Are you sure this is your config? Your mail: "I am using .Form Based Authentication using Memory Realm via tomcat-users.xml file"
Your web.xml: "<login-config> <auth-method>FORM</auth-method> <realm-name>JDBCRealm</realm-name> " also, might be good if you check / send the context.xml of your webapp. This all looks to me like a request dump valve has been installed for debugging purpose. Greetings, David Delbecq Terry Orechia a écrit : > How do I control the logging of username/password in tomcat logs when a user > logs into the tomcat website. There are no logging statements in my servlet > to print this data and there is no code to catch the login request . Each > time a user logs into the website , the username and password are logged. > I am running tomcat 4.1 on debian with Tomcat/Apache JK2 Connector and > log4j. I am using .Form Based Authentication using Memory Realm via > tomcat-users.xml file. I have also noticed that when I upload a file using > multipart/form data on http Post request to servlet, the complete contents of > the file gets logged in the tomcat logs in the same way. The log entry > looks lilke a dump of the http data. I have been googling the Internet > trying to solve this one and looking through the tomcat docs but cannot find > any place where the logging level controls this data in http content from > dumping to the tomcat logs. Any ideas would be appreciated. > > >Here is the contents of the statement I am trying to remove in my catalina.log >that appears when I login as username "demo" and password "dddd". >--- >12 34 00 21 00 1f 6a 5f 75 73 65 72 6e 61 6d 65 | .4.!..j_username >3d 64 65 6d 6f 26 6a 5f 70 61 73 73 77 6f 72 64 | =demo&j_password >3d 64 64 64 64 | =dddd > >-- > >Here is the server.xml for 4.1 Debian, vorlab is the context: > <server port ="8005" shutdown="SHUTDOWN " debug="0"/> > <!-- Uncomment these entries to enable JMX MBeans support --> > <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" > debug="0"/> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" > debug="0"/> > > <!-- Global JNDI resources --> > <GlobalNamingResources> > > <!-- Test entry for demonstration purposes --> > <Environment name="simpleValue" type="java.lang.Integer" value="30"/> > > <!-- Editable user database that can also be used by > UserDatabaseRealm to authenticate users --> > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved"> > </Resource> > <ResourceParams name="UserDatabase"> > <parameter> > <name>factory</name> > <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> > </parameter> > <parameter> > <name>pathname</name> > <value>conf/tomcat-users.xml</value> > </parameter> > </ResourceParams> > > </GlobalNamingResources> > > <!-- Define the Tomcat Stand-Alone Service --> > <Service name="Tomcat-Standalone"> > > <!-- A "Connector" represents an endpoint by which requests are received > and responses are returned. Each Connector passes requests on to the > associated "Container" (normally an Engine) for processing. > --> > > <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8180 --> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8180" minProcessors="5" maxProcessors="75" > enableLookups="true" acceptCount="10" debug="0" > connectionTimeout="20000" useURIValidationHack="false" /> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8080" minProcessors="5" maxProcessors="75" > enableLookups="true" acceptCount="10" debug="0" > connectionTimeout="20000" useURIValidationHack="false" /> > > <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> > <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" > port="8009" minProcessors="5" maxProcessors="75" > enableLookups="true" acceptCount="10" debug="0" > connectionTimeout="20000" useURIValidationHack="false" > > protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> > > <!-- An Engine represents the entry point (within Catalina) that processes > every request. The Engine implementation for Tomcat stand alone > analyzes the HTTP headers included with the request, and passes them > on to the appropriate Host (virtual host). --> > > <!-- Define the top level container in our container hierarchy --> > <Engine name="Standalone" defaultHost="localhost" debug="0"> > > <!-- Global logger unless overridden at lower levels --> > <Logger className="org.apache.catalina.logger.FileLogger" > prefix="catalina_" suffix=".log" timestamp="true"/> > <!-- Because this Realm is here, an instance will be shared globally --> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > debug="0" resourceName="UserDatabase"/> > <!-- Define the default virtual host --> > <Host name="localhost" debug="0" appBase="webapps" > unpackWARs="true" autoDeploy="true"> > > <!-- Logger shared by all Contexts related to this virtual host. --> > <Logger className="org.apache.catalina.logger.FileLogger" > directory="logs" prefix="localhost_" suffix=".log" > timestamp="true"/> > > <!-- Allow symlinks for the tomcat-docs webapp. This is required in > the Debian packages to make the Servlet/JSP API docs work. --> > <Context path="/tomcat-docs" docBase="tomcat-docs" debug="0"> > <Resources className="org.apache.naming.resources.FileDirContext" > allowLinking="true" /> > </Context> > <Context path="" docBase="ROOT" debug="0"> > <Resources className="org.apache.naming.resources.FileDirContext" > allowLinking="true" /> > </Context> ><Context className="org.apache.catalina.core.StandardContext" >allowLinking="true" backgroundProcessorDelay="-1" cachingAllowed="true" >charsetMapperClass="org.apache.catalina.util.CharsetMapper" cookies="true" >crossContext="false" debug="0" docBase="/projects/vorl" domain="Catalina" >engineName="Catalina" j2EEApplication="none" j2EEServer="none" lazy="true" >managerChecksFrequency="6" path="/vorlab" privileged="false" >reloadable="false" startupTime="0" swallowOutput="false" tldScanTime="0" >useNaming="true" wrapperClass="org.apache.catalina.core.StandardWrapper"> ><Resources className="org.apache.naming.resources.FileDirContext" >allowLinking="true"/> ><Resource name="jdbc/MYSQLDB" > auth="Container" > type="javax.sql.DataSource"/> > <ResourceParams name="jdbc/MYSQLDB"> > <parameter> > <name>factory</name> > <value>org.apache.commons.dbcp.BasicDataSourceFactory</value> > </parameter> > <!-- Class name for mm.mysql JDBC driver --> > <parameter> > <name>driverClassName</name> > <value>com.mysql.jdbc.Driver</value> > </parameter> > <parameter> > <name>url</name> > > <value>jdbc:mysql://localhost/vorlab?autoReconnect=true&zeroDateTimeBehavior=convertToNull&jdbcCompliantTruncation=false</value> > </parameter> > </ResourceParams></Context> > </Host> > </Engine> > </Service> ></Server> > >Here is the relevant web.xml: > > <?xml version="1.0" encoding="ISO-8859-1" ?> >- <web-app> > <display-name>VORLAB</display-name> > <description>WebSite</description> >- <resource-ref> > <description>DB Connection</description> > <res-ref-name>jdbc/MYSQLDB</res-ref-name> > <res-type>javax.sql.DataSource</res-type> > <res-auth>Container</res-auth> > </resource-ref> >- <servlet> > <servlet-name>dblist</servlet-name> > <display-name>The work-horse servlet</display-name> > <description>The work-horse servlet</description> > <servlet-class>biotree.http.HttpList</servlet-class> >- <init-param> > <param-name>propFile</param-name> > <param-value>access.properties</param-value> > </init-param> > </servlet> > <servlet-name>logconfig</servlet-name> > <display-name>The logging servlet</display-name> > <description>The logging servlet</description> > <servlet-class>LogServlet</servlet-class> > <load-on-startup>1</load-on-startup> > </servlet> >- <servlet-mapping> > <servlet-name>dblist</servlet-name> > <url-pattern>/dblist</url-pattern> > </servlet-mapping> >- <servlet-name>logconfig</servlet-name> > <url-pattern>/logconfig</url-pattern> > </servlet-mapping> >- <security-constraint> >- <web-resource-collection> > <web-resource-name>test</web-resource-name> > <url-pattern>*</url-pattern> > </web-resource-collection> >- <auth-constraint> > <role-name>provider</role-name> > </auth-constraint> > </security-constraint> >- <login-config> > <auth-method>FORM</auth-method> > <realm-name>JDBCRealm</realm-name> >- <form-login-config> > <form-login-page>/login.html</form-login-page> > <form-error-page>/error.html</form-error-page> > </form-login-config> > </login-config> > </web-app> > > >Thanks for your input, >Terry > > > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
