On Mon, Jan 27, 2014 at 3:17 PM, Konstantin Kolinko
<knst.koli...@gmail.com> wrote:
> 2014-01-27 Marco Pizzoli <marco.pizz...@gmail.com>:
>> Hi all,
>> I'm fairly new to Tomcat and to this mailing list, so apologies in
>> advance if not being clear in explaining my problem.
>>
>> I'm tasked with the implementation of JAAS for a web application by
>> leveraging the existing LDAP server (MSAD) present at our company.
>>
>> (...)
>> - I modified the server.xml by defining the Realm [5]
>> (...)
>> [5] This is the line I added inside <Engine>
>> <Realm className="org.apache.catalina.realm.JAASRealm"
>> appName="testPrincipals" debug="9"/>
>
> 1. Beware that only one Realm is allowed in an Engine.
>
> There is one defined there by default. You should have replaced it,
> not added a new one.
>
> http://svn.apache.org/viewvc?view=revision&revision=1556784
>
> 2. If you want to run with a debugger
> https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
> Best regards,
> Konstantin Kolinko
Thanks Konstantin,
now I made one step further, I think.
I defined a context within my application META-INF/context.xml .
Now in catalina.err I am able to see an error:
[cut]
configfile: reading file:/opt/tomcat/conf/jaas.config
configparser: Reading next config entry: GERONIMO
configparser:
org.apache.geronimo.security.realm.providers.LDAPLoginModule, REQUIRED
configparser: connectionPassword=password
configparser: roleBase=DC=mydc
configparser:
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
configparser: roleName=cn
configparser: connectionProtocol=SSL
configparser: roleSearchMatching=member={0}
configparser: roleSearchSubtree=true
configparser: userRoleName=memberOf
configparser: authentication=simple
configparser: connectionUrl=ldaps://my.server.prod:636
configparser: userSearchSubtree=true
configparser:
connectionUsername=CN=my_ldap_read,OU=Service Accounts,DC=mydc
configparser: userBaseDC=mydc=
configparser: userSearchMatching=sAMAccountName={0}
configfile: overriding other policies!
Jan 27, 2014 5:18:10 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured
for testPrincipals
at javax.security.auth.login.LoginContext.init(LoginContext.java:273)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:418)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:166)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Could you help me understanding what I should check?
Thanks in advance again
Marco
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
