Filippo Machi wrote:
we're using tomcat 7.0.12
Ok.
1) You have serverA running Tomcat, and Tomcat listens on port 8080.
The (network) IP address of serverA is : ........
85.214.x.x
(apart from the loopback address 127.0.0.1)
This Tomcat has some IP-based access Valve which :
we have a filter, not a valve, (a class implementing javax.servlet.Filter)
that authenticates incoming request
according to:
- a particular key contained as parameter in the request
- the ip of the incoming request
- a cookie
those checks are applied in the exact order I listed them, if all of them
fails, then the user
is redirected to the login page as follows
request.getServletContext()
.getRequestDispatcher(LOGIN_PAGE_REDIRECT_URL)
.forward(request, response);
I don't know whether it matters but we have a chain of filters and the
authorization one I described is applied
after a filter that, in some cases perform a forward
request.getServletContext().getRequestDispatcher(remappedResource).forward(request,
response);
but I think it shouldn't be the cause of the issue...
- for requests from 127.0.0.1, allows them through without authentication
- for requests /not/ from 127.0.0.1, requires authentication in the form of
a cookie, and if that cookie is not present, returns a login page.
The requester IP address is obtained by the Valve using the
getRemoteAddress() method.
2) On the same serverA, there is a cron job which runs from time to time.
This cron job runs a PHP script, which
- connects to "127.0.0.1:8080"
- sends a HTTP request over that connection, directed to a specific Tomcat
application
- receives a response from Tomcat
3) there are also other clients (not on serverA), which access other
applications (or the same application) on serverA/Tomcat directly, by
addressing their requests to ?
(IP or name).
there are other clients (browsers) accessing serverA using the server name
(it cannot be 127.0.0.1:8080, since these clients are not on serverA)
The IP's of those clients are :
something like 93.35.x.x
And what you are seeing in the logs, is that from time to time, a request
which seems to come from the PHP script (and should thus have a client IP
address of 127.0.0.1 and go through without authentication), instead seems
to come from another IP (and thus is caught by the Valve and returns a login
page).
And you also see this in the log of the PHP script : it shows that it
receives a login page, instead of the expected response. (*)
Yes, that's exactely what we're experiencing (the only detail that differs
it's that authentication is performed by a filter, not a valve)
One more question : this IP-filter Valve, is that something written
in-house ?
Yes, we coded the filter.
I do not see anything particularly wrong in the server.xml which you sent.
But it does confirm that you have a single <Host> in Tomcat.
One additional question :
The crontab PHP script sends a request to Tomcat from time to time.
Is that request directed to a specific application that only the PHP script is using, or
is that same application also used by other clients ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
