How do I control the logging of username/password in tomcat logs when a user
logs into the tomcat website. There are no logging statements in my servlet
to print this data and there is no code to catch the login request . Each time
a user logs into the website , the username and password are logged. I am
running tomcat 4.1 on debian with Tomcat/Apache JK2 Connector and log4j. I
am using .Form Based Authentication using Memory Realm via tomcat-users.xml
file. I have also noticed that when I upload a file using multipart/form
data on http Post request to servlet, the complete contents of the file gets
logged in the tomcat logs in the same way. The log entry looks lilke a dump
of the http data. I have been googling the Internet trying to solve this one
and looking through the tomcat docs but cannot find any place where the logging
level controls this data in http content from dumping to the tomcat logs. Any
ideas would be appreciated.
Here is the contents of the statement I am trying to remove in my catalina.log
that appears when I login as username "demo" and password "dddd".
---
12 34 00 21 00 1f 6a 5f 75 73 65 72 6e 61 6d 65 | .4.!..j_username
3d 64 65 6d 6f 26 6a 5f 70 61 73 73 77 6f 72 64 | =demo&j_password
3d 64 64 64 64 | =dddd
--
Here is the server.xml for 4.1 Debian, vorlab is the context:
<server port ="8005" shutdown="SHUTDOWN " debug="0"/>
<!-- Uncomment these entries to enable JMX MBeans support -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Tomcat-Standalone">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.
-->
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8180 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8180" minProcessors="5" maxProcessors="75"
enableLookups="true" acceptCount="10" debug="0"
connectionTimeout="20000" useURIValidationHack="false" />
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" minProcessors="5" maxProcessors="75"
enableLookups="true" acceptCount="10" debug="0"
connectionTimeout="20000" useURIValidationHack="false" />
<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8009" minProcessors="5" maxProcessors="75"
enableLookups="true" acceptCount="10" debug="0"
connectionTimeout="20000" useURIValidationHack="false"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->
<!-- Define the top level container in our container hierarchy -->
<Engine name="Standalone" defaultHost="localhost" debug="0">
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_" suffix=".log" timestamp="true"/>
<!-- Because this Realm is here, an instance will be shared globally -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host -->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- Logger shared by all Contexts related to this virtual host. -->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_" suffix=".log"
timestamp="true"/>
<!-- Allow symlinks for the tomcat-docs webapp. This is required in
the Debian packages to make the Servlet/JSP API docs work. -->
<Context path="/tomcat-docs" docBase="tomcat-docs" debug="0">
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true" />
</Context>
<Context path="" docBase="ROOT" debug="0">
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true" />
</Context>
<Context className="org.apache.catalina.core.StandardContext"
allowLinking="true" backgroundProcessorDelay="-1" cachingAllowed="true"
charsetMapperClass="org.apache.catalina.util.CharsetMapper" cookies="true"
crossContext="false" debug="0" docBase="/projects/vorl" domain="Catalina"
engineName="Catalina" j2EEApplication="none" j2EEServer="none" lazy="true"
managerChecksFrequency="6" path="/vorlab" privileged="false" reloadable="false"
startupTime="0" swallowOutput="false" tldScanTime="0" useNaming="true"
wrapperClass="org.apache.catalina.core.StandardWrapper">
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true"/>
<Resource name="jdbc/MYSQLDB"
auth="Container"
type="javax.sql.DataSource"/>
<ResourceParams name="jdbc/MYSQLDB">
<parameter>
<name>factory</name>
<value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
</parameter>
<!-- Class name for mm.mysql JDBC driver -->
<parameter>
<name>driverClassName</name>
<value>com.mysql.jdbc.Driver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:mysql://localhost/vorlab?autoReconnect=true&zeroDateTimeBehavior=convertToNull&jdbcCompliantTruncation=false</value>
</parameter>
</ResourceParams></Context>
</Host>
</Engine>
</Service>
</Server>
Here is the relevant web.xml:
<?xml version="1.0" encoding="ISO-8859-1" ?>
- <web-app>
<display-name>VORLAB</display-name>
<description>WebSite</description>
- <resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/MYSQLDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
- <servlet>
<servlet-name>dblist</servlet-name>
<display-name>The work-horse servlet</display-name>
<description>The work-horse servlet</description>
<servlet-class>biotree.http.HttpList</servlet-class>
- <init-param>
<param-name>propFile</param-name>
<param-value>access.properties</param-value>
</init-param>
</servlet>
<servlet-name>logconfig</servlet-name>
<display-name>The logging servlet</display-name>
<description>The logging servlet</description>
<servlet-class>LogServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
- <servlet-mapping>
<servlet-name>dblist</servlet-name>
<url-pattern>/dblist</url-pattern>
</servlet-mapping>
- <servlet-name>logconfig</servlet-name>
<url-pattern>/logconfig</url-pattern>
</servlet-mapping>
- <security-constraint>
- <web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
- <auth-constraint>
<role-name>provider</role-name>
</auth-constraint>
</security-constraint>
- <login-config>
<auth-method>FORM</auth-method>
<realm-name>JDBCRealm</realm-name>
- <form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
</web-app>
Thanks for your input,
Terry
