[
https://issues.apache.org/jira/browse/KNOX-2473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
李远锋 updated KNOX-2473:
----------------------
Description:
When I plan to use Knox proxying Tomcat,I met a error in browser, but when I
use browser to get request from Tomcat directly, it is correct :
!knox tomcat.png!
{code:java}
// code placeholder
https://localhost:8443/gateway/tomcat/tomcatui/index.jsp
{code}
{code:java}
// code placeholder
HTTP ERROR 500 javax.servlet.ServletException: javax.servlet.ServletException:
org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity
error.URI:/gateway/tomcat/tomcatui/index.jspSTATUS:500MESSAGE:javax.servlet.ServletException:
javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.SERVLET:tomcat-knox-gateway-servletCAUSED
BY:javax.servlet.ServletException: javax.servlet.ServletException:
org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.CAUSED BY:javax.servlet.ServletException:
org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.CAUSED BY:org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.CAUSED BY:java.security.PrivilegedActionException:
java.io.IOException: Service connectivity error.CAUSED BY:java.io.IOException:
Service connectivity error.
{code}
the service.xml is:
{code:java}
// code placeholder
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<service role="TOMCAT" name="tomcat" version="9.0">
<routes>
<route path="/tomcatui/">
</route> <route path="/tomcatui/**">
</route> <route path="/tomcatui/**?**">
</route> </routes>
</service>
{code}
the rewriete.xml is:
{code:java}
// code placeholder
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<rules>
<!-- Inbound rewrite rules -->
<rule dir="IN" name="TOMCAT/root/inbound"
pattern="*://*:*/**/tomcatui/">
<rewrite template="{$serviceUrl[TOMCAT]}/"/>
</rule>
<rule dir="IN" name="TOMCAT/root/inbound"
pattern="*://*:*/**/tomcatui/index.jsp">
<rewrite template="{$serviceUrl[TOMCAT]}/index.jsp"/>
</rule>
<rule dir="IN" name="TOMCAT/path/inbound"
pattern="*://*:*/**/tomcatui/{**}">
<rewrite template="{$serviceUrl[TOMCAT]}/{**}"/>
</rule> <rule dir="IN" name="TOMCAT/full/inbound"
pattern="*://*:*/**/tomcatui/{**}?{**}">
<rewrite template="{$serviceUrl[TOMCAT]}/{**}?{**}"/>
</rule> <rule dir="IN" name="TOMCAT/full/inbound"
pattern="*://*:*/**/tomcatui/{path=**}?{**}">
<rewrite template="{$serviceUrl[TOMCAT]}/{path=**}?{**}"/>
</rule>
<rules>
{code}
the $KNOX_HOME/conf/topologies/tomcat.xml is:
{code:java}
// code placeholder
<topology>
<gateway>
<provider>
<role>authentication</role>
<name>ShiroProvider</name>
<enabled>true</enabled>
<param>
<name>sessionTimeout</name>
<value>30</value>
</param>
<param>
<name>main.ldapRealm</name>
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
</param>
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://localhost:33389</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.authenticationMechanism</name>
<value>simple</value>
</param>
<param>
<name>urls./**</name>
<value>authcBasic</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
</gateway> <service>
<role>TOMCAT</role>
<url>http://hdp:8080</url>
</service>
</topology>
{code}
was:
When I plan to use Knox proxying Tomcat,I met a error in browser:
{code:java}
// code placeholder
https://localhost:8443/gateway/tomcat/tomcatui/index.jsp
{code}
{code:java}
// code placeholder
HTTP ERROR 500 javax.servlet.ServletException: javax.servlet.ServletException:
org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity
error.URI:/gateway/tomcat/tomcatui/index.jspSTATUS:500MESSAGE:javax.servlet.ServletException:
javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.SERVLET:tomcat-knox-gateway-servletCAUSED
BY:javax.servlet.ServletException: javax.servlet.ServletException:
org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.CAUSED BY:javax.servlet.ServletException:
org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.CAUSED BY:org.apache.shiro.subject.ExecutionException:
java.security.PrivilegedActionException: java.io.IOException: Service
connectivity error.CAUSED BY:java.security.PrivilegedActionException:
java.io.IOException: Service connectivity error.CAUSED BY:java.io.IOException:
Service connectivity error.
{code}
the service.xml is:
{code:java}
// code placeholder
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<service role="TOMCAT" name="tomcat" version="9.0">
<routes>
<route path="/tomcatui/">
</route> <route path="/tomcatui/**">
</route> <route path="/tomcatui/**?**">
</route> </routes>
</service>
{code}
the rewriete.xml is:
{code:java}
// code placeholder
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<rules>
<!-- Inbound rewrite rules -->
<rule dir="IN" name="TOMCAT/root/inbound"
pattern="*://*:*/**/tomcatui/">
<rewrite template="{$serviceUrl[TOMCAT]}/"/>
</rule>
<rule dir="IN" name="TOMCAT/root/inbound"
pattern="*://*:*/**/tomcatui/index.jsp">
<rewrite template="{$serviceUrl[TOMCAT]}/index.jsp"/>
</rule>
<rule dir="IN" name="TOMCAT/path/inbound"
pattern="*://*:*/**/tomcatui/{**}">
<rewrite template="{$serviceUrl[TOMCAT]}/{**}"/>
</rule> <rule dir="IN" name="TOMCAT/full/inbound"
pattern="*://*:*/**/tomcatui/{**}?{**}">
<rewrite template="{$serviceUrl[TOMCAT]}/{**}?{**}"/>
</rule> <rule dir="IN" name="TOMCAT/full/inbound"
pattern="*://*:*/**/tomcatui/{path=**}?{**}">
<rewrite template="{$serviceUrl[TOMCAT]}/{path=**}?{**}"/>
</rule>
<rules>
{code}
the $KNOX_HOME/conf/topologies/tomcat.xml is:
{code:java}
// code placeholder
<topology>
<gateway>
<provider>
<role>authentication</role>
<name>ShiroProvider</name>
<enabled>true</enabled>
<param>
<name>sessionTimeout</name>
<value>30</value>
</param>
<param>
<name>main.ldapRealm</name>
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
</param>
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://localhost:33389</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.authenticationMechanism</name>
<value>simple</value>
</param>
<param>
<name>urls./**</name>
<value>authcBasic</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
</gateway> <service>
<role>TOMCAT</role>
<url>http://localhost:8080</url>
</service>
</topology>
{code}
> Problem with using KNOX to proxy Tomcat
> ---------------------------------------
>
> Key: KNOX-2473
> URL: https://issues.apache.org/jira/browse/KNOX-2473
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.4.0
> Reporter: 李远锋
> Priority: Major
> Attachments: knox tomcat.png
>
>
> When I plan to use Knox proxying Tomcat,I met a error in browser, but when I
> use browser to get request from Tomcat directly, it is correct :
> !knox tomcat.png!
> {code:java}
> // code placeholder
> https://localhost:8443/gateway/tomcat/tomcatui/index.jsp
> {code}
> {code:java}
> // code placeholder
> HTTP ERROR 500 javax.servlet.ServletException:
> javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException:
> java.security.PrivilegedActionException: java.io.IOException: Service
> connectivity
> error.URI:/gateway/tomcat/tomcatui/index.jspSTATUS:500MESSAGE:javax.servlet.ServletException:
> javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException:
> java.security.PrivilegedActionException: java.io.IOException: Service
> connectivity error.SERVLET:tomcat-knox-gateway-servletCAUSED
> BY:javax.servlet.ServletException: javax.servlet.ServletException:
> org.apache.shiro.subject.ExecutionException:
> java.security.PrivilegedActionException: java.io.IOException: Service
> connectivity error.CAUSED BY:javax.servlet.ServletException:
> org.apache.shiro.subject.ExecutionException:
> java.security.PrivilegedActionException: java.io.IOException: Service
> connectivity error.CAUSED BY:org.apache.shiro.subject.ExecutionException:
> java.security.PrivilegedActionException: java.io.IOException: Service
> connectivity error.CAUSED BY:java.security.PrivilegedActionException:
> java.io.IOException: Service connectivity error.CAUSED
> BY:java.io.IOException: Service connectivity error.
> {code}
> the service.xml is:
> {code:java}
> // code placeholder
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <service role="TOMCAT" name="tomcat" version="9.0">
> <routes>
> <route path="/tomcatui/">
> </route> <route path="/tomcatui/**">
> </route> <route path="/tomcatui/**?**">
> </route> </routes>
> </service>
> {code}
> the rewriete.xml is:
> {code:java}
> // code placeholder
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <rules>
> <!-- Inbound rewrite rules -->
> <rule dir="IN" name="TOMCAT/root/inbound"
> pattern="*://*:*/**/tomcatui/">
> <rewrite template="{$serviceUrl[TOMCAT]}/"/>
> </rule>
> <rule dir="IN" name="TOMCAT/root/inbound"
> pattern="*://*:*/**/tomcatui/index.jsp">
> <rewrite template="{$serviceUrl[TOMCAT]}/index.jsp"/>
> </rule>
> <rule dir="IN" name="TOMCAT/path/inbound"
> pattern="*://*:*/**/tomcatui/{**}">
> <rewrite template="{$serviceUrl[TOMCAT]}/{**}"/>
> </rule> <rule dir="IN" name="TOMCAT/full/inbound"
> pattern="*://*:*/**/tomcatui/{**}?{**}">
> <rewrite template="{$serviceUrl[TOMCAT]}/{**}?{**}"/>
> </rule> <rule dir="IN" name="TOMCAT/full/inbound"
> pattern="*://*:*/**/tomcatui/{path=**}?{**}">
> <rewrite template="{$serviceUrl[TOMCAT]}/{path=**}?{**}"/>
> </rule>
> <rules>
> {code}
> the $KNOX_HOME/conf/topologies/tomcat.xml is:
> {code:java}
> // code placeholder
> <topology>
> <gateway>
> <provider>
> <role>authentication</role>
> <name>ShiroProvider</name>
> <enabled>true</enabled>
> <param>
> <name>sessionTimeout</name>
> <value>30</value>
> </param>
> <param>
> <name>main.ldapRealm</name>
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
> </param>
> <param>
> <name>main.ldapRealm.userDnTemplate</name>
> <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
> </param>
> <param>
> <name>main.ldapRealm.contextFactory.url</name>
> <value>ldap://localhost:33389</value>
> </param>
> <param>
> <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
> <value>simple</value>
> </param>
> <param>
> <name>urls./**</name>
> <value>authcBasic</value>
> </param>
> </provider>
> <provider>
> <role>identity-assertion</role>
> <name>Default</name>
> <enabled>true</enabled>
> </provider>
> </gateway> <service>
> <role>TOMCAT</role>
> <url>http://hdp:8080</url>
> </service>
> </topology>
> {code}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
