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs%3etail> -f catalina.out
5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find configuration [LegDistanceImpl]; using defaults.
5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not binding factory to JNDI, no JNDI name configured
0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized. Response buffering is enabled
1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded for module ''.
1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules file from '/WEB-INF/validator-rules.xml'
1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules file from '/WEB-INF/validation.xml'
1738 [main] INFO tiles.TilesPlugin  - Factory already exists for module ''. The factory found is from module ''. No new creation.
05-Apr-2019 11:18:01.913 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-9080"]
05-Apr-2019 11:18:01.928 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-9443"]
05-Apr-2019 11:18:01.932 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  - Tiles definition factory found for request processor ''.
Error connecting to LDAP server.
java.lang.NullPointerException
        at com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
        at com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
        at com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
        at com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
        at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:225)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)



         If I only entered  "http://eagnmnmed1f45:9080/TOPS-WEB/",  the login screen showed up.
        After I entered   topsadmin/@88Topstopstops as id/pd and clicked Login button on the login screen,    I got the following error:


Error

Error Message: You've entered an invalid Logon ID or Password. Please check that your Logon ID and Password are correct and try again.





I know the  topsadmin/@88Topstopstops is the correct id/pd.

Any idea what happens here?     Any input is appreciated.   Following is the contents of server.xml and LDAP_realm.xml


atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE server-xml [
  <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
]>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
-->
<Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />

  <!-- Security listener. Documentation at /docs/config/listeners.html -->
  <Listener className="org.apache.catalina.security.SecurityListener"   checkedOsUsers="root" minimumUmask="0007"/>

  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -->
    <!--  *** Not needed, because we use JNDI Realm ***     -->
<!--    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="tomcat-users.xml" />
-->
  </GlobalNamingResources>

<!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"  maxThreads="150" minSpareThreads="4"/>   -->

    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
        Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
    -->
    <Connector port="9080"
               protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="9443"
               maxHttpHeaderSize="8192"
               allowTrace="false"
               xpoweredBy="false"
               enableLookups="false" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="9080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="9443"
               allowTrace="false"
               xpoweredBy="false"
               server="USPS"
               enableLookups="false" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
<Connector port="9443"
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               connectionTimeout="60000"
               maxThreads="150"
               SSLEnabled="true"
               scheme="https"
               secure="true"
               keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
               keystorePass="&#52;&#98;&#105;&#100;&#100;&#101;&#110;&#33;"
               clientAuth="want"
               ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_GCM_SHA384"
               maxHttpHeaderSize="8192"
               allowTrace="false"
               xpoweredBy="false"
               server="USPS"
               enableLookups="false" />

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector port="8009" protocol="AJP/1.3"
               connectionTimeout="20000"
               protocol="AJP/1.3"
               redirectPort="9443"
               allowTrace="false"
               xpoweredBy="false"
               enableLookups="false" />
    -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>  -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">

        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <!--
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
        -->
        &LDAP_realm;
      </Realm>

      <Host name="localhost"
            appBase="webapps"
            unpackWARs="true"
            deployOnStartup="false"
            autoDeploy="false">

         <Context path=""
            docBase="/opt/TomCat/tomcat/webapps/ROOT"
            debug="0"
            privileged="true">
         </Context>

         <Context path="/TOPS-WEB"
                  docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
                  debug="0"
                  privileged="true">
                  <Resource name="jdbc/TOPSDB"
                            auth="Container"
                            type="javax.sql.DataSource"
                            driverClassName="oracle.jdbc.OracleDriver"
                            inactiveConnectionTimeout="120"
                            maxPoolSize="20"
                            minPoolSize="1"
                            password="g3td0wn"
                            url="jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE=ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=dtops.usps.gov)))"
                            username="TOPS_ADMIN"
                            validateConnectionOnBorrow="true"/>
         </Context>

<!-- SingleSignOn valve, share authentication between web applications
              Documentation at: /docs/config/valve.html -->
         <!--
         <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
         -->

         <!-- Access log processes all example.
              Documentation at: /docs/config/valve.html
              Note: The pattern used is equivalent to using pattern="common" -->
         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
                prefix="localhost_access_log" suffix=".txt"
                pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>



atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
   connectionName="wasdev2@devsub.dev.dce.usps.gov<ma...@devsub.dev.dce.usps.gov>"
   connectionPassword="&#70;&#48;&#114;&#107;&#101;&#100;&#117;&#112;"
   authentication="simple"
   referrals="ignore"
   userSearch="(sAMAccountName={0})"
   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   userSubtree="true"
   roleSearch="(member={0})"
   roleName="cn"
   roleSubtree="true"
   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
   adCompat="true"
/>


Thanks
Gary