On Mar 20, 2012 5:26 PM, "Pid *" <p...@pidster.com> wrote: > > On 20 Mar 2012, at 00:43, Martin Gainty <mgai...@hotmail.com> wrote: > > > > > i would make sure you're welcome-file and form-login-page and url-pattern are all located in the same spot > > And that's an example of why people shouldn't listen to your advice, > which is wrong (again). > > > > <welcome-file>/WEB-INF/x/login.jsp</welcome-file> > > Never do the above. > > > > <form-login-page>/WEB-INF/x/login.jsp</form-login-page> > > The above is what I said. > > > > <url-pattern>/WEB-INF/x/suites.jsp</url-pattern> > > This is nonsense. Answers on a postcard as to why. > > > > any reason why you're placing your jsps under WEB-INF instead of in the usual location of webapps/webAppName? > > a) they're the login form/error page and aren't supposed to be > accessed directly. > > b) because that's a good place to put views that are forwarded to by a > controller, and aren't otherwise supposed to be accessed directly. > > > p > > > > > > Martin > > ______________________________________________ > > Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > > Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > > > > > >> From: neilmu...@gmail.com > >> Date: Mon, 19 Mar 2012 10:35:54 +0000 > >> Subject: Re: Tomcat, JSP and LDAP > >> To: users@tomcat.apache.org > >> > >> On 18 March 2012 18:04, Pid <p...@pidster.com> wrote: > >>> On 18/03/2012 13:34, Neil Munro wrote: > >>> > >>> <snip> > >>> > >>>> As for moving my login and fail_login jsp to web-inf the pages could not be > >>>> located and a had a go working in the web.xml file pointing to a path > >>>> relative to /../web-inf/ or similar, I shall try again but I did try your > >>>> suggestion and will try again just to ensure I didn't simply make a typo. > >>> > >>> WEB-INF not web-inf. > >>> > >>> This will work: > >>> > >>> <!-- uses form-based authentication --> > >>> <login-config> > >>> <auth-method>FORM</auth-method> > >>> <form-login-config> > >>> <form-login-page>/WEB-INF/x/login.jsp</form-login-page> > >>> <form-error-page>/WEB-INF/x/fail_login.jsp</form-error-page> > >>> </form-login-config> > >>> </login-config> > >>> > >>> Substitute the 'x' for the directory of your choice. > >>> > >>> > >>> p > >> > >> This is the layout of my web.xml file: > >> > >> <?xml version="1.0" encoding="ISO-8859-1"?> > >> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web > >> Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > >> > >> <web-app version="2.4"> > >> <display-name>Regressions Web GUI: V2</display-name> > >> <description>A Web GUI for RIP regression test results: Version > >> 2.</description> > >> > >> <welcome-file-list> > >> <welcome-file>/WEB-INF/login/login.jsp</welcome-file> > >> </welcome-file-list> > >> > >> <!-- LDAP stuff, hopefully! --> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Public Area</web-resource-name> > >> <!-- Define the context-relative URL(s) to be protected --> > >> <!--url-pattern/jsp/*/url-pattern--> > >> </web-resource-collection> > >> <auth-constraint> > >> <!-- Anyone with one of the listed roles may access this area --> > >> <role-name>my company users</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Protected Area</web-resource-name> > >> <!-- Define the context-relative URL(s) to be protected --> > >> <url-pattern>/WEB-INF/login/suites.jsp</url-pattern> > >> <url-pattern>/WEB-INF/login/login.jsp</url-pattern> > >> <url-pattern>/WEB-INF/login/fail_login.jsp</url-pattern> > >> </web-resource-collection> > >> <auth-constraint> > >> <!-- Anyone with one of the listed roles may access this area --> > >> <role-name>my company users</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> <!-- uses form-based authentication --> > >> <login-config> > >> <auth-method>FORM</auth-method> > >> <form-login-config> > >> <form-login-page>/WEB-INF/login/login.jsp</form-login-page> > >> <form-error-page>/WEB-INF/login/fail_login.jsp</form-error-page> > >> </form-login-config> > >> </login-config> > >> > >> <!-- Security roles referenced by this web application --> > >> <security-role> > >> <role-name>my company users</role-name> > >> </security-role> > >> </web-app> > >> > >> There is a login directory under WEB-INF with the files inside it, but > >> I just get a 404 error when I try to access the pages that way, I > >> don't understand how this format works, if /login.jsp refers to the > >> login.jsp file located under the jsp directory, how does /WEB-INF mean > >> the WEB-INF directory at the same level as jsp and not a directory > >> inside jsp called WEB-INF? > >> > >> I have been informed there's a global user in the system that can be > >> used to make the initial connection, so my realm config looks like > >> this now: > >> <Realm className="org.apache.catalina.realm.JNDIRealm" > >> connectionName="uid=connectuser,ou=my company users,dc=mycompany,dc=com" > >> connectionPassword="parliament" > >> connectionURL="ldap://my.ldap.server"; > >> alternateURL="ldap://my.ldap.server"; > >> userBase="ou=my company users,dc=mycompany,dc=com" > >> userSearch="(sAMAccountName={0})" > >> userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" > >> userPassword="userpassword" > >> roleBase="ou=my company users,dc=mycompany,dc=com" > >> roleSubtree="true" > >> roleName="cn" > >> roleSearch="(uniqueMember={0})" > >> /> > >> > >> By working what I mean is that with the connection user in place, I > >> get a list of users populating the selection box in the html page so > >> the query runs and returns what I expect it to, but I still cannot get > >> the system to verify a user and take them to a page inside the web > >> app. > >> > >> I have appended the logging level line and done as you suggested, here > >> is the log output: > >> > >> > >> 2012-03-19 10:24:04 Commons Daemon procrun stderr initialized > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.core.AprLifecycleListener init > >> INFO: The APR based Apache Tomcat Native library which allows optimal > >> performance in production environments was not found on the > >> java.library.path: <removed for space reasons> > >> Mar 19, 2012 10:24:05 AM org.apache.coyote.http11.Http11Protocol init > >> INFO: Initializing Coyote HTTP/1.1 on http-80 > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.Catalina load > >> INFO: Initialization processed in 352 ms > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.core.StandardService start > >> INFO: Starting service Catalina > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.core.StandardEngine start > >> INFO: Starting Servlet Engine: Apache Tomcat/6.0.35 > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.realm.RealmBase init > >> FINE: Register Realm Catalina:type=Realm,realmPath=/realm0 > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployDescriptor > >> INFO: Deploying configuration descriptor host-manager.xml > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployDescriptor > >> INFO: Deploying configuration descriptor manager.xml > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployWAR > >> INFO: Deploying web application archive regressions.war > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployDirectory > >> INFO: Deploying web application directory docs > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployDirectory > >> INFO: Deploying web application directory examples > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.HostConfig deployDirectory > >> INFO: Deploying web application directory ROOT > >> Mar 19, 2012 10:24:05 AM org.apache.coyote.http11.Http11Protocol start > >> INFO: Starting Coyote HTTP/1.1 on http-80 > >> Mar 19, 2012 10:24:05 AM org.apache.jk.common.ChannelSocket init > >> INFO: JK: ajp13 listening on /0.0.0.0:8009 > >> Mar 19, 2012 10:24:05 AM org.apache.jk.server.JkMain start > >> INFO: Jk running ID=0 time=0/19 config=null > >> Mar 19, 2012 10:24:05 AM org.apache.catalina.startup.Catalina start > >> INFO: Server startup in 668 ms > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:10 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: No applicable constraint located > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET / --> false > >> Mar 19, 2012 10:24:11 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: No applicable constraint located > >> > >> > >> It looks to me (admittedly no expert) that it's unable to find > >> something, I presume that with me using files stored in WEB-INF/login > >> and getting a 404 error that this is all related. I moved the files > >> from WEB-INF/login back to JSP and tried again getting this: > >> > >> 2012-03-19 10:28:41 Commons Daemon procrun stderr initialized > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.core.AprLifecycleListener init > >> INFO: The APR based Apache Tomcat Native library which allows optimal > >> performance in production environments was not found on the > >> java.library.path: <removed for space reasons> > >> Mar 19, 2012 10:28:42 AM org.apache.coyote.http11.Http11Protocol init > >> INFO: Initializing Coyote HTTP/1.1 on http-80 > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.Catalina load > >> INFO: Initialization processed in 353 ms > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.core.StandardService start > >> INFO: Starting service Catalina > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.core.StandardEngine start > >> INFO: Starting Servlet Engine: Apache Tomcat/6.0.35 > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.realm.RealmBase init > >> FINE: Register Realm Catalina:type=Realm,realmPath=/realm0 > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployDescriptor > >> INFO: Deploying configuration descriptor host-manager.xml > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployDescriptor > >> INFO: Deploying configuration descriptor manager.xml > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployWAR > >> INFO: Deploying web application archive regressions.war > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployDirectory > >> INFO: Deploying web application directory docs > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployDirectory > >> INFO: Deploying web application directory examples > >> Mar 19, 2012 10:28:42 AM org.apache.catalina.startup.HostConfig deployDirectory > >> INFO: Deploying web application directory ROOT > >> Mar 19, 2012 10:28:43 AM org.apache.coyote.http11.Http11Protocol start > >> INFO: Starting Coyote HTTP/1.1 on http-80 > >> Mar 19, 2012 10:28:43 AM org.apache.jk.common.ChannelSocket init > >> INFO: JK: ajp13 listening on /0.0.0.0:8009 > >> Mar 19, 2012 10:28:43 AM org.apache.jk.server.JkMain start > >> INFO: Jk running ID=0 time=0/14 config=null > >> Mar 19, 2012 10:28:43 AM org.apache.catalina.startup.Catalina start > >> INFO: Server startup in 659 ms > >> Mar 19, 2012 10:28:53 AM org.apache.catalina.startup.HostConfig checkResources > >> INFO: Undeploying context [/regressions] > >> Mar 19, 2012 10:28:53 AM org.apache.catalina.startup.HostConfig deployWAR > >> INFO: Deploying web application archive regressions.war > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET //login.jsp --> false > >> Mar 19, 2012 10:28:55 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: No applicable constraint located > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Public Area]' against > >> GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: Checking constraint 'SecurityConstraint[Protected Area]' > >> against GET /css/button.png --> false > >> Mar 19, 2012 10:28:56 AM org.apache.catalina.realm.RealmBase > >> findSecurityConstraints > >> FINE: No applicable constraint located > >> Mar 19, 2012 10:29:13 AM org.apache.coyote.http11.Http11Protocol pause > >> INFO: Pausing Coyote HTTP/1.1 on http-80 > >> Mar 19, 2012 10:29:14 AM org.apache.catalina.core.StandardService stop > >> INFO: Stopping service Catalina > >> Mar 19, 2012 10:29:14 AM org.apache.catalina.realm.RealmBase destroy > >> FINE: unregistering realm Catalina:type=Realm,realmPath=/realm0 > >> Mar 19, 2012 10:29:14 AM org.apache.coyote.http11.Http11Protocol destroy > >> INFO: Stopping Coyote HTTP/1.1 on http-80 > >> > >> I can see that since I no longer get a 404 error and that the files > >> are being listed now that I was correct in that files were not being > >> found for whatever reasons, however I was dedirected back to the > >> failed login page after trying to access the suites.jsp page. I don't > >> see anything in the log about failing to authenticate a user or > >> anything like that. > >> > >> I am guessing that perhaps the passwords are not being checked or sent > >> correctly for authentication, I know that sometimes tomcat doesn't > >> allow plain text passwords, but I am more tempted to think that > >> perhaps I still have a misconfigured server.xml file to check the > >> entered details. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
I'd like to thank everyone for their help, we got the issue solved, turns out our ldap system ou=group had no users in it, we solved that, followed a tutorial again and that fixed it, can now use the jndi realm as expected. Apologies for posting weird configs, I was trying anything and everything, but was something beyond my control. Once again thank you for the help.
