You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jason Harrop <jh...@bigpond.net.au> on 2001/03/02 16:13:17 UTC
Re: [TC4] HTTP 1.1 client authentication problems STILL
Jason Harrop wrote:
> Replying to my own post - this problem went away when i updated to the
> latest TC cvs sources and rebuilt. cheers, Jason
Actually it didn't :( Attached please find what i see. i'm not sure
whether the fact that i have 2 webapps is implicated in this - i suspect
so.
cheers, jason
============= without SSO ========================
[click on link requiring authentication in first webapp (called TestDrive)]
- user gets authentication challenge
- tcpdump says for request:
G E T / T e s t D r i v e / p r o t e c t e d
/ s h o w H o m e D i r e c t o
r y H T T P / 1 . 1
- Tomcat log says:
61.9.164.185 - - [02/Mar/2001:23:34:57 10000] "GET
/TestDrive/protected/showHomeDirectory HTTP/1.1" 401 -
- tcpdump says for response:
H T T P / 1 . 1 4 0 1 U n a u t h o r i z e
d
W W W - A u t h e n t i c a t e : B a s i c
r e a l m = " S m a r t P r e c
e d e n t S e r v e r "
[all ok so far - enter authentication information]
- tcp dump says for request:
G E T / T e s t D r i v e / p r o t e c t e d
/ s h o w H o m e D i r e c t o
r y H T T P / 1 . 1
A u t h o r i z a t i o n : B a s i c Z n J
l Z D p u Z Y V r
- Tomcat log says:
61.9.164.185 - jerry [02/Mar/2001:23:44:32 10000] "GET
/TestDrive/protected/showHomeDirectory HTTP/1.1" 200 688
- tcpdump says for response:
H T T P / 1 . 1
2 0 0
p r a g m a : n o - c a c h e
T r a n s f e r - E n c o d i n g : c h u n
k e d
S e r v e r : A p a c h e T o m c a t / 4 . 0 - d
e v ( H T T P / 1 . 1 C o n
n e c t o r )
C a c h e - C o n t r o l : n o - c a c h e
[okay so far - so click on another link (second webapp, called
SmartPrecedentServer), and USER GETS BLANK SCREEN :(]
- tcpdump says for request
G E T / S m a r t P r e c e d e n t S e r v e
r / a s k I n t e r v i e w P r
e f e r e n c e s ? I D = % 2 F
f i l e s % 2 F d e m o n s t r
a t i o n % 2 F S e r v i c e s
+ A g r e e m e n t . x m l & r
e p o s i t o r y n a m e = T e
s t D r i v e H T T P / 1 . 1
C o n n e c t i o n :
K e e p - A l i v e
- Tomcat logs say
61.9.164.185 - - [02/Mar/2001:23:50:07 10000] "GET
/SmartPrecedentServer/askInterviewPreferences HTTP/1.1" 401 -
- tcpdump says for response
H T T P / 1 . 1
4 0 1 U n a u t h o r i z e
d
S e r v e r : A p a c h e T o m c a t / 4 . 0 - d e
v ( H T T P / 1 . 1 C o n n
e c t o r )
W W W - A u t h e n t i c a t e : B a s i c
r e a l m = " S m a r t P r e c
e d e n t S e r v e r "
[user doesn't do anything]
- tcpdump says for request
G E T / S m a r t P r e c e d e n t S e r v e
r / a s k I n t e r v i e w P r
e f e r e n c e s ? I D = % 2 F
f i l e s % 2 F d e m o n s t r
a t i o n % 2 F S e r v i c e s
+ A g r e e m e n t . x m l & r
e p o s i t o r y n a m e = T e
s t D r i v e H T T P / 1 . 1
A u t h o r i z a t i o n : B a s i c
Z n J l Z D p u Z Y V r
- Tomcat logs say nothing :(
- tcpdump does not show any response
[User clicks refresh]
- tcpdump says for request
G E T / S m a
r t P r e c e d e n t S e r v e
r / a s k I n t e r v i e w P r
e f e r e n c e s ? I D = % 2 F
f i l e s % 2 F d e m o n s t r
a t i o n % 2 F S e r v i c e s
+ A g r e e m e n t . x m l & r
e p o s i t o r y n a m e = T e
s t D r i v e H T T P / 1 . 1
C o n n e
c t i o n : K e e p - A l i v
e
A u t h o r i z a t i o n
: B a s i c Z n J l Z D p u
Z Y V r
- Tomcat log says
61.9.164.185 - jerry [02/Mar/2001:23:56:56 10000] "GET
/SmartPrecedentServer/askInterviewPreferences HTTP/1.1" 200 1315
- tcpdump says for response:
H T T P / 1 . 1
2 0 0
P r a g m a : n
o - c a c h e
T r a n s f e
r - E n c o d i n g : c h u n
k e d
S e r v e r : A p a
c h e T o m c a t / 4 . 0 - d
e v ( H T T P / 1 . 1 C o n
n e c t o r )
C a c h e - C
o n t r o l : n o - c a c h e
S e t - C o o k i e : J S
E S S I O N I D = [etc]
================ with SSO ==================================
If i go through the exercise with SingleSignOn support enabled:
[eventually we get to the request:]
G E T / S m a
r t P r e c e d e n t S e r v e
r / a s k I n t e r v i e w P r
e f e r e n c e s ? I D = % 2 F
f i l e s % 2 F d e m o n s t r
a t i o n % 2 F S e r v i c e s
+ A g r e e m e n t . x m l & r
e p o s i t o r y n a m e = T e
s t D r i v e H T T P / 1 . 1
[there is no authorization header]
Tomcat log says BOTH OF THE FOLLOWING!
61.9.164.185 - - [02/Mar/2001:23:50:07 10000] "GET
/SmartPrecedentServer/askInterviewPreferences HTTP/1.1" 401 -
61.9.164.185 - jerry [02/Mar/2001:23:56:56 10000] "GET
/SmartPrecedentServer/askInterviewPreferences HTTP/1.1" 200 1315
BUT tcp dump doesn't show a response to the first request, and nor does
it show the second request to have been made!?
neither the logs nor tcpdump show SSO cookie to be set:
2001-03-03 00:09:07 SingleSignOn[localhost]: Checking for SSO cookie
2001-03-03 00:09:07 SingleSignOn[localhost]: SSO cookie is not present
2001-03-03 00:09:07 StandardHost[localhost]: Mapping request URI
'/TestDrive/protected/showHomeDirectory'
2001-03-03 00:09:07 StandardHost[localhost]: Trying the longest
context path prefix
2001-03-03 00:09:07 StandardHost[localhost]: Mapped to context '/TestDrive'
2001-03-03 00:09:07 showHomeDirectory: init
The realm names in both webapps are identical.
Re: [TC4] HTTP 1.1 client authentication problems STILL
Posted by Jason Harrop <jh...@bigpond.net.au>.
Replying to my own post: main problem fixed by Remy's patches in the
most recent nightly build. I haven't experimented with the SSO stuff
again though.