You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Hua, Gary - Saint Louis, MO - Contractor" <Ga...@usps.gov.INVALID> on 2019/04/16 01:02:22 UTC
RE: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Luis:
Thanks for your input. I put the following into conf/logging.properties and add debug="99" in the Realm definition so I can see more Realm logging information:
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
After the first login attempt in the application TOPS login screen, the URL was redirected to https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check with invalid UID/PW message. Then I entered topsadmin/@88Topstopstops as id/pd and clicked the Login button again, I got the following message in the catalina.out:
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /TOPS-WEB/j_security_check
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint already satisfied
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'topsadmin'
15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:210)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
at com.sun.jndi.ldap.Connection.run(Connection.java:877)
... 1 more
15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'topsadmin' was successful
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Redirecting to original '/TOPS-WEB/'
15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed authenticate() test
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /TOPS-WEB/
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp --> true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET /index.jsp --> false
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> true
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated 'topsadmin' with type 'FORM'
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to restored request
15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling accessControl()
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_INQUIRY
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_ADMIN]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_ADMIN
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_SFO
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_MODELING]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_MODELING
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INQUIRY]
15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INQUIRY
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_EDITOR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_EDITOR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JFK
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JECEWR
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_ORD
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTERNATIONAL
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_LAX
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_MIA
15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed accessControl() test
The error messages on the screen looks like below:
HTTP Status 403 – Forbidden
Type Status Report
Message Access to the requested resource has been denied
Description The server understood the request but refuses to authorize it.
USPS_restricted
Any idea what is that about? Again the Ream definition is:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
connectionName="wasdev2@devsub.dev.dce.usps.gov"
connectionPassword="F0rkedup"
authentication="simple"
referrals="ignore"
userSearch="(sAMAccountName={0})"
userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
userSubtree="true"
roleSearch="(member={0})"
roleName="cn"
roleSubtree="true"
roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
adCompat="true"
/>
Thanks
Gary
-----Original Message-----
From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
Sent: Monday, April 15, 2019 3:47 AM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Hello Gary,
I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search filters ldapsearch can be your friend [2] :)
Hope it helps,
Luis
[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
(<Ga...@usps.gov.invalid>) escribió:
> All:
>
>
>
> Sorry on my previous email I have some graphic contents that can not
> be displayed. Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
> The Tomcat server works fine in my local computer with
> application “TOPS“ in Eclipse. I deployed the TOPS application to our
> DEV web server eagnmnmed1f45 under webapps.
>
>
>
> After I started the Tomcat server (9.0.13) in DEV
> server and entered the TOPS home page URL
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the
> browser, it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
>
>
>
>
>
> *The website cannot display the page*
>
> HTTP 500
>
>
>
> *Most likely causes:*
>
> - The website is under maintenance.
> - The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded
> for module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for
> module ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> n.java:120)
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> n.java:61)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> (AbstractDispatchAction.java:136)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> ctDispatchAction.java:84)
>
> at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> (AbstractTOPSDispatchAction.java:258)
>
> at
> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> Processor.java:419)
>
> at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> a:224)
>
> at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> )
>
> at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:170)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:225)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> Filter.java:125)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> )
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> 4)
>
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> ava:253)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> cationFilterChain.java:191)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> FilterChain.java:47)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:149)
>
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> rChain.java:145)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> lterChain.java:144)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> lve.java:199)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> lve.java:96)
>
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> orBase.java:607)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> va:139)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> va:92)
>
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> sLogValve.java:668)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> e.java:74)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> :343)
>
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> 408)
>
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> t.java:66)
>
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> rotocol.java:791)
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> nt.java:1417)
>
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> .java:49)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> ava:1149)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> java:624)
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> ead.java:61)
>
> at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
>
>
> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”,
> the login screen showed up.
>
> After I entered topsadmin/@88Topstopstops as id/pd and clicked
> Login button on the login screen, I got the following error:
>
>
>
>
>
> *Error*
>
> Error Message: You've entered an invalid Logon ID or Password. Please
> check that your Logon ID and Password are correct and try again.
>
>
>
>
>
>
>
>
>
> I know the topsadmin/@88Topstopstops is the correct id/pd.
>
>
>
> Any idea what happens here? Any input is appreciated. Following is
> the contents of server.xml and LDAP_realm.xml
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <!DOCTYPE server-xml [
>
> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>
> ]>
>
> <!--
>
> Licensed to the Apache Software Foundation (ASF) under one or more
>
> contributor license agreements. See the NOTICE file distributed
> with
>
> this work for additional information regarding copyright ownership.
>
> The ASF licenses this file to You under the Apache License, Version
> 2.0
>
> (the "License"); you may not use this file except in compliance with
>
> the License. You may obtain a copy of the License at
>
>
>
> http://www.apache.org/licenses/LICENSE-2.0
>
>
>
> Unless required by applicable law or agreed to in writing, software
>
> distributed under the License is distributed on an "AS IS" BASIS,
>
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>
> See the License for the specific language governing permissions and
>
> limitations under the License.
>
> -->
>
> <!-- Note: A "Server" is not itself a "Container", so you may not
>
> define subcomponents such as "Valves" at this level.
>
> Documentation at /docs/config/server.html
>
> -->
>
> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>
> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
>
>
>
> <!-- Security listener. Documentation at /docs/config/listeners.html
> -->
>
> <Listener className="org.apache.catalina.security.SecurityListener"
> checkedOsUsers="root" minimumUmask="0007"/>
>
>
>
> <!--APR library loader. Documentation at /docs/apr.html -->
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
> <!-- Prevent memory leaks due to use of particular java/javax
> APIs-->
>
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> />
>
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> " />
>
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
>
>
>
> <!-- Global JNDI resources Documentation at
> /docs/jndi-resources-howto.html -->
>
> <GlobalNamingResources>
>
> <!-- Editable user database that can also be used by
> UserDatabaseRealm to authenticate users -->
>
> <!-- *** Not needed, because we use JNDI Realm *** -->
>
> <!-- <Resource name="UserDatabase" auth="Container"
>
> type="org.apache.catalina.UserDatabase"
>
> description="User database that can be updated and saved"
>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>
> pathname="tomcat-users.xml" />
>
> -->
>
> </GlobalNamingResources>
>
>
>
> <!-- A "Service" is a collection of one or more "Connectors" that
> share
>
> a single "Container" Note: A "Service" is not itself a
> "Container",
>
> so you may not define subcomponents such as "Valves" at this level.
>
> Documentation at /docs/config/service.html
>
> -->
>
> <Service name="Catalina">
>
>
>
> <!--The connectors can use a shared executor, you can define one
> or more named thread pools-->
>
> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/> -->
>
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
>
> and responses are returned. Documentation at :
>
> Java HTTP Connector: /docs/config/http.html (blocking &
> non-blocking)
>
> Java AJP Connector: /docs/config/ajp.html
>
> APR (HTTP/AJP) Connector: /docs/apr.html
>
> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>
> -->
>
> <Connector port="9080"
>
> protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="9443"
>
> maxHttpHeaderSize="8192"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> enableLookups="false" />
>
> <!-- A "Connector" using the shared thread pool-->
>
> <!--
>
> <Connector executor="tomcatThreadPool"
>
> port="9080" protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="9443"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> server="USPS"
>
> enableLookups="false" />
>
> -->
>
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>
> This connector uses the NIO implementation that requires the
> JSSE
>
> style configuration. When using the APR/native
> implementation, the
>
> OpenSSL style configuration is required as described in the
> APR/native
>
> documentation -->
>
> <Connector port="9443"
>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>
> connectionTimeout="60000"
>
> maxThreads="150"
>
> SSLEnabled="true"
>
> scheme="https"
>
> secure="true"
>
> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>
> keystorePass="4bidden!"
>
> clientAuth="want"
>
> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>
> TLS_RSA_WITH_AES_256_CBC_SHA256,
>
> TLS_RSA_WITH_AES_256_GCM_SHA384"
>
> maxHttpHeaderSize="8192"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> server="USPS"
>
> enableLookups="false" />
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <!--
>
> <Connector port="8009" protocol="AJP/1.3"
>
> connectionTimeout="20000"
>
> protocol="AJP/1.3"
>
> redirectPort="9443"
>
> allowTrace="false"
>
> xpoweredBy="false"
>
> enableLookups="false" />
>
> -->
>
>
>
> <!-- An Engine represents the entry point (within Catalina) that
> processes
>
> every request. The Engine implementation for Tomcat stand
> alone
>
> analyzes the HTTP headers included with the request, and
> passes them
>
> on to the appropriate Host (virtual host).
>
> Documentation at /docs/config/engine.html -->
>
>
>
> <!-- You should set jvmRoute to support load-balancing via AJP ie :
>
> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>
> -->
>
> <Engine name="Catalina" defaultHost="localhost">
>
>
>
> <!--For clustering, please take a look at documentation at:
>
> /docs/cluster-howto.html (simple how to)
>
> /docs/config/cluster.html (reference documentation) -->
>
> <!--
>
> <Cluster
> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> -->
>
>
>
> <!-- Use the LockOutRealm to prevent attempts to guess user
> passwords
>
> via a brute-force attack -->
>
> <Realm className="org.apache.catalina.realm.LockOutRealm">
>
>
>
> <!-- This Realm uses the UserDatabase configured in the global
> JNDI
>
> resources under the key "UserDatabase". Any edits
>
> that are performed against this UserDatabase are
> immediately
>
> available for use by the Realm. -->
>
> <!--
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>
> resourceName="UserDatabase"/>
>
> -->
>
> &LDAP_realm;
>
> </Realm>
>
>
>
> <Host name="localhost"
>
> appBase="webapps"
>
> unpackWARs="true"
>
> deployOnStartup="false"
>
> autoDeploy="false">
>
>
>
> <Context path=""
>
> docBase="/opt/TomCat/tomcat/webapps/ROOT"
>
> debug="0"
>
> privileged="true">
>
> </Context>
>
>
>
> <Context path="/TOPS-WEB"
>
> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>
> debug="0"
>
> privileged="true">
>
> <Resource name="jdbc/TOPSDB"
>
> auth="Container"
>
> type="javax.sql.DataSource"
>
> driverClassName="oracle.jdbc.OracleDriver"
>
> inactiveConnectionTimeout="120"
>
> maxPoolSize="20"
>
> minPoolSize="1"
>
> password="g3td0wn"
>
> url="jdbc:oracle:thin:@
> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>
>
> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> dtops.usps.gov)))"
>
> username="TOPS_ADMIN"
>
> validateConnectionOnBorrow="true"/>
>
> </Context>
>
>
>
> <!-- SingleSignOn valve, share authentication between web applications
>
> Documentation at: /docs/config/valve.html -->
>
> <!--
>
> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
>
> -->
>
>
>
> <!-- Access log processes all example.
>
> Documentation at: /docs/config/valve.html
>
> Note: The pattern used is equivalent to using
> pattern="common" -->
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>
> prefix="localhost_access_log" suffix=".txt"
>
> pattern="%h %l %u %t "%r" %s %b" />
>
>
>
> </Host>
>
> </Engine>
>
> </Service>
>
> </Server>
>
>
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
>
> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>
> connectionName="wasdev2@devsub.dev.dce.usps.gov"
>
> connectionPassword="F0rkedup"
>
> authentication="simple"
>
> referrals="ignore"
>
> userSearch="(sAMAccountName={0})"
>
> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
> userSubtree="true"
>
> roleSearch="(member={0})"
>
> roleName="cn"
>
> roleSubtree="true"
>
> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>
> adCompat="true"
>
> />
>
>
>
>
>
> Thanks
>
> Gary
>
>
>
>
>
>
>
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Posted by Luis Rodríguez Fernández <uo...@gmail.com>.
Hello Gary,
Your user, topsadmin is has the role NAT_TOPS_ADMIN, see [1], however the
application is looking for another bunch of roles like
TOPS_INTL_FIELD_USER_MIA, TOPS_MODELING, etc... I suggest you to check your
user membership [2] and try with the roleNested=true in your configuration
[3]
Hope it helps,
Luis
[1] Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
[2] https://stackoverflow.com/questions/6195812/ldap-nested-group-membership
[3] https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm &
https://tomcat.apache.org/tomcat-9.0-doc/config/realm.html
El mar., 16 abr. 2019 a las 9:03, Peter@Kreuser-Online (<lo...@kreuser.name>)
escribió:
> Hi Gary,
>
> see way below inline...
>
> > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor
> <Ga...@usps.gov.invalid>:
> >
> > Luis:
> >
> > Thanks for your input. I put the following into
> conf/logging.properties and add debug="99" in the Realm definition so I
> can see more Realm logging information:
> >
> > org.apache.catalina.realm.level = ALL
> > org.apache.catalina.realm.useParentHandlers = true
> > org.apache.catalina.authenticator.level = ALL
> > org.apache.catalina.authenticator.useParentHandlers = true
> >
> >
> > After the first login attempt in the application TOPS login screen,
> the URL was redirected to
> https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check with invalid UID/PW
> message. Then I entered topsadmin/@88Topstopstops as id/pd and clicked
> the Login button again, I got the following message in the catalina.out:
> >
> >
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request POST /TOPS-WEB/j_security_check
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Entire Application]' against POST
> /j_security_check --> true
> > 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> POST /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[SecuredResource]' against POST
> /j_security_check --> false
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission User data
> constraint already satisfied
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> authenticate()
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authenticating username 'topsadmin'
> > 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Attempting to
> authenticate user [topsadmin] with realm
> [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.JNDIRealm.authenticate Exception performing
> authentication. Retrying...
> > javax.naming.CommunicationException: Connection reset [Root exception is
> java.net.SocketException: Connection reset];
> ^^^^^^^^^^^^
> That may be the reason!?
> It cannot connect and everything following is just bad error handling?
>
> > remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
> > at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
> > at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> > at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> > at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> > at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> > at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> > at
> org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
> > at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
> > at
> org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
> > at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
> > at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
> > at
> org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
> > at
> org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
> > at
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
> > at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
> > at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> > at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> > at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> > at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> > at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> > at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> > at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> > at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
> > at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> > at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> > at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> > at java.lang.Thread.run(Thread.java:748)
> > Caused by: java.net.SocketException: Connection reset
> > at java.net.SocketInputStream.read(SocketInputStream.java:210)
> > at java.net.SocketInputStream.read(SocketInputStream.java:141)
> > at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> > at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> > at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
> > at
> sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
> > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> > at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> > at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> > at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> > at com.sun.jndi.ldap.Connection.run(Connection.java:877)
> > ... 1 more
> >
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user
> [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> > 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Authentication of 'topsadmin' was successful
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate
> Redirecting to original '/TOPS-WEB/'
> > 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed
> authenticate() test
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Security
> checking request GET /TOPS-WEB/
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp
> --> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against
> GET /index.jsp --> false
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
> constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp -->
> true
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> hasUserDataPermission()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasUserDataPermission User data
> constraint has no restrictions
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> authenticate()
> > 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore
> request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated
> 'topsadmin' with type 'FORM'
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.register Session ID
> changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to
> [811799F279932B4B67D44931980994A7]
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed
> to restored request
> > 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
> accessControl()
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles
> GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_INQUIRY
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_ADMIN]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_ADMIN
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_SFO]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_SFO
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_MODELING]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_MODELING
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INQUIRY]
> > 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INQUIRY
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_EDITOR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_EDITOR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JFK]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JFK
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_JECEWR]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JECEWR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_ORD]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_ORD
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTERNATIONAL]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTERNATIONAL
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_LAX]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_LAX
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_MIA]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_MIA
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed
> accessControl() test
> >
> >
> >
> > The error messages on the screen looks like below:
> >
> > HTTP Status 403 – Forbidden
> >
> > Type Status Report
> >
> > Message Access to the requested resource has been denied
> >
> > Description The server understood the request but refuses to authorize
> it.
> >
> > USPS_restricted
> >
> >
> >
> >
> >
> >
> > Any idea what is that about? Again the Ream definition is:
> >
> > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> > connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> > connectionName="wasdev2@devsub.dev.dce.usps.gov"
> > connectionPassword="F0rkedup"
> > authentication="simple"
> > referrals="ignore"
> > userSearch="(sAMAccountName={0})"
> > userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> > userSubtree="true"
> > roleSearch="(member={0})"
> > roleName="cn"
> > roleSubtree="true"
> > roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> > adCompat="true"
> > />
> >
> >
> >
> > Thanks
> > Gary
> >
> >
>
> Peter
>
> PS: you should redact sensitive data from your mails. At least change
> passwords now... google is NOT your friend in this case...
>
> > -----Original Message-----
> > From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
> > Sent: Monday, April 15, 2019 3:47 AM
> > To: Tomcat Users List <us...@tomcat.apache.org>
> > Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
> >
> > Hello Gary,
> >
> > I would recommend you to add some debug to your JNDIReam [1]. For
> debugging your ldap search filters ldapsearch can be your friend [2] :)
> >
> > Hope it helps,
> >
> > Luis
> >
> > [1]
> >
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> > [2]
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
> >
> >
> >
> >
> >
> >
> >
> > El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO -
> Contractor
> > (<Ga...@usps.gov.invalid>) escribió:
> >
> >> All:
> >>
> >>
> >>
> >> Sorry on my previous email I have some graphic contents that can not
> >> be displayed. Now I change it to texts so you can see them
> >>
> >>
> >>
> >> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> >> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
> >> *Sent:* Thursday, April 11, 2019 4:29 PM
> >> *To:* users@tomcat.apache.org
> >> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
> >>
> >>
> >>
> >> Tomcat Experts:
> >>
> >>
> >>
> >> The Tomcat server works fine in my local computer with
> >> application “TOPS“ in Eclipse. I deployed the TOPS application to our
> >> DEV web server eagnmnmed1f45 under webapps.
> >>
> >>
> >>
> >> After I started the Tomcat server (9.0.13) in DEV
> >> server and entered the TOPS home page URL
> >> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> >> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in
> the
> >> browser, it was re-directed to
> >> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
> >>
> >>
> >>
> >>
> >>
> >> *The website cannot display the page*
> >>
> >> HTTP 500
> >>
> >>
> >>
> >> *Most likely causes:*
> >>
> >> - The website is under maintenance.
> >> - The website has a programming error.
> >>
> >>
> >>
> >> *What you can try:*
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Refresh the page.Refresh the page.
> >>
> >>
> >>
> >> [image: res://\\ieframe.dll/bullet.png]
> >>
> >> Go back to the previous page.Go back to the previous page.
> >>
> >>
> >>
> >> [image: More information]
> >>
> >> More information
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> >> catalina.out
> >>
> >> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> >> configuration [LegDistanceImpl]; using defaults.
> >>
> >> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> >> binding factory to JNDI, no JNDI name configured
> >>
> >> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
> >> Response buffering is enabled
> >>
> >> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded
> >> for module ''.
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> >> file from '/WEB-INF/validator-rules.xml'
> >>
> >> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
> >> file from '/WEB-INF/validation.xml'
> >>
> >> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for
> >> module ''. The factory found is from module ''. No new creation.
> >>
> >> 05-Apr-2019 11:18:01.913 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["http-nio-9080"]
> >>
> >> 05-Apr-2019 11:18:01.928 INFO [main]
> >> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> >> ["https-jsse-nio-9443"]
> >>
> >> 05-Apr-2019 11:18:01.932 INFO [main]
> >> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
> >>
> >> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
> >> Tiles definition factory found for request processor ''.
> >>
> >> Error connecting to LDAP server.
> >>
> >> java.lang.NullPointerException
> >>
> >> at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
> >> n.java:120)
> >>
> >> at
> >> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
> >> n.java:61)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
> >> (AbstractDispatchAction.java:136)
> >>
> >> at
> >> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
> >> ctDispatchAction.java:84)
> >>
> >> at
> >> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
> >> (AbstractTOPSDispatchAction.java:258)
> >>
> >> at
> >> org.apache.struts.action.RequestProcessor.processActionPerform(Request
> >> Processor.java:419)
> >>
> >> at
> >> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
> >> a:224)
> >>
> >> at
> >> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
> >> )
> >>
> >> at
> >> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
> >>
> >> at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> >>
> >> at
> >> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:170)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:225)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
> >> Filter.java:125)
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
> >> )
> >>
> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>
> >> at
> >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> >> ava:62)
> >>
> >> at
> >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> >> orImpl.java:43)
> >>
> >> at java.lang.reflect.Method.invoke(Method.java:498)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
> >> 4)
> >>
> >> at
> >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
> >> ava:253)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
> >> cationFilterChain.java:191)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
> >> FilterChain.java:47)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:149)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
> >> rChain.java:145)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
> >> lterChain.java:144)
> >>
> >> at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
> >> lve.java:199)
> >>
> >> at
> >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
> >> lve.java:96)
> >>
> >> at
> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
> >> orBase.java:607)
> >>
> >> at
> >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
> >> va:139)
> >>
> >> at
> >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
> >> va:92)
> >>
> >> at
> >> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
> >> sLogValve.java:668)
> >>
> >> at
> >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
> >> e.java:74)
> >>
> >> at
> >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> >> :343)
> >>
> >> at
> >> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
> >> 408)
> >>
> >> at
> >> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
> >> t.java:66)
> >>
> >> at
> >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
> >> rotocol.java:791)
> >>
> >> at
> >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
> >> nt.java:1417)
> >>
> >> at
> >> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
> >> .java:49)
> >>
> >> at
> >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
> >> ava:1149)
> >>
> >> at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
> >> java:624)
> >>
> >> at
> >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
> >> ead.java:61)
> >>
> >> at java.lang.Thread.run(Thread.java:748)
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”,
> >> the login screen showed up.
> >>
> >> After I entered topsadmin/@88Topstopstops as id/pd and clicked
> >> Login button on the login screen, I got the following error:
> >>
> >>
> >>
> >>
> >>
> >> *Error*
> >>
> >> Error Message: You've entered an invalid Logon ID or Password. Please
> >> check that your Logon ID and Password are correct and try again.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> I know the topsadmin/@88Topstopstops is the correct id/pd.
> >>
> >>
> >>
> >> Any idea what happens here? Any input is appreciated. Following is
> >> the contents of server.xml and LDAP_realm.xml
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
> >>
> >> <?xml version='1.0' encoding='utf-8'?>
> >>
> >> <!DOCTYPE server-xml [
> >>
> >> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
> >>
> >> ]>
> >>
> >> <!--
> >>
> >> Licensed to the Apache Software Foundation (ASF) under one or more
> >>
> >> contributor license agreements. See the NOTICE file distributed
> >> with
> >>
> >> this work for additional information regarding copyright ownership.
> >>
> >> The ASF licenses this file to You under the Apache License, Version
> >> 2.0
> >>
> >> (the "License"); you may not use this file except in compliance with
> >>
> >> the License. You may obtain a copy of the License at
> >>
> >>
> >>
> >> http://www.apache.org/licenses/LICENSE-2.0
> >>
> >>
> >>
> >> Unless required by applicable law or agreed to in writing, software
> >>
> >> distributed under the License is distributed on an "AS IS" BASIS,
> >>
> >> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> >>
> >> See the License for the specific language governing permissions and
> >>
> >> limitations under the License.
> >>
> >> -->
> >>
> >> <!-- Note: A "Server" is not itself a "Container", so you may not
> >>
> >> define subcomponents such as "Valves" at this level.
> >>
> >> Documentation at /docs/config/server.html
> >>
> >> -->
> >>
> >> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
> >>
> >> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> >> />
> >>
> >>
> >>
> >> <!-- Security listener. Documentation at /docs/config/listeners.html
> >> -->
> >>
> >> <Listener className="org.apache.catalina.security.SecurityListener"
> >> checkedOsUsers="root" minimumUmask="0007"/>
> >>
> >>
> >>
> >> <!--APR library loader. Documentation at /docs/apr.html -->
> >>
> >> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> >> SSLEngine="on" />
> >>
> >> <!-- Prevent memory leaks due to use of particular java/javax
> >> APIs-->
> >>
> >> <Listener
> >> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
> >> />
> >>
> >> <Listener
> >> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
> >> " />
> >>
> >> <Listener
> >> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> >> />
> >>
> >>
> >>
> >> <!-- Global JNDI resources Documentation at
> >> /docs/jndi-resources-howto.html -->
> >>
> >> <GlobalNamingResources>
> >>
> >> <!-- Editable user database that can also be used by
> >> UserDatabaseRealm to authenticate users -->
> >>
> >> <!-- *** Not needed, because we use JNDI Realm *** -->
> >>
> >> <!-- <Resource name="UserDatabase" auth="Container"
> >>
> >> type="org.apache.catalina.UserDatabase"
> >>
> >> description="User database that can be updated and saved"
> >>
> >>
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >>
> >> pathname="tomcat-users.xml" />
> >>
> >> -->
> >>
> >> </GlobalNamingResources>
> >>
> >>
> >>
> >> <!-- A "Service" is a collection of one or more "Connectors" that
> >> share
> >>
> >> a single "Container" Note: A "Service" is not itself a
> >> "Container",
> >>
> >> so you may not define subcomponents such as "Valves" at this
> level.
> >>
> >> Documentation at /docs/config/service.html
> >>
> >> -->
> >>
> >> <Service name="Catalina">
> >>
> >>
> >>
> >> <!--The connectors can use a shared executor, you can define one
> >> or more named thread pools-->
> >>
> >> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> >> maxThreads="150" minSpareThreads="4"/> -->
> >>
> >>
> >>
> >> <!-- A "Connector" represents an endpoint by which requests are
> >> received
> >>
> >> and responses are returned. Documentation at :
> >>
> >> Java HTTP Connector: /docs/config/http.html (blocking &
> >> non-blocking)
> >>
> >> Java AJP Connector: /docs/config/ajp.html
> >>
> >> APR (HTTP/AJP) Connector: /docs/apr.html
> >>
> >> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
> >>
> >> -->
> >>
> >> <Connector port="9080"
> >>
> >> protocol="HTTP/1.1"
> >>
> >> connectionTimeout="20000"
> >>
> >> redirectPort="9443"
> >>
> >> maxHttpHeaderSize="8192"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> enableLookups="false" />
> >>
> >> <!-- A "Connector" using the shared thread pool-->
> >>
> >> <!--
> >>
> >> <Connector executor="tomcatThreadPool"
> >>
> >> port="9080" protocol="HTTP/1.1"
> >>
> >> connectionTimeout="20000"
> >>
> >> redirectPort="9443"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> server="USPS"
> >>
> >> enableLookups="false" />
> >>
> >> -->
> >>
> >> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
> >>
> >> This connector uses the NIO implementation that requires the
> >> JSSE
> >>
> >> style configuration. When using the APR/native
> >> implementation, the
> >>
> >> OpenSSL style configuration is required as described in the
> >> APR/native
> >>
> >> documentation -->
> >>
> >> <Connector port="9443"
> >>
> >> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>
> >> connectionTimeout="60000"
> >>
> >> maxThreads="150"
> >>
> >> SSLEnabled="true"
> >>
> >> scheme="https"
> >>
> >> secure="true"
> >>
> >> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
> >>
> >>
> keystorePass="4bidden!"
> >>
> >> clientAuth="want"
> >>
> >> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> >>
> >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> >>
> >> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> >>
> >> TLS_RSA_WITH_AES_256_CBC_SHA256,
> >>
> >> TLS_RSA_WITH_AES_256_GCM_SHA384"
> >>
> >> maxHttpHeaderSize="8192"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> server="USPS"
> >>
> >> enableLookups="false" />
> >>
> >>
> >>
> >> <!-- Define an AJP 1.3 Connector on port 8009 -->
> >>
> >> <!--
> >>
> >> <Connector port="8009" protocol="AJP/1.3"
> >>
> >> connectionTimeout="20000"
> >>
> >> protocol="AJP/1.3"
> >>
> >> redirectPort="9443"
> >>
> >> allowTrace="false"
> >>
> >> xpoweredBy="false"
> >>
> >> enableLookups="false" />
> >>
> >> -->
> >>
> >>
> >>
> >> <!-- An Engine represents the entry point (within Catalina) that
> >> processes
> >>
> >> every request. The Engine implementation for Tomcat stand
> >> alone
> >>
> >> analyzes the HTTP headers included with the request, and
> >> passes them
> >>
> >> on to the appropriate Host (virtual host).
> >>
> >> Documentation at /docs/config/engine.html -->
> >>
> >>
> >>
> >> <!-- You should set jvmRoute to support load-balancing via AJP ie :
> >>
> >> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
> >>
> >> -->
> >>
> >> <Engine name="Catalina" defaultHost="localhost">
> >>
> >>
> >>
> >> <!--For clustering, please take a look at documentation at:
> >>
> >> /docs/cluster-howto.html (simple how to)
> >>
> >> /docs/config/cluster.html (reference documentation) -->
> >>
> >> <!--
> >>
> >> <Cluster
> >> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
> >> -->
> >>
> >>
> >>
> >> <!-- Use the LockOutRealm to prevent attempts to guess user
> >> passwords
> >>
> >> via a brute-force attack -->
> >>
> >> <Realm className="org.apache.catalina.realm.LockOutRealm">
> >>
> >>
> >>
> >> <!-- This Realm uses the UserDatabase configured in the global
> >> JNDI
> >>
> >> resources under the key "UserDatabase". Any edits
> >>
> >> that are performed against this UserDatabase are
> >> immediately
> >>
> >> available for use by the Realm. -->
> >>
> >> <!--
> >>
> >> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> >>
> >> resourceName="UserDatabase"/>
> >>
> >> -->
> >>
> >> &LDAP_realm;
> >>
> >> </Realm>
> >>
> >>
> >>
> >> <Host name="localhost"
> >>
> >> appBase="webapps"
> >>
> >> unpackWARs="true"
> >>
> >> deployOnStartup="false"
> >>
> >> autoDeploy="false">
> >>
> >>
> >>
> >> <Context path=""
> >>
> >> docBase="/opt/TomCat/tomcat/webapps/ROOT"
> >>
> >> debug="0"
> >>
> >> privileged="true">
> >>
> >> </Context>
> >>
> >>
> >>
> >> <Context path="/TOPS-WEB"
> >>
> >> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
> >>
> >> debug="0"
> >>
> >> privileged="true">
> >>
> >> <Resource name="jdbc/TOPSDB"
> >>
> >> auth="Container"
> >>
> >> type="javax.sql.DataSource"
> >>
> >> driverClassName="oracle.jdbc.OracleDriver"
> >>
> >> inactiveConnectionTimeout="120"
> >>
> >> maxPoolSize="20"
> >>
> >> minPoolSize="1"
> >>
> >> password="g3td0wn"
> >>
> >> url="jdbc:oracle:thin:@
> >> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
> >> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
> >>
> >>
> >> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
> >> 1521)))(CONNECT_DATA=(SERVICE_NAME=
> >> dtops.usps.gov)))"
> >>
> >> username="TOPS_ADMIN"
> >>
> >> validateConnectionOnBorrow="true"/>
> >>
> >> </Context>
> >>
> >>
> >>
> >> <!-- SingleSignOn valve, share authentication between web applications
> >>
> >> Documentation at: /docs/config/valve.html -->
> >>
> >> <!--
> >>
> >> <Valve
> className="org.apache.catalina.authenticator.SingleSignOn"
> >> />
> >>
> >> -->
> >>
> >>
> >>
> >> <!-- Access log processes all example.
> >>
> >> Documentation at: /docs/config/valve.html
> >>
> >> Note: The pattern used is equivalent to using
> >> pattern="common" -->
> >>
> >> <Valve className="org.apache.catalina.valves.AccessLogValve"
> >> directory="logs"
> >>
> >> prefix="localhost_access_log" suffix=".txt"
> >>
> >> pattern="%h %l %u %t "%r" %s %b" />
> >>
> >>
> >>
> >> </Host>
> >>
> >> </Engine>
> >>
> >> </Service>
> >>
> >> </Server>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
> >>
> >> <Realm className="org.apache.catalina.realm.JNDIRealm"
> >>
> >> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >>
> >> connectionName="wasdev2@devsub.dev.dce.usps.gov"
> >>
> >> connectionPassword="F0rkedup"
> >>
> >> authentication="simple"
> >>
> >> referrals="ignore"
> >>
> >> userSearch="(sAMAccountName={0})"
> >>
> >> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >> userSubtree="true"
> >>
> >> roleSearch="(member={0})"
> >>
> >> roleName="cn"
> >>
> >> roleSubtree="true"
> >>
> >> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >>
> >> adCompat="true"
> >>
> >> />
> >>
> >>
> >>
> >>
> >>
> >> Thanks
> >>
> >> Gary
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
Posted by "Peter@Kreuser-Online" <lo...@kreuser.name>.
Hi Gary,
see way below inline...
> Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor <Ga...@usps.gov.invalid>:
>
> Luis:
>
> Thanks for your input. I put the following into conf/logging.properties and add debug="99" in the Realm definition so I can see more Realm logging information:
>
> org.apache.catalina.realm.level = ALL
> org.apache.catalina.realm.useParentHandlers = true
> org.apache.catalina.authenticator.level = ALL
> org.apache.catalina.authenticator.useParentHandlers = true
>
>
> After the first login attempt in the application TOPS login screen, the URL was redirected to https://eagnmnmed1f45:9443/TOPS-WEB/j_security_check with invalid UID/PW message. Then I entered topsadmin/@88Topstopstops as id/pd and clicked the Login button again, I got the following message in the catalina.out:
>
>
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request POST /TOPS-WEB/j_security_check
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against POST /j_security_check --> true
> 15-Apr-2019 17:08:17.690 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against POST /j_security_check --> false
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint already satisfied
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authenticating username 'topsadmin'
> 15-Apr-2019 17:08:17.691 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> 15-Apr-2019 17:08:17.694 INFO [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
> javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset];
^^^^^^^^^^^^
That may be the reason!?
It cannot connect and everything following is just bad error handling?
> remaining name 'DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov'
> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2002)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1675)
> at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1510)
> at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1458)
> at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1403)
> at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1285)
> at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:188)
> at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:153)
> at org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate(FormAuthenticator.java:264)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:572)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.net.SocketException: Connection reset
> at java.net.SocketInputStream.read(SocketInputStream.java:210)
> at java.net.SocketInputStream.read(SocketInputStream.java:141)
> at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933)
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> at com.sun.jndi.ldap.Connection.run(Connection.java:877)
> ... 1 more
>
> 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user [topsadmin] with realm [org.apache.catalina.realm.JNDIRealm]
> 15-Apr-2019 17:08:17.727 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Authentication of 'topsadmin' was successful
> 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Redirecting to original '/TOPS-WEB/'
> 15-Apr-2019 17:08:17.728 FINE [https-jsse-nio-9443-exec-7] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed authenticate() test
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking request GET /TOPS-WEB/
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Entire Application]' against GET /index.jsp --> true
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[Secure area's for TOPS_ADMIN user]' against GET /index.jsp --> false
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking constraint 'SecurityConstraint[SecuredResource]' against GET /index.jsp --> true
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling hasUserDataPermission()
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasUserDataPermission User data constraint has no restrictions
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling authenticate()
> 15-Apr-2019 17:08:17.765 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Restore request from session '9F9F67A0434576D7C0FD0BB63C15F567'
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated 'topsadmin' with type 'FORM'
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.register Session ID changed on authentication from [9F9F67A0434576D7C0FD0BB63C15F567] to [811799F279932B4B67D44931980994A7]
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.FormAuthenticator.doAuthenticate Proceed to restored request
> 15-Apr-2019 17:08:17.766 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling accessControl()
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles GenericPrincipal[topsadmin(NAT_TOPS_ADMIN,)]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_INQUIRY]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_INQUIRY
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_ADMIN]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_ADMIN
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_SFO]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_SFO
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_MODELING]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_MODELING
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INQUIRY]
> 15-Apr-2019 17:08:17.767 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INQUIRY
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_EDITOR]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_EDITOR
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JFK]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JFK
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_JECEWR]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_JECEWR
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_ORD]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_ORD
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTERNATIONAL]
> 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTERNATIONAL
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_LAX]
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_LAX
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT have role [TOPS_INTL_FIELD_USER_MIA]
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.realm.RealmBase.hasResourcePermission No role found: TOPS_INTL_FIELD_USER_MIA
> 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed accessControl() test
>
>
>
> The error messages on the screen looks like below:
>
> HTTP Status 403 – Forbidden
>
> Type Status Report
>
> Message Access to the requested resource has been denied
>
> Description The server understood the request but refuses to authorize it.
>
> USPS_restricted
>
>
>
>
>
>
> Any idea what is that about? Again the Ream definition is:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> connectionName="wasdev2@devsub.dev.dce.usps.gov"
> connectionPassword="F0rkedup"
> authentication="simple"
> referrals="ignore"
> userSearch="(sAMAccountName={0})"
> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> userSubtree="true"
> roleSearch="(member={0})"
> roleName="cn"
> roleSubtree="true"
> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> adCompat="true"
> />
>
>
>
> Thanks
> Gary
>
>
Peter
PS: you should redact sensitive data from your mails. At least change passwords now... google is NOT your friend in this case...
> -----Original Message-----
> From: Luis Rodríguez Fernández [mailto:uo67113@gmail.com]
> Sent: Monday, April 15, 2019 3:47 AM
> To: Tomcat Users List <us...@tomcat.apache.org>
> Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
>
> Hello Gary,
>
> I would recommend you to add some debug to your JNDIReam [1]. For debugging your ldap search filters ldapsearch can be your friend [2] :)
>
> Hope it helps,
>
> Luis
>
> [1]
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> [2]
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
>
>
>
>
>
>
>
> El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
> (<Ga...@usps.gov.invalid>) escribió:
>
>> All:
>>
>>
>>
>> Sorry on my previous email I have some graphic contents that can not
>> be displayed. Now I change it to texts so you can see them
>>
>>
>>
>> *From:* Hua, Gary - Saint Louis, MO - Contractor [
>> mailto:Gang.Hua@usps.gov.INVALID <Ga...@usps.gov.INVALID>]
>> *Sent:* Thursday, April 11, 2019 4:29 PM
>> *To:* users@tomcat.apache.org
>> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>>
>>
>>
>> Tomcat Experts:
>>
>>
>>
>> The Tomcat server works fine in my local computer with
>> application “TOPS“ in Eclipse. I deployed the TOPS application to our
>> DEV web server eagnmnmed1f45 under webapps.
>>
>>
>>
>> After I started the Tomcat server (9.0.13) in DEV
>> server and entered the TOPS home page URL
>> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
>> http://localhost:8080/TOPS-WEB/Welcome.do in my local computer) in the
>> browser, it was re-directed to
>> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do. and following error:
>>
>>
>>
>>
>>
>> *The website cannot display the page*
>>
>> HTTP 500
>>
>>
>>
>> *Most likely causes:*
>>
>> - The website is under maintenance.
>> - The website has a programming error.
>>
>>
>>
>> *What you can try:*
>>
>>
>>
>> [image: res://\\ieframe.dll/bullet.png]
>>
>> Refresh the page.Refresh the page.
>>
>>
>>
>> [image: res://\\ieframe.dll/bullet.png]
>>
>> Go back to the previous page.Go back to the previous page.
>>
>>
>>
>> [image: More information]
>>
>> More information
>>
>>
>>
>>
>>
>> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
>> catalina.out
>>
>> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
>> configuration [LegDistanceImpl]; using defaults.
>>
>> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
>> binding factory to JNDI, no JNDI name configured
>>
>> 0 [main] INFO filter.ResponseOverrideFilter - Filter initialized.
>> Response buffering is enabled
>>
>> 1648 [main] INFO tiles.TilesPlugin - Tiles definition factory loaded
>> for module ''.
>>
>> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
>> file from '/WEB-INF/validator-rules.xml'
>>
>> 1652 [main] INFO validator.ValidatorPlugIn - Loading validation rules
>> file from '/WEB-INF/validation.xml'
>>
>> 1738 [main] INFO tiles.TilesPlugin - Factory already exists for
>> module ''. The factory found is from module ''. No new creation.
>>
>> 05-Apr-2019 11:18:01.913 INFO [main]
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
>> ["http-nio-9080"]
>>
>> 05-Apr-2019 11:18:01.928 INFO [main]
>> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
>> ["https-jsse-nio-9443"]
>>
>> 05-Apr-2019 11:18:01.932 INFO [main]
>> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>>
>> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor -
>> Tiles definition factory found for request processor ''.
>>
>> Error connecting to LDAP server.
>>
>> java.lang.NullPointerException
>>
>> at
>> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeActio
>> n.java:120)
>>
>> at
>> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeActio
>> n.java:61)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod
>> (AbstractDispatchAction.java:136)
>>
>> at
>> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(Abstra
>> ctDispatchAction.java:84)
>>
>> at
>> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute
>> (AbstractTOPSDispatchAction.java:258)
>>
>> at
>> org.apache.struts.action.RequestProcessor.processActionPerform(Request
>> Processor.java:419)
>>
>> at
>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.jav
>> a:224)
>>
>> at
>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194
>> )
>>
>> at
>> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>>
>> at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>>
>> at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:170)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:225)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverride
>> Filter.java:125)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> com.usps.nom.tops.web.TOPSDebugFilter.doFilter(TOPSDebugFilter.java:49
>> )
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:62)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
>>
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:31
>> 4)
>>
>> at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.j
>> ava:253)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli
>> cationFilterChain.java:191)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(Application
>> FilterChain.java:47)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:149)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte
>> rChain.java:145)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi
>> lterChain.java:144)
>>
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa
>> lve.java:199)
>>
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa
>> lve.java:96)
>>
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticat
>> orBase.java:607)
>>
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja
>> va:139)
>>
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
>> va:92)
>>
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcces
>> sLogValve.java:668)
>>
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv
>> e.java:74)
>>
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
>> :343)
>>
>> at
>> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:
>> 408)
>>
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLigh
>> t.java:66)
>>
>> at
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractP
>> rotocol.java:791)
>>
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoi
>> nt.java:1417)
>>
>> at
>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase
>> .java:49)
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j
>> ava:1149)
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.
>> java:624)
>>
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
>> ead.java:61)
>>
>> at java.lang.Thread.run(Thread.java:748)
>>
>>
>>
>>
>>
>>
>>
>> If I only entered “http://eagnmnmed1f45:9080/TOPS-WEB/”,
>> the login screen showed up.
>>
>> After I entered topsadmin/@88Topstopstops as id/pd and clicked
>> Login button on the login screen, I got the following error:
>>
>>
>>
>>
>>
>> *Error*
>>
>> Error Message: You've entered an invalid Logon ID or Password. Please
>> check that your Logon ID and Password are correct and try again.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> I know the topsadmin/@88Topstopstops is the correct id/pd.
>>
>>
>>
>> Any idea what happens here? Any input is appreciated. Following is
>> the contents of server.xml and LDAP_realm.xml
>>
>>
>>
>>
>>
>> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more server.xml
>>
>> <?xml version='1.0' encoding='utf-8'?>
>>
>> <!DOCTYPE server-xml [
>>
>> <!ENTITY LDAP_realm SYSTEM "LDAP_realm.xml">
>>
>> ]>
>>
>> <!--
>>
>> Licensed to the Apache Software Foundation (ASF) under one or more
>>
>> contributor license agreements. See the NOTICE file distributed
>> with
>>
>> this work for additional information regarding copyright ownership.
>>
>> The ASF licenses this file to You under the Apache License, Version
>> 2.0
>>
>> (the "License"); you may not use this file except in compliance with
>>
>> the License. You may obtain a copy of the License at
>>
>>
>>
>> http://www.apache.org/licenses/LICENSE-2.0
>>
>>
>>
>> Unless required by applicable law or agreed to in writing, software
>>
>> distributed under the License is distributed on an "AS IS" BASIS,
>>
>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>>
>> See the License for the specific language governing permissions and
>>
>> limitations under the License.
>>
>> -->
>>
>> <!-- Note: A "Server" is not itself a "Container", so you may not
>>
>> define subcomponents such as "Valves" at this level.
>>
>> Documentation at /docs/config/server.html
>>
>> -->
>>
>> <Server port="-1" shutdown="j55Rn3Q5wUrs9CtFlbXz">
>>
>> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
>> />
>>
>>
>>
>> <!-- Security listener. Documentation at /docs/config/listeners.html
>> -->
>>
>> <Listener className="org.apache.catalina.security.SecurityListener"
>> checkedOsUsers="root" minimumUmask="0007"/>
>>
>>
>>
>> <!--APR library loader. Documentation at /docs/apr.html -->
>>
>> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> SSLEngine="on" />
>>
>> <!-- Prevent memory leaks due to use of particular java/javax
>> APIs-->
>>
>> <Listener
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
>> />
>>
>> <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
>> " />
>>
>> <Listener
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
>> />
>>
>>
>>
>> <!-- Global JNDI resources Documentation at
>> /docs/jndi-resources-howto.html -->
>>
>> <GlobalNamingResources>
>>
>> <!-- Editable user database that can also be used by
>> UserDatabaseRealm to authenticate users -->
>>
>> <!-- *** Not needed, because we use JNDI Realm *** -->
>>
>> <!-- <Resource name="UserDatabase" auth="Container"
>>
>> type="org.apache.catalina.UserDatabase"
>>
>> description="User database that can be updated and saved"
>>
>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>>
>> pathname="tomcat-users.xml" />
>>
>> -->
>>
>> </GlobalNamingResources>
>>
>>
>>
>> <!-- A "Service" is a collection of one or more "Connectors" that
>> share
>>
>> a single "Container" Note: A "Service" is not itself a
>> "Container",
>>
>> so you may not define subcomponents such as "Valves" at this level.
>>
>> Documentation at /docs/config/service.html
>>
>> -->
>>
>> <Service name="Catalina">
>>
>>
>>
>> <!--The connectors can use a shared executor, you can define one
>> or more named thread pools-->
>>
>> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>> maxThreads="150" minSpareThreads="4"/> -->
>>
>>
>>
>> <!-- A "Connector" represents an endpoint by which requests are
>> received
>>
>> and responses are returned. Documentation at :
>>
>> Java HTTP Connector: /docs/config/http.html (blocking &
>> non-blocking)
>>
>> Java AJP Connector: /docs/config/ajp.html
>>
>> APR (HTTP/AJP) Connector: /docs/apr.html
>>
>> Define a non-SSL/TLS HTTP/1.1 Connector on port 9080
>>
>> -->
>>
>> <Connector port="9080"
>>
>> protocol="HTTP/1.1"
>>
>> connectionTimeout="20000"
>>
>> redirectPort="9443"
>>
>> maxHttpHeaderSize="8192"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> enableLookups="false" />
>>
>> <!-- A "Connector" using the shared thread pool-->
>>
>> <!--
>>
>> <Connector executor="tomcatThreadPool"
>>
>> port="9080" protocol="HTTP/1.1"
>>
>> connectionTimeout="20000"
>>
>> redirectPort="9443"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> server="USPS"
>>
>> enableLookups="false" />
>>
>> -->
>>
>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 9443
>>
>> This connector uses the NIO implementation that requires the
>> JSSE
>>
>> style configuration. When using the APR/native
>> implementation, the
>>
>> OpenSSL style configuration is required as described in the
>> APR/native
>>
>> documentation -->
>>
>> <Connector port="9443"
>>
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>
>> connectionTimeout="60000"
>>
>> maxThreads="150"
>>
>> SSLEnabled="true"
>>
>> scheme="https"
>>
>> secure="true"
>>
>> keystoreFile="/opt/TomCat/tomcat/conf/ssl/tc_keystore.jks"
>>
>> keystorePass="4bidden!"
>>
>> clientAuth="want"
>>
>> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>>
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>>
>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>>
>> TLS_RSA_WITH_AES_256_CBC_SHA256,
>>
>> TLS_RSA_WITH_AES_256_GCM_SHA384"
>>
>> maxHttpHeaderSize="8192"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> server="USPS"
>>
>> enableLookups="false" />
>>
>>
>>
>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>>
>> <!--
>>
>> <Connector port="8009" protocol="AJP/1.3"
>>
>> connectionTimeout="20000"
>>
>> protocol="AJP/1.3"
>>
>> redirectPort="9443"
>>
>> allowTrace="false"
>>
>> xpoweredBy="false"
>>
>> enableLookups="false" />
>>
>> -->
>>
>>
>>
>> <!-- An Engine represents the entry point (within Catalina) that
>> processes
>>
>> every request. The Engine implementation for Tomcat stand
>> alone
>>
>> analyzes the HTTP headers included with the request, and
>> passes them
>>
>> on to the appropriate Host (virtual host).
>>
>> Documentation at /docs/config/engine.html -->
>>
>>
>>
>> <!-- You should set jvmRoute to support load-balancing via AJP ie :
>>
>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
>>
>> -->
>>
>> <Engine name="Catalina" defaultHost="localhost">
>>
>>
>>
>> <!--For clustering, please take a look at documentation at:
>>
>> /docs/cluster-howto.html (simple how to)
>>
>> /docs/config/cluster.html (reference documentation) -->
>>
>> <!--
>>
>> <Cluster
>> className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
>> -->
>>
>>
>>
>> <!-- Use the LockOutRealm to prevent attempts to guess user
>> passwords
>>
>> via a brute-force attack -->
>>
>> <Realm className="org.apache.catalina.realm.LockOutRealm">
>>
>>
>>
>> <!-- This Realm uses the UserDatabase configured in the global
>> JNDI
>>
>> resources under the key "UserDatabase". Any edits
>>
>> that are performed against this UserDatabase are
>> immediately
>>
>> available for use by the Realm. -->
>>
>> <!--
>>
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>>
>> resourceName="UserDatabase"/>
>>
>> -->
>>
>> &LDAP_realm;
>>
>> </Realm>
>>
>>
>>
>> <Host name="localhost"
>>
>> appBase="webapps"
>>
>> unpackWARs="true"
>>
>> deployOnStartup="false"
>>
>> autoDeploy="false">
>>
>>
>>
>> <Context path=""
>>
>> docBase="/opt/TomCat/tomcat/webapps/ROOT"
>>
>> debug="0"
>>
>> privileged="true">
>>
>> </Context>
>>
>>
>>
>> <Context path="/TOPS-WEB"
>>
>> docBase="/opt/TomCat/tomcat/webapps/TOPS-WEB"
>>
>> debug="0"
>>
>> privileged="true">
>>
>> <Resource name="jdbc/TOPSDB"
>>
>> auth="Container"
>>
>> type="javax.sql.DataSource"
>>
>> driverClassName="oracle.jdbc.OracleDriver"
>>
>> inactiveConnectionTimeout="120"
>>
>> maxPoolSize="20"
>>
>> minPoolSize="1"
>>
>> password="g3td0wn"
>>
>> url="jdbc:oracle:thin:@
>> (DESCRIPTION=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS_LIST=(LOAD_BALANCE
>> =ON)(ADDRESS=(PROTOCOL=tcp)(HOST=eag
>>
>>
>> nmnmed4c2)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=eagnmnmed4c3)(PORT=
>> 1521)))(CONNECT_DATA=(SERVICE_NAME=
>> dtops.usps.gov)))"
>>
>> username="TOPS_ADMIN"
>>
>> validateConnectionOnBorrow="true"/>
>>
>> </Context>
>>
>>
>>
>> <!-- SingleSignOn valve, share authentication between web applications
>>
>> Documentation at: /docs/config/valve.html -->
>>
>> <!--
>>
>> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
>> />
>>
>> -->
>>
>>
>>
>> <!-- Access log processes all example.
>>
>> Documentation at: /docs/config/valve.html
>>
>> Note: The pattern used is equivalent to using
>> pattern="common" -->
>>
>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>> directory="logs"
>>
>> prefix="localhost_access_log" suffix=".txt"
>>
>> pattern="%h %l %u %t "%r" %s %b" />
>>
>>
>>
>> </Host>
>>
>> </Engine>
>>
>> </Service>
>>
>> </Server>
>>
>>
>>
>>
>>
>>
>>
>> atadmin@eagnmnmed1f45:/opt/TomCat/tomcat/conf>more LDAP_realm.xml
>>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>>
>> connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
>>
>> connectionName="wasdev2@devsub.dev.dce.usps.gov"
>>
>> connectionPassword="F0rkedup"
>>
>> authentication="simple"
>>
>> referrals="ignore"
>>
>> userSearch="(sAMAccountName={0})"
>>
>> userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>>
>> userSubtree="true"
>>
>> roleSearch="(member={0})"
>>
>> roleName="cn"
>>
>> roleSubtree="true"
>>
>> roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
>>
>> adCompat="true"
>>
>> />
>>
>>
>>
>>
>>
>> Thanks
>>
>> Gary
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org